|
ABSTRACT:
|
Passive network measurement and packet header trace collection are vital
tools for network operation and research. To protect a user's privacy,
it is necessary to anonymize header fields, particularly IP
addresses. To preserve the correlation between IP addresses,
prefix-preserving anonymization has been proposed. The limitations of
this approach for a high-performance measurement system are the need for
complex cryptographic computations and potentially large amounts of
memory. We propose a new prefix-preserving anonymization algorithm,
top-hash subtree-replicated anonymization (TSA), that features three
novel improvements: precomputation, replicated subtrees, and top
hashing. TSA makes anonymization practical to be implemented on network
processors or dedicated logic at Gigabit rates. The performance of TSA
is compared with a conventional cryptography based prefix-preserving
anonymization scheme which utilizes caching. TSA performs better as it
requires no online cryptographic computation and a small number of
memory lookups per packet. Our analytic comparison of the susceptibility
to attacks between conventional anonymization and our approach shows
that TSA performs better for small scale attacks and comparably for
medium scale attacks. The processing cost for TSA is reduced by two
orders of magnitude and the memory requirements are a few Megabytes. The
ability to tune the memory requirements and security level makes TSA
ideal for a broad range of network systems with different capabilities.
|