me measu sured approa oaches s to ip ipv6 ad addres ess
play

Me Measu sured Approa oaches s to IP IPv6 Ad Addres ess An - PowerPoint PPT Presentation

Oct 18, 2023 •406 likes •1.01k views

Me Measu sured Approa oaches s to IP IPv6 Ad Addres ess An Anonym ymiz izatio ion an and Id Iden entit ity As y Associa ciatio ion CARIS2 Workshop Cambridge, MA, 1 Mar 2019 David Plonka

  1. Me Measu sured Approa oaches s to IP IPv6 Ad Addres ess An Anonym ymiz izatio ion an and Id Iden entit ity As y Associa ciatio ion CARIS2 Workshop – Cambridge, MA, 1 Mar 2019 David Plonka <plonka@akamai.com|dave@plonka.us> & Arthur Berger “kI kIP: : a Measured Approach to IPv6 Address Anonymization” (p (pre-pr print) https://arxiv.org/abs/1707.03900 “In “In th the IP e IP of of th the B e Beh ehol older er: S Str trateg egies f es for or A Acti tive T e Top opol olog ogy D Disc scover ery” ( ” (IM IMC 2018) 2018) https://arxiv.org/abs/1805.11308

  2. Premise: an intersection of Privacy and Security IPv6 poses (at least) two challenges in facets of coordinated attack response: 1. Sharing IP address-related info while respecting victim and even potential/candidate attacker’s privacy. 2. Mitigating abuse by dropping or rate-limiting only traffic associated with an attackers’ (or victims’) identities. Meeting these challenges depends on knowledge - or on assumptions - about IP address identities, typically in the form of a public, globally-routed IP address prefix – the Identity Associations (or IAs) – of the victimized or attacking parties. What is a best practice for anonymization of these identities? Can the identity association be reliably determined, remotely? 2

  3. IP Address Anonymization and Identity Association Today we’ll consider: • Truncation and/or aggregation-based anonymization i.e., for sharing network identifiers for attack response or, generally, in traffic data, e.g., correlating with network topology, routing, service providers, and geographic locations. • Nascent IPv6 topology discovery results and implications for determining associated identify i.e., for sharing topology information for attack response e.g., anonymization and identity association involving router addresses. 3

  4. IP Address Anonymization and Identity Association Consider these questions: • How can passive and active Internet measurements inform decisions about address anonymization and identity association? 4

  5. IP Address Anonymization and Identity Association Consider these questions: • How can passive and active Internet measurements inform decisions about address anonymization and identity association? • Is there reason to believe that any one IP prefix length would perform satisfactorily for either? 5

  6. IP Address Anonymization and Identity Association We consider these questions: • How can passive and active Internet measurements inform decisions about address anonymization and identity association? • Is there reason to believe that any one IP prefix length would perform satisfactorily for either? • In the face of attack, when, where, and how should IP addresses be de- aggregated or coalesced to effectively associate them with victims or attackers? 6

  7. Background: IPv4 Address Anonymization by aggregation 10.0.42.31 1 10.0.42.24 1 10.0.42.30 1 10.0.42.10 1 10.0.42.25 1 10.0.42.22 1 10.0.42.16 1 10.0.42.6 1 10.0.42.4 1 10.0.42.17 1 10.0.42.17 1 10.0.42.21 1 10.0.42.9 1 10.0.42.8 1 10.0.42.20 1 10.0.42.19 1 10.0.42.29 1 10.0.42.3 1 10.0.42.26 1 10.0.42.14 1 10.0.42.11 1 10.0.42.1 1 10.0.42.15 1 10.0.42.27 1 10.0.42.13 1 10.0.42.7 1 10.0.42.0 1 10.0.42.12 1 10.0.42.28 1 10.0.42.2 1 10.0.42.23 1 7 10.0.42.5 1

  8. Background: IPv4 Address Anonymization by aggregation to a fixed length 10.0.42.31 1 10.0.42.24 1 10.0.42.30 1 10.0.42.10 1 10.0.42.25 1 10.0.42.22 1 10.0.42.16 1 10.0.42.6 1 10.0.42.4 1 10.0.42.17 1 10.0.42.17 1 10.0.42.21 1 10.0.42.9 1 10.0.42.8 1 10.0.42.0/27 32 10.0.42.20 1 10.0.42.19 1 10.0.42.29 1 10.0.42.3 1 10.0.42.26 1 10.0.42.14 1 10.0.42.11 1 10.0.42.1 1 10.0.42.15 1 10.0.42.27 1 10.0.42.13 1 10.0.42.7 1 10.0.42.0 1 10.0.42.12 1 10.0.42.28 1 10.0.42.2 1 10.0.42.23 1 8 10.0.42.5 1

  9. IP Address Anonymization • Truncation-based anonymization is ideal if, and only if, it can be guaranteed to improve privacy. We propose k IP anonymization, i.e., make an individual appear indistinguishable amongst a set of [ k ] individuals [https://en.wikipedia.org/wiki/K-anonymity, RFC 6973: “Privacy Considerations for Internet Protocols”] 9

  10. k IP: a measurement-based approach… 1. Temporal & Spatial Address Classification See “kIP: a Measured Approach to IPv6 Address Anonymization” Slides/video: https://trac.ietf.org/trac/irtf/wiki/map 2. Address Activity Matrix Analysis: estimating a lower bound on simultaneously assigned addresses 3. Anonymous Aggregate (Prefix) Synthesis : then perform longest-prefix match to produce results 10

  11. Step 2. Address Activity Matrix Analysis Related Work: IPv4 Address Activity Matrix introduced in “Beyond Counting …”, MAPRG Meeting July 2016 11 Beyond Counting: New Perspectives on the Active IPv4 Address Space (Richter et al. IMC 2016): https://arxiv.org/abs/1606.00360

  12. Related Work: IPv4 Address Activity Matrix 12 Beyond Counting: New Perspectives on the Active IPv4 Address Space (Richter et al. IMC 2016): https://arxiv.org/abs/1606.00360

  13. Related Work: IPv4 Address Activity Matrix 13 Beyond Counting: New Perspectives on the Active IPv4 Address Space (Richter et al. IMC 2016): https://arxiv.org/abs/1606.00360

  14. IPv6 Address Activity Matrix 0 1 2 012345678901234567890123 20010db823000a00117ae091b2bdca65 67 0d |-------+-------+--##--- 20010db823000a0021ad6d24641a1314 68 0d |--#----+-------+------- 20010db823000a003454ae0d20a0df4d 68 0d |-------+--#----+------- 20010db823000a004974fa8b465d4c2a 68 0d |-------+-------+#---#-- 20010db823000a00503ca91dbe009a63 68 0d |-------##-###--+------- 20010db823000a0068678a645417e731 70 0d |-------+---##--+------- 20010db823000a006d35ee11ec45f658 70 0d |-------+-------+#------ 20010db823000a007070a7fc47d502ba 70 0d |------#+-------+------- 20010db823000a007554b66aa9839665 70 0d |-------+--#----+------- 20010db823000a0079391bd6fec285bb 70 0d |-------+------#+------- 20010db823000a007ccc39777c76bdef 70 0d |-------+-------+---#--- 20010db823000a00890b1f0d14e20ccb 67 0d |-------+----#--+------- 20010db823000a00a0fc1e1848aaeb2e 67 0d |-------+---#---#------- 20010db823000a00f9309833f8c53926 74 0d |-------+----#--#------- 20010db823000a00f94dfcec6b8ed61f 74 0d |-------#-------+------- 20010db823000a00fd2850fe844583e7 70 0d |--#----+-------+------- 20010db823000a00 16 Temporary SLAAC: 100.00% stable: 0.00% legend: # = activity counted during the given hour 14

  15. IPv6 Address Activity Matrix 0 1 2 012345678901234567890123 20010db823000a00117ae091b2bdca65 67 0d |-------+-------+--##--- 20010db823000a0021ad6d24641a1314 68 0d |--#----+-------+------- 20010db823000a003454ae0d20a0df4d 68 0d |-------+--#----+------- 20010db823000a004974fa8b465d4c2a 68 0d |-------+-------+#---#-- 20010db823000a00503ca91dbe009a63 68 0d |-------##-###--+------- 20010db823000a0068678a645417e731 70 0d |-------+---##--+------- 20010db823000a006d35ee11ec45f658 70 0d |-------+-------+#------ 20010db823000a007070a7fc47d502ba 70 0d |------#+-------+------- 20010db823000a007554b66aa9839665 70 0d |-------+--#----+------- 20010db823000a0079391bd6fec285bb 70 0d |-------+------#+------- 20010db823000a007ccc39777c76bdef 70 0d |-------+-------+---#--- 20010db823000a00890b1f0d14e20ccb 67 0d |-------+----#--+------- 20010db823000a00a0fc1e1848aaeb2e 67 0d |-------+---#---#------- 20010db823000a00f9309833f8c53926 74 0d |-------+----#--#------- 20010db823000a00f94dfcec6b8ed61f 74 0d |-------#-------+------- 20010db823000a00fd2850fe844583e7 70 0d |--#----+-------+------- 20010db823000a00 16 Temporary SLAAC: 100.00% stable: 0.00% /64 prefix legend: # = activity counted during the given hour 15

  16. IPv6 Address Activity Matrix 0 1 2 012345678901234567890123 20010db823000a00117ae091b2bdca65 67 0d |-------+-------+--##--- 20010db823000a0021ad6d24641a1314 68 0d |--#----+-------+------- 20010db823000a003454ae0d20a0df4d 68 0d |-------+--#----+------- 20010db823000a004974fa8b465d4c2a 68 0d |-------+-------+#---#-- 20010db823000a00503ca91dbe009a63 68 0d |-------##-###--+------- 20010db823000a0068678a645417e731 70 0d |-------+---##--+------- 20010db823000a006d35ee11ec45f658 70 0d |-------+-------+#------ 20010db823000a007070a7fc47d502ba 70 0d |------#+-------+------- 20010db823000a007554b66aa9839665 70 0d |-------+--#----+------- 20010db823000a0079391bd6fec285bb 70 0d |-------+------#+------- 20010db823000a007ccc39777c76bdef 70 0d |-------+-------+---#--- 20010db823000a00890b1f0d14e20ccb 67 0d |-------+----#--+------- 20010db823000a00a0fc1e1848aaeb2e 67 0d |-------+---#---#------- 20010db823000a00f9309833f8c53926 74 0d |-------+----#--#------- 20010db823000a00f94dfcec6b8ed61f 74 0d |-------#-------+------- 20010db823000a00fd2850fe844583e7 70 0d |--#----+-------+------- 20010db823000a00 16 Temporary SLAAC: 100.00% stable: 0.00% /64 prefix IID legend: # = activity counted during the given hour 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

k IP IP: a Measured Approach ch to IPv6 Ad Addres ess An Anon onymiz ization ion MAPRG

k IP IP: a Measured Approach ch to IPv6 Ad Addres ess An Anon onymiz ization ion MAPRG

k IP IP: a Measured Approach ch to IPv6 Ad Addres ess An Anon onymiz ization ion MAPRG Meeting Prague, July 20, 2017 David Plonka &lt;plonka@akamai.com&gt; kI kIP: : a Me Measured Approach to IPv6 Address Anonymizati tion

873 views • 64 slides
IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

Outline IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer Science and IPv6 Autoconfiguration Institute of Communications Engineering National Tsing Hua University jcchen@cs.nthu.edu.tw

783 views • 11 slides
Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6 Global allocations by RIR APNIC 337 21% RIPENCC 737 45% ARIN 438 LACNIC AFRINIC 27% 87 37 5% 2% Unit: IPv6 pref i x 3 IPv6

603 views • 24 slides
IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6 Ready Logo Goal 2001-Present: Conformance and Interoperability test program intended to increase user confidence and promote IPv6 deployment.

403 views • 11 slides
IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already

IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already

IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already Here Monash IPv6 Progress Addressing End Systems Monitoring Network Address Usage Traffic Monitoring Problems IPv6 is Coming

779 views • 41 slides
Nov Novel Appr Approaches oaches to to ID ID Te Testing Usi Using NGS NGS Based Based

Nov Novel Appr Approaches oaches to to ID ID Te Testing Usi Using NGS NGS Based Based

Nov Novel Appr Approaches oaches to to ID ID Te Testing Usi Using NGS NGS Based Based Metagenom nomics cs Robert Schlaberg, MD, MPH Disclosures Commercial Interest What was Received For What Role Roche Diagnostics Honorarium Advisor

522 views • 51 slides
Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA &lt;keiichi@iijlab.net&gt; IIJ Research Laboratory / WIDE project Contents IPv6 service in Japan How I live Example of IPv6 configuration Some news of IPv6

653 views • 16 slides
Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A =

617 views • 20 slides
IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6 Deployment WG Chair Takashi Arano (Intec NetCore, Inc.) IPv6 Deployment Guideline solves barriers for deployment I cant see IPv6s

319 views • 7 slides
Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6

Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6

Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A =

556 views • 20 slides
Addr Addres essing t g the Ga he Gap: p: Identi tifying Varyin ing Le Levels of s of Pro

Addr Addres essing t g the Ga he Gap: p: Identi tifying Varyin ing Le Levels of s of Pro

Addr Addres essing t g the Ga he Gap: p: Identi tifying Varyin ing Le Levels of s of Pro ro-En Envi viron onmental al B Beha ehavi viour in t the e Cana nadian P Popu opulation MATTHEW HEW P PERKS, M MA SOCIOL OLOG

224 views • 19 slides
A Disrete Approa h to Mo del Gene Regulatory Net w orks and the Use of F ormal

A Disrete Approa h to Mo del Gene Regulatory Net w orks and the Use of F ormal

A Disrete Approa h to Mo del Gene Regulatory Net w orks and the Use of F ormal Logi to Prop ose New W et Exp erimen ts Gilles Bernot Univ ersit y of Nie sophia antipolis , I3S lab oratory A kno wledgmen ts

694 views • 24 slides
Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com When will IPv6-only deployment happen? Hypothesis 1 1st node is All IPv4 nodes dual-stack speak also IPv6 IPv4-only IPv4 &amp; IPv6 IPv6-only

675 views • 25 slides
Taking the Scared Ou Out of t of School hool Strategies ies to Addres ess Anxiety

Taking the Scared Ou Out of t of School hool Strategies ies to Addres ess Anxiety

Taking the Scared Ou Out of t of School hool Strategies ies to Addres ess Anxiety ety- based d Absent nteeism eeism Teresa Miller, LLPC Forest Hills Public Schools, Grand Rapids Community College Donna Secor Pennington, LMSW

575 views • 43 slides
Best Pr Best Practice actice Appr pproac oaches hes in the in the New Econo New Economy my

Best Pr Best Practice actice Appr pproac oaches hes in the in the New Econo New Economy my

Best Pr Best Practice actice Appr pproac oaches hes in the in the New Econo New Economy my Dave Ivan 1 Michigan State University Webinar Agenda Review research approach; Discuss findings and community examples; Discuss

928 views • 55 slides
IPv6 Introduction by Harald Welte &lt;laforge@rfc2460.org&gt; IPv6 Introduction What? Why?

IPv6 Introduction by Harald Welte &lt;laforge@rfc2460.org&gt; IPv6 Introduction What? Why?

IPv6 Introduction by Harald Welte &lt;laforge@rfc2460.org&gt; IPv6 Introduction What? Why? What is IPv6? Successor of currently used IP Version 4 Specified 1995 in RFC 2460 Why? Address space in IPv4 too small Routing tables too large

476 views • 19 slides
Industry perspectives: What they need, research-wise and code-wise November 13 , 2013 4th NDN

Industry perspectives: What they need, research-wise and code-wise November 13 , 2013 4th NDN

Industry perspectives: What they need, research-wise and code-wise November 13 , 2013 4th NDN Project Retreat Eiichi Muramoto/ Panasonic muramoto.eiichi@jp.panasonic.com Content Who we are (Panasonic) What we did (L4) What we need

466 views • 12 slides
ECSS 2017 Lisbon, 25 October Technological Development and Well-Being: Maria Isabel Aldinhas

ECSS 2017 Lisbon, 25 October Technological Development and Well-Being: Maria Isabel Aldinhas

ECSS 2017 Lisbon, 25 October Technological Development and Well-Being: Maria Isabel Aldinhas Ferreira Centre of Philosophy of the University of Lisbon and Institute for Robots and Intelligent Systems/IST University of Lisbon Lisbon. Portugal

286 views • 15 slides
An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come? Chaoyi Lu ,

An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come? Chaoyi Lu ,

An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come? Chaoyi Lu , Baojun Liu, Zhou Li, Shuang Hao, Haixin Duan, Mingming Zhang, Chunying Leng, Ying Liu, Zaifeng Zhang, Jianping Wu The start of Internet activities.

746 views • 40 slides
How I Learned to Stop Worrying about Exascale and Love MPI (Yes, MPI is indeed da bomb!) Pavan

How I Learned to Stop Worrying about Exascale and Love MPI (Yes, MPI is indeed da bomb!) Pavan

How I Learned to Stop Worrying about Exascale and Love MPI (Yes, MPI is indeed da bomb!) Pavan Balaji Computer Scientist and Group Lead Argonne National Laboratory Separating the Myths from Real Concerns The race to Exascale started in

357 views • 23 slides
Ionized Gas in the Inner 2 pc of the Milky Way Wesley Irons University of Texas Senior Advisor:

Ionized Gas in the Inner 2 pc of the Milky Way Wesley Irons University of Texas Senior Advisor:

Ionized Gas in the Inner 2 pc of the Milky Way Wesley Irons University of Texas Senior Advisor: John Lacy The Galactic Center Sgr A* (x) Circumnuclear Disk Mini-spiral Northern Arm (--) Western Arc (--) Eastern

530 views • 12 slides
IGRINS Spectral Library Korean IGRINS Legacy Project Sunkyung Park 1 , Jeong-Eun Lee 1

IGRINS Spectral Library Korean IGRINS Legacy Project Sunkyung Park 1 , Jeong-Eun Lee 1

IGRINS Spectral Library Korean IGRINS Legacy Project Sunkyung Park 1 , Jeong-Eun Lee 1 (PI),Wonseok Kang 2 , Sang- Gak Lee 2 , Moo-Young Chun 3 , Kang-Min Kim 3 , In-Soo Yuk 3 , Jae- Joon Lee 3 , Greg N. Mace 4 , Hwihyun Kim 3,4,5 , Kyle

226 views • 21 slides
Wireless Sensor Networks and Observation satellites . Raveneau 1 E. Chaput 1 R. Dhaou 1 A-L.

Wireless Sensor Networks and Observation satellites . Raveneau 1 E. Chaput 1 R. Dhaou 1 A-L.

Context Satellite Study WSN Study Conclusion Wireless Sensor Networks and Observation satellites . Raveneau 1 E. Chaput 1 R. Dhaou 1 A-L. Beylot 1 P 1 IRIT Universit de Toulouse Rescom 13 Mai 2014 Raveneau, Chaput, Dhaou, Beylot WSN and

144 views • 12 slides
DNS Related Activities During IETF79 Johan Ihrn Autonomica November 12, 2010 DNS Activities

DNS Related Activities During IETF79 Johan Ihrn Autonomica November 12, 2010 DNS Activities

November 12, 2010 DNS Related Activities During IETF79 Johan Ihrn Autonomica November 12, 2010 DNS Activities During IETF79, Beijing johani@autonomica.se 1 / 22 November 12, 2010 DNS Related Activities During IETF79 DNSEXT The

659 views • 26 slides

More recommend