IP Flow Anonymisa/on Support dra6boschiipfixanon03 Elisa Boschi, - - PowerPoint PPT Presentation

ip flow anonymisa on support
SMART_READER_LITE
LIVE PREVIEW

IP Flow Anonymisa/on Support dra6boschiipfixanon03 Elisa Boschi, - - PowerPoint PPT Presentation

Aug 18, 2022 174 likes •285 views

IP Flow Anonymisa/on Support dra6boschiipfixanon03 Elisa Boschi, Brian Trammell Hitachi Europe, Zrich [See h&p://people.ee.ethz.ch/~boschie/dra7boschiipfixanon03.txt] Monday 23 March 2009, San Francisco,

slide-1
SLIDE 1

IP Flow Anonymisa/on Support

dra6‐boschi‐ipfix‐anon‐03

Elisa Boschi, Brian Trammell – Hitachi Europe, Zürich

[See h&p://people.ee.ethz.ch/~boschie/dra7‐boschi‐ipfix‐anon‐03.txt]

Monday 23 March 2009, San Francisco, California, USA

slide-2
SLIDE 2

Why?

 Standardiza/on of flow export [RFC5101] and storage representa/ons [dra6‐ieX‐ipfix‐file] removes a technical barrier to data sharing for

 interdomain measurement efforts, and  trace publica/on for research.

 End‐user privacy concerns s/ll a barrier.  Anonymisa/on provides one toolset for addressing these concerns.  Need a way to represent the anonymisa/on status of exported or stored data.

23rd March 2009 IETF 74 ‐ IPFIX WG – San Francisco, California

2

slide-3
SLIDE 3

What?

 Node and user iden/fying informa/on:

 IP addresses  MAC addresses [TODO]

 Addi/onal informa/on that can be used to profile users and/or aeack anonymisa/on techniques:

 ports (applica/on profiling)  /mestamps and counters (host profiling, fingerprin/ng)  most other fields (fingerprin/ng)

23rd March 2009 IETF 74 ‐ IPFIX WG – San Francisco, California

3

slide-4
SLIDE 4

How?

 Generaliza/on

 mapping of mul/ple real values to a single anonymised value.  aggregates; does not preserve countability.

 [One‐Way] Subs/tu/on

 one‐to‐one mapping of real to anonymised values.  count of unique values preserved across anonymisa/on.

 [One‐Way] Set Subs/tu/on

 each anonymised value respresents a single real value, but  each real value may be represented by mul/ple anonymised values.  does not aggregate, does not preserve countability.

23rd March 2009 IETF 74 ‐ IPFIX WG – San Francisco, California

4

slide-5
SLIDE 5

For how long?

 Anonymisa/on func/ons map a real space of values to an anonymised space.  This mapping func/on may change over /me (e.g. through rekeying

  • r dele/on of permuta/on table), affec/ng long‐term comparability
  • f anonymised datasets.

 Stability measures this change.

23rd March 2009 IETF 74 ‐ IPFIX WG – San Francisco, California

5

slide-6
SLIDE 6

Anonymisa/on Record

23rd March 2009 IETF 74 ‐ IPFIX WG – San Francisco, California

6

scope iden/fies {Template, IE} index op/onal (mul/‐IE only) Technique used to anonymise Associated with a Template, exported via IPFIX Op/ons.

slide-7
SLIDE 7

Supported Techniques (1)

 None

 Data assumed to be real at EP

 Undefined

 no assump/on anonymisa/on at EP

 Dele/on/“Black Marker”

 IPFIX supports this na/vely – simple removal of IE from Template

 Precision Degrada/on/Trunca/on (Generaliza/on)

 Replacement of host addresses with network addresses  Timestamp and counter degrada/on

23rd March 2009 IETF 73 ‐ IPFIX WG ‐ Minneapolis

7

slide-8
SLIDE 8

Supported Techniques (2)

 Binning (Generaliza/on)  Enumera/on (Set Subs/tu/on)

 Assignment of a unique value to each record.  May be applied to preserve ordering, esp. with /mestamps.

 Permuta/on (Subs/tu/on)

 Assignment of a unique anonymised value to each real value.

 Prefixed Permuta/on (Subs/tu/on)

 Permuta/on that preserved structure present in source data (e.g. CryptoPAN prefix‐preserving IP address anonymisa/on)

23rd March 2009 IETF 74 ‐ IPFIX WG – San Francisco, California

8

slide-9
SLIDE 9

Supported Stability Classes

 Undefined

 No assump/on about stability at EP

 Session

 All anonymisa/on parameters stable for dura/on of Transport Session.

 Exporter‐Collector

 All anonymisa/on parameters stable for an EP‐CP pair.  Different sessions between same EP and CP are comparable.

 Stable

 All anonymisa/on parameters stable for an EP.  Different sessions from same EP are comparable.

23rd March 2009 IETF 74 ‐ IPFIX WG – San Francisco, California

9

slide-10
SLIDE 10

Guidelines for IPFIX Anonymisa/on

 Certain IPFIX data structures can leak informa/on about original data:

 IPFIX Message Header Export Time  IPFIX Message Header Observa/on Domain, if linked to EP/MP address  expor/ngProcessIPv[46]Address  collec/onTime and File Time Window Op/ons

 Care should be taken with these to prevent deanonymisa/on.

23rd March 2009 IETF 74 ‐ IPFIX WG – San Francisco, California

10

slide-11
SLIDE 11

Next Steps

 Con/nued work on Open Issues:

 MAC address anonymisa/on  Finaliza/on of classifica/on, stability classes, and techniques  Editorial comple/on  IANA Considera/ons, Security Considera/ons, Examples  nonsensical IE/Technique combina/ons  other relevant guidelines

 Considera/on as new Working Group item within the context of the Mediator effort, when appropriate.

23rd March 2009 IETF 74 ‐ IPFIX WG – San Francisco, California

11