Upload
jerry-frederick
View
45
Download
1
Tags:
Embed Size (px)
DESCRIPTION
The Devil and Packet Trace Anonymization. Authors : Ruoming Pangy, Mark Allmanz, Vern Paxsonz, Jason Lee Princeton University, International Computer Science Institute, Lawrence Berkeley National Laboratory (LBNL) - PowerPoint PPT Presentation
Citation preview
The Devil and Packet Trace Anonymization
Authors: Ruoming Pangy, Mark Allmanz, Vern Paxsonz, Jason Lee
Princeton University, International Computer Science Institute, Lawrence Berkeley National Laboratory (LBNL)
Publication: Computer Communication Review, January 2006.
Presenter: Radha V. Maldhure
AGENDA
ANONYMIZATION PROBLEM WITH CURRENT TECHNIQUES USE OF ANONYMIZATION PAPER’S CONTENTS METHODOLOGY ANONYMIZATION POLICY INFORMATION LOSS VALIDATION CONCLUSION CONTRIBUTIONS WEAKNESSES SUGGESTIONS
INTRODUCTION
Released data
RESEARCHER
ATTACKER
RESEARCHER
ATTACKER
TO IMPROVE / TO DEVELOP
TO ATTACK
Released data
anonymization
DATA
e.g. packet traces
ANONYMIZATION
o Releasing network measurement data to research community
o Publishing traces require balance between security needs of organization and research usefulness
o Example: “tcpdpriv” removes TCP options from traces, no physical fingerprinting, no research value
Research
Usefulness Security Needs
Security Needs
Research
Usefulness
AGENDA
ANONYMIZATION PROBLEM WITH CURRENT TECHNIQUES USE OF ANONYMIZATION PAPER’S CONTENTS METHODOLOGY ANONYMIZATION POLICY INFORMATION LOSS VALIDATION CONCLUSION CONTRIBUTIONS WEAKNESSES SUGGESTIONS
PROBLEM WITH CURRENT TECHNIQUES
Existing publicly released traces have problems as:
• No careful guidance on anonymization policy for public release
• No tool that adapts to particular policy
• Example : NLANR’s PMA packet traces
AGENDA
ANONYMIZATION PROBLEM WITH CURRENT TECHNIQUES USE OF ANONYMIZATION PAPER’S CONTENTS METHODOLOGY ANONYMIZATION POLICY INFORMATION LOSS VALIDATION CONCLUSION CONTRIBUTIONS WEAKNESSES SUGGESTIONS
USE OF ANONYMIZATION
Some uses of anonymization:
• Your web site's performance and availability
• Understanding of the Internet’s structure and behavior
AGENDA
ANONYMIZATION PROBLEM WITH CURRENT TECHNIQUES USE OF ANONYMIZATION PAPER’S CONTENTS METHODOLOGY ANONYMIZATION POLICY INFORMATION LOSS VALIDATION CONCLUSION CONTRIBUTIONS WEAKNESSES SUGGESTIONS
PAPER’S CONTENTS
o Arrives at acceptable anonymization policy
o Presents a tool “tcpmkpub” that implements the suggested transformations
o Provides meta-data about each trace for analysis
AGENDA
ANONYMIZATION PROBLEM WITH CURRENT TECHNIQUES USE OF ANONYMIZATION PAPER’S CONTENTS METHODOLOGY ANONYMIZATION POLICY INFORMATION LOSS VALIDATION CONCLUSION CONTRIBUTIONS WEAKNESSES SUGGESTIONS
METHODOLOGY
Precise method for anonymization
Purpose of transform
Concerns for appearing
traffic
Policy decisions
Anonymization tool
Example Specification
Specification of IP Header anonymization:
AGENDA
ANONYMIZATION PROBLEM WITH CURRENT TECHNIQUES USE OF ANONYMIZATION PAPER’S CONTENTS METHODOLOGY ANONYMIZATION POLICY INFORMATION LOSS VALIDATION CONCLUSION CONTRIBUTIONS WEAKNESSES SUGGESTIONS
ANONYMIZATION POLICY
• Focuses on traces that include only packet headers
• A possible policy but not completely a correct policy
• It is crucial to prevent users of the trace files from determining:
identities of specific hosts
identities of internal hosts such that a map could be constructed of which hosts support which services
security practices of the organization
Protocol Stack
ApplicationLayer
NetworkInterface
Layer
InternetLayer
TransportLayer
FTP/ Telnet/ SNMP/ DNS
TCP/ UDP
IP/ ARP/ ICMP/ IGMP
Ethernet/ ATM/ FR
CHECKSUMS
Reason to anonymize:
Re-calculate checksums in traces for two reasons: Gives content of data even when application
data removed To determine if original checksum were valid
Way to anonymize: Original checksum Co, Calculated checksum Cc
Replace Co by Cc Insert “1” into appropriate checksum field to
mark packet as failed checksum
NETWORK INTERFACE LAYER: Ethernet Address
Reason to anonymize:
Ethernet Addresses are distinct to individual NICs Can be used by an attacker to uncover actions of
given user
Way to anonymize:
Three Different methods of randomizing Ethernet addresses Scrambling the entire 6 byte address Scrambling only the lower 3 bytes of address Scrambling lower 3 and upper 3 bytes independently
INTERNET LAYER: IP AddressReason to anonymize:
Attacker can attain accounting of user’s activities if he knows IP Address
Can plan an attack using information about services running on the host
Way to anonymize:
Remap addresses differently based on type of addresses
Multicast addresses preserved in anonymized trace
TRANSPORT LAYER: TCP/UDP
Reason to anonymize: Not given
Way to anonymize:
Preserves port number and sequence number but not the timestamp
They transform timestamps into separate monotonically increasing counters
Research use: uniqueness and transmission order of segments
AGENDA
ANONYMIZATION PROBLEM WITH CURRENT TECHNIQUES USE OF ANONYMIZATION PAPER’S CONTENTS METHODOLOGY ANONYMIZATION POLICY INFORMATION LOSS VALIDATION CONCLUSION CONTRIBUTIONS WEAKNESSES SUGGESTIONS
INFORMATION LOSS
The effectiveness in preserving information is checked by analyzing original and anonymized traces
Two tools for analysis: “tcpsum” and “pOF”
tcpsum : Used to find number of packets and bytes sent in each direction Crunches each Tcp connection in trace Except for IP addresses, crunching original and transformed
traces matched No value lost in transformation
pOF : Did not get what they tried to explain!
AGENDA
ANONYMIZATION PROBLEM WITH CURRENT TECHNIQUES USE OF ANONYMIZATION PAPER’S CONTENTS METHODOLOGY ANONYMIZATION POLICY INFORMATION LOSS VALIDATION CONCLUSION CONTRIBUTIONS WEAKNESSES SUGGESTIONS
VALIDATION
Need to validate information intended to mask was indeed transformed or left out of anonymized trace
Two ad hoc validations: Inspected the log created by “tcpmkpub”
Flags all unexpected aspects of a packet trace
Used “ipsumdump” to dump Tcp options Picked timestamps, sorted and verified Timestamp re-numbering appears accurate
AGENDA
ANONYMIZATION PROBLEM WITH CURRENT TECHNIQUES USE OF ANONYMIZATION PAPER’S CONTENTS METHODOLOGY ANONYMIZATION POLICY INFORMATION LOSS VALIDATION CONTRIBUTIONS WEAKNESSES SUGGESTIONS
CONTRIBUTIONS
Enumerated and explored devil-ish details in preparing packet traces
A framework for implementing anonymization policy and developed “tcpmkpub”
Sets framework for future work of packet trace anonymization
AGENDA
ANONYMIZATION PROBLEM WITH CURRENT TECHNIQUES USE OF ANONYMIZATION PAPER’S CONTENTS METHODOLOGY ANONYMIZATION POLICY INFORMATION LOSS VALIDATION CONTRIBUTIONS WEAKNESSES SUGGESTIONS
WEAKNESSES
No timing information for analyzing TCP dynamics
Preserving port number may lead to identification of a particular machine
No performance analysis
AGENDA
ANONYMIZATION PROBLEM WITH CURRENT TECHNIQUES USE OF ANONYMIZATION PAPER’S CONTENTS METHODOLOGY ANONYMIZATION POLICY INFORMATION LOSS VALIDATION CONCLUSION CONTRIBUTIONS WEAKNESSES SUGGESTIONS
SUGGESTIONS
Needs to deal with different protocols at each layer of protocol stack
Should present performance analysis that indicates
tool’s efficiency in terms of maintaining security needs
preserving research values
QUESTIONS?????????????????