High-Speed Prefix-Preserving IP Address Anonymization for Passive Measurement Systems

Abstract: Abstract-Passive network measurement and packet header trace collection are vital tools for network operation and research. To protect a user's privacy, it is necessary to anonymize header fields, particularly IP addresses. To preserve the correlation between IP addresses, prefix-preserving anonymization has been proposed. The limitations of this approach for a highperformance measurement system are the need for complex cryptographic computations and potentially large amounts of memory. We propose a new prefix… Show more

“…These can, of course, be replaced by arbitrary numbers, but such a practice results in the loss of all the topological information embedded in the original addresses (e.g., different addresses that belong to the same subnet). The alternative is to use a prefix-preserving mapping that preserves the topological information [227,559]. However, exposing the topological data may in some cases compromise anonymity.…”

Workload Modeling for Computer Systems Performance Evaluation

“…These can, of course, be replaced by arbitrary numbers, but such a practice results in the loss of all the topological information embedded in the original addresses (e.g., different addresses that belong to the same subnet). The alternative is to use a prefix-preserving mapping that preserves the topological information [227,559]. However, exposing the topological data may in some cases compromise anonymity.…”

Workload Modeling for Computer Systems Performance Evaluation

“…As discussed in [127] and [91], the only way to achieve prefix-preserving encryption is to consider a binary prefix tree, T , where nodes indicate which bits need to be flipped during transformation. A cryptographic function is used to determine the state of each node in this "encryption tree" (i.e., white nodes indicating '0' or no flip and black nodes indicating flip or '1').…”

“…Therefore, maintaining prefixproperties at the top of the prefix tree leads to easy inference attacks. To address this problem, a technique call "top-hashing" [91] can be used to encrypt the first t bits of the address without using a tree but a 2 t → 2 t cryptographic, collision-free hash function, as shown in Figure 3.8. Top-hashing removes any correlation between prefixes in the first t bits and thereby improves the level of security achieved in T .…”

“…Prefix-preserving anonymization has been used to provide anonymity while still allowing analysis of traces [91,127]. Anonymization of packet headers and payloads using trace transformations based on a programming environment for policy scripts was introduced in [83].…”

Security issues in network virtualization for the future Internet

“…In general, it is desirable to use an anonymization mechanism that preserves as much of the relevant properties of the data field as possible. For IP address anonymization it is common to use "prefixpreserving" anonymization that maintains the subnet relationship between addresses while assigning pseudo-random network addresses [15,26,23]. The latter two anonymization algorithms can be initialized to generate a consistent anonymization across different nodes and thus are particularly suitable for distributed measurement.…”

An Architecture for Distributed Real-Time Passive Network Measurement