Prefix-Preserving IP Address Anonymization: Measurement-based Security Evaluation and a New Cryptography-based Scheme - PowerPoint PPT Presentation

About This Presentation
Title:

Prefix-Preserving IP Address Anonymization: Measurement-based Security Evaluation and a New Cryptography-based Scheme

Description:

Prefix-Preserving IP Address Anonymization: Measurement-based Security Evaluation and a New Cryptography-based Scheme Jun Xu, Jinliang Fan, Mostafa Ammar, Sue Moon – PowerPoint PPT presentation

Number of Views:90
Avg rating:3.0/5.0
Slides: 21
Provided by: mtu72
Learn more at: https://www.csl.mtu.edu
Category:

less

Transcript and Presenter's Notes

Title: Prefix-Preserving IP Address Anonymization: Measurement-based Security Evaluation and a New Cryptography-based Scheme


1
Prefix-Preserving IP Address AnonymizationMeasur
ement-based Security Evaluation and a
NewCryptography-based Scheme
  • Jun Xu, Jinliang Fan, Mostafa Ammar, Sue Moon
  • College of Computing
    Sprint ATL
  • Georgia Tech

modified presented by Zihui Ge
2
Overview
  • Motivation
  • IP address anonymization
  • prefix-preserving
  • Prefix-preserving anonymization
  • canonical form
  • TCPdpriv
  • cryptography-based scheme
  • Attacks
  • models, analysis, evaluation

1
3
Motivation
  • Traces collected, to share or not to share?
  • client personal privacy?
  • commercial confidentiality?
  • IP address anonymization
  • 1.2.3.4 ? 8.4.3.6
  • one to one mapping, consistent
  • Prefix relationships among IP addresses?
  • important routing performance, clustering of
    end-systems
  • Prefix-preserving anonymization
  • 1.2.3.4 ? 8.4.3.6
  • 1.2.255.2 ? 8.4.9.6
  • preserve prefix correlation among addresses

1
4
IP Address Anonymization
  • Basic anonymization
  • a original 4-byte IP address a a1 a2 a32
  • a anonymized IP address aa1a2a32
  • F 1-to-1 mapping function aF(a)
  • Prefix preserving anonymization
  • if a, b share k-bit prefix
  • a1b1,a2b2, , akbk, ak1bk1
  • then aF(a), bF(b) share k-bit prefix
  • a1b1,a2b2, , akbk, ak1bk1

1
5
Canonical Form
  • Canonical construction of F using a series of fi
  • ai ai ? fi-1(a1, a2, , ai-1)
  • f0 is a constant
  • F is a prefix-preserving anonymization function
  • A prefix-preserving anonymization function
    necessarily takes this form
  • Different schemes use different fi
  • Visualized as a tree

1
6
Visualization Address Space
0
1
0
1
0
1
0100
0111
0101
0110
1000
1011
1001
1010
1100
1111
1101
1110
0000
0011
0001
0010
1
7
Visualization Original Address Tree
0
1
0
1
0
1
0100
0101
1000
1011
1111
1110
0000
0001
0010
1
8
Visualization Anonymization Function
f0()1
0
1
f1(1)0
f1(0)1
0
1
0
1
f2(0,0)0
Flip
Leaf Node
1
9
Visualization Anonymized Address Tree
0
1
0
1
0
1
0100
0101
1000
1011
1111
1110
0000
0001
0010
1
10
TCPdpriv
  • Sequentially scan IP address
  • look up prefix in history table
  • randomly choose suffix
  • concatenate prefix,suffix update history table

a1a2akak1aK2an
rand(a1a2akak1an)
1
11
TCPdpriv
  • Sequentially scan IP address
  • look up prefix in history table
  • randomly choose suffix
  • concatenate prefix,suffix update history table
  • Mapping is trace-dependent
  • Need to maintain a table to track previous
    mappings
  • table size grow over time
  • look up cost increase over time
  • Unable to process in parallel

1
12
New Crytography-Based Algorithm
fi(a1, a2, , ai-1) L(R(P(a1a2ai-1), K))
  • deterministic fi function
  • trace-independent
  • What PRF to use?
  • Practical bock ciphers, e.g., AES, can be
    modeled as PRP

1
13
Attacks on Anonymization Schemes
  • Cryptographic attacks
  • scheme specific
  • vulnerability comes from the specific
    construction of fi
  • TCPdpriv not susceptible
  • our scheme provable secure
  • Semantic attacks
  • common to all schemes
  • vulnerability comes from the canonical
    construction of F
  • effectiveness should be measured

1
14
Evaluation of Semantic Attacks
  • Metrics to measure effect of attacks
  • Virtual (but theoretically interesting) attacks
  • good measure of the resistance of a specific
    trace to semantic attacks in general
  • good relative reference points for measuring the
    effectiveness of practical attacks.
  • Practical attacks

1
15
Metrics to Measure Effect of Attacks
  • Measure of attack severity
  • U of unknown uncompressed bits
  • C of unknown compressed bits
  • Ki of addresses with exactly i known most
    significant bit

1
16
If an address is compromised
1000
1001
0010
0000
0110
0111
1???
1100
1101
1111
0010
000?
C9, U18, K14, K22, K32, K41
1
17
Evaluation on Real Traces
  • Measure the resistance of a specific trace to
    semantic attacks in general
  • Effect of compromising random address
  • Effect of compromising greedily-generated address

1
18
Effect of Compromising Random Addresses
1
19
Practical Attacks
  • Frequency Analysis
  • DNS Server Address Tracing
  • Others

1
20
Conclusions
  • Canonical form of constructing prefix-preserving
    anonymization function
  • New cryptography-based scheme
  • Framework of measuring the resistance of traces
    and the effectiveness of attacks
  • Implementation
  • http//www.cc.gatech.edu/computing/Telecomm/crypto
    pan/

1
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Prefix-Preserving IP Address Anonymization: Measurement-based Security Evaluation and a New Cryptography-based Scheme" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!