|
ABSTRACT:
|
Real-world traffic traces are crucial for Internet research, but only a
very small percentage of traces collected are made public. One major
reason why traffic trace owners hesitate to make the traces publicly
available is the concern that confidential and private information may
be inferred from the trace. We focus on the problem of anonymizing IP
addresses in a trace. More specifically, we are interested in
prefix-preserving anonymization in which the prefix relationship among
IP addresses is preserved in the anonymized trace, making such a trace
usable in situations where prefix relationships are important. The goal
of our work is two fold. First, we develop a cryptography-based,
prefix-preserving anonymization technique that is provably as secure as
the existing well-known TCPdpriv scheme, and unlike TCPdpriv, provides
consistent prefix-preservation in large scale distributed
setting. Second, we evaluate the security properties inherent in all
prefix-preserving IP address anonymization schemes (including
TCPdpriv). Through the analysis of Internet backbone traffic traces, we
investigate the effect of some types of attacks on the security of any
prefix-preserving anonymization algorithm. We also derive results for
the optimum manner in which an attack should proceed, which provides a
bound on the effectiveness of attacks in general.
|