Chulalongkorn University
Wongyos Keardsri
Department of Computer EngineeringFaculty of Engineering, Chulalongkorn UniversityBangkok, ThailandE-mail: [email protected]
An IP Address An IP Address Anonymization Scheme Anonymization Scheme
Based on Privacy LevelsBased on Privacy Levels
Ph.D. Seminar, August 5, 2011
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri2
OutlineOutline
• Introduction• Literature Reviews• Anonymization Scheme• Privacy Levels• Anonymization Factors
• Privacy Tree Structures• Network Analysis Functions• Computer Law
• Rule-Based Combination• Results and Discussions• Conclusion
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri3
• Network Traffic Analysis Packet Sniffer
IP: 161.200.92.41
IP: 161.200.92.30
IP: 161.200.92.59
IP: 161.200.92.62
IP: 161.200.92.45
Capture packetsCapture packets
Analyze packetsAnalyze packets
Anonymize packetsAnonymize packets
IntroductionIntroduction
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri4
• IP Address AnonymizationTo reform the original IP address to the anonymized IP address
Original IP AddressOriginal IP Address
Anonymization ProcessAnonymization Process
Anonymized IP AddressAnonymized IP Address
Introduction (Cont)Introduction (Cont)
161.200.93.37161.200.93.37
Anonymization ProcessAnonymization Process
74.97.120.9674.97.120.96
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri5
• Proposed Anonymization Methods
1990-19951990-1995 One-to-one mapping algorithms (Hash Function, MD5)One-to-one mapping algorithms (Hash Function, MD5)
19961996 TCPdpriv methodGreg Minshall
Literature ReviewsLiterature Reviews
20022002 Crypto-PAn methodJun Xu
20062006 MAL methodQianli Zhang
20072007 TSA methodR. Ramaswamy
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri6
Literature ReviewsLiterature Reviews (Cont)(Cont)
• Review of the previous works Anonymize all 32 bits of IP address
unnecessarily Unsuitable for network analysis functions Uncover with computer law
We can anonymize some appropriate bit or parts of IP address
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri7
Anonymization SchemeAnonymization Scheme
• Our Anonymization Scheme
Anonymization Factors(1) Privacy Tree Structures(2) Network Analysis Functions(3) Computer Law
Original IP Address
Anonymized IP Address
Privacy
Levels
Rule-BasedCombinati
on
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri8
• This research proposes a new IP address anonymization scheme by considering and using privacy levels
• To consider the IP address structure 255 .255 .0 .011111111.11111111.00000000.00000000255 .255 .0 .011111111.11111111.00000000.00000000
Subnet Mask Address
161 .200 .93 .110100001.11001000.01011101.00000001161 .200 .93 .110100001.11001000.01011101.00000001IP Address
161.200.0.0 161.200.0.0 Network Part x.x.93.1 x.x.93.1 Host Part
Network PartNetwork Part Host PartHost PartLeft bits Right bits
Privacy LevelsPrivacy Levels
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri9
• Privacy Levels Non-anonymization n-Left anonymization n-Right anonymization Full anonymization Randomly full anonymization
Left bits Right bits
XXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX
RRRRRRRRRRRRRRRR RRRRRRRR RRRRRRRR
• We anonymize the necessary bits or parts of IP address with the different privacy levels
• We define the privacy levels into 5 levels
Privacy LevelsPrivacy Levels (Cont)(Cont)
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri10
• There are 3 reasons to consider the anonymization factors Do you know about the data which are used to
analyze? Much or little? What do you need to use the data for which
functions? How about the computer law or computer crime act
defines and describes?
• There are 3 anonymization factors IP address structures Network analysis functions Computer law / computer crime act
Anonymization Factors
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri11
• Privacy Tree Structure A path from root node to each node is network part of IP address A path under that node is host part of IP address
Given edges are parts of IP address Given nodes are connections of parts
A
Root Node
Reference Node
Network Part
Host Part
Privacy Tree Structure
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri12
• Independent subtree
A
Root Node
Reference Node B
A B
• Non-anonymization
Privacy Tree Structure (Cont)
A is referenced IP address of organization which analyzes BB is referenced IP address of organization which is analyzed by A
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri13
• Intersection subtree
Root Node
Reference Node
Anonymization part
A B
A B
• n-Left anonymization XXXX
Privacy Tree Structure (Cont)
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri14
• Proper subtree (A in B)
A
Root Node
Reference Node
B
BA
• n-Right anonymization XXXX
Anonymization part
Privacy Tree Structure (Cont)
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri15
• Proper subtree (B in A)
B
Root Node
Reference NodeAAB
• n-Right anonymization XXXX
Anonymization part
Privacy Tree Structure (Cont)
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri16
• Equivalent subtree
Root Node A = B
• Full anonymization
Anonymization part
Reference NodeA = B
XXXX XXXX
Privacy Tree Structure (Cont)
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri17
• A Survey of Popular Network Analysis Functions from 6 Selected Tools NTOP, http://www.ntop.org/documentation.html Nagios, http://www.nagios.org/docs/ Tcpdump, http://www.tcpdump.org/ Ethereal, http://www.ethereal.com/docs/ MRTG, http://oss.oetiker.ch/mrtg/ OpenNMS,
http://www.opennms.org/index.php/Documentation
Network Analysis Functions
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri18
Network Analysis Functions (Cont)
Group of Functions
Functions Privacy Levels
Resource and Capacity Usages
System performances Non-anonymization
Network bandwidth usages
Capacity planning
Multicast traffic analysis
Proxy management
CPU usages n-Right anonymizationMemory usages
Disk usages
Accounting usage; printer, quota usages
• Network Analysis Functions Details
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri19
Network Analysis Functions (Cont)
• Network Analysis Functions Details (Cont)
Group of Functions Functions Privacy Levels
Service Statistics HTTP (1) Non-anonymization (Network Summary)(2) n-Right anonymization (Device Summary)
SNMP
TELNET
POP3
NNTP
ARP / ICMP
FTP
SSH
VoIP
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri20
Network Analysis Functions (Cont)
• Network Analysis Functions Details (Cont)
Group of Functions Functions Privacy Levels
Service Statistics(Cont)
P2P (1) Non-anonymization(2) n-Right anonymizationTCP Session History
DNS Full anonymization
System Diagnosis and Anomaly Detection
Intrusion detection Full anonymization
Fault detection
Log analysis
Social network analysis
Behavior analysis
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri21
Network Analysis Functions (Cont)
• Network Analysis Functions Details (Cont)
Group of Functions Functions Privacy Levels
System Report and Display
Network traffic map Full anonymization
Web application report (1) Full anonymization(2) Randomly full anonymization
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri22
• Thailand Computer Crimes Act B.E. 2550
Computer Law
Section Privacy Levels
18(2) (1) n-Right Anonymization (Related with network part)(2) Full Anonymization (Related with person, network and host parts)
18(3) Follow by Privacy Tree Structure
18(4) Follow by Privacy Tree Structure and Network Analysis Function
18(5) Full Anonymization
18(6) Full Anonymization
26-1 Non-anonymization
26-2 n-Right Anonymization
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri23
• Rule-Based Method Represent the conditions of 3 factors into the rules Consider and combine each rule to select final privacy
levels
Rule-Based Combination
• Example of Rule-Based Method
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri24
• Example of the Results of IP Address Anonymization Based on Privacy Levels with 3 Factors
Results and Discussions
• Scenarios: CU Network administrators are a competent official to request packet data from CU-Engineering for analyzing the web site (HTTP) usages
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri25
===================================================================A is referenced IP address of organization which analyzes BB is referenced IP address of organization which is analyzed by A===================================================================Enter Network Address A : 161.200.0.0Enter Mask Address A : 255.255.0.0Enter Network Address B : 161.200.93.0Enter Mask Address B : 255.255.254.0Enter Network Function (NF) : 10Enter Network Function (NF) : 0Enter Law Section : 1Enter Law Section : 0Network Bit of A : 10100001110010000000000000000000Mask Bit of A : 11111111111111110000000000000000Network Bit of B : 10100001110010000101110100000000Mask Bit of B : 11111111111111111111111000000000Privacy Tree Structure (PTS) : (4) Proper Subtree (B in A)Privacy Levels of PTS : (3) n-Right AnonymizationPrivacy Levels of NF : (1) Non-anonymizationPrivacy Levels of LAW : (3) n-Right Anonymization===================================================================Privacy Levels of 3 Factors : (3) n-Right Anonymization===================================================================
Results and Discussions (Cont)
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri26
• Example of Results Given subnet mask is
255.255.0.0 11111111.11111111.00000000.00000000 Given key is 11101010010011010010110110010010
• Using Non-anonymization161.200.92.35 10100001.11001000.01011100.00100011
161.200.92.62 10100001.11001000.01011100.00111110
161.200.92.76 10100001.11001000.01011100.01001100
161.200.92.88 10100001.11001000.01011100.01011000
161.200.92.193 10100001.11001000.01011100.11000001
161.200.91.174 10100001.11001000.01011011.10101110
161.200.91.2 10100001.11001000.01011011.00000010
Results and Discussions (Cont)
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri27
• Using n-Left Anonymization
94.55.92.35 01011110.00110111.01011100.00100011
94.55.92.62 01011110.00110111.01011100.00111110
94.55.92.76 01011110.00110111.01011100.01001100
94.55.92.88 01011110.00110111.01011100.01011000
94.55.92.193 01011110.00110111.01011100.11000001
94.55.91.174 01011110.00110111.01011011.10101110
94.55.91.2 01011110.00110111.01011011.00000010
Results and Discussions (Cont)
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri28
• Using n-Right Anonymization
161.200.163.220 10100001.11001000.10100011.11011100
161.200.163.193 10100001.11001000.10100011.11000001
161.200.163.179 10100001.11001000.10100011.10110011
161.200.163.167 10100001.11001000.10100011.10100111
161.200.163.62 10100001.11001000.10100011.00111110
161.200.164.81 10100001.11001000.10100100.01010001
161.200.164.253 10100001.11001000.10100100.11111101
Results and Discussions (Cont)
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri29
• Using Full Anonymization
94.55.163.220 01011110.00110111.10100011.11011100
94.55.163.193 01011110.00110111.10100011.11000001
94.55.163.179 01011110.00110111.10100011.10110011
94.55.163.167 01011110.00110111.10100011.10100111
94.55.163.62 01011110.00110111.10100011.00111110
94.55.164.81 01011110.00110111.10100100.01010001
94.55.164.253 01011110.00110111.10100100.11111101
Results and Discussions (Cont)
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri30
• Using Randomly Full Anonymization
24.89.192.204 00011000.01011001.11000000.11001100
128.121.188.160 10000000.01111001.10111100.10100000
105.166.62.205 01101001.10100110.00111110.11001101
191.174.6.210 10111111.10101110.00000110.11010010
72.236.28.89 01001000.11101100.00011100.01011001
111.3.171.101101111.00000011.10101011.00000001
138.224.26.220 10001010.11100000.00011010.11011100
Results and Discussions (Cont)
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri31
• Advantage of Our Anonymization Scheme• Applicable to an administrator who analyzes packet
data in different functions• Benefits any organizations in exchanging network data• Appropriates for heavy packet tracers and sniffers
Results and Discussions (Cont)
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri32
• This research proposes 5 privacy levels Non-anonymization n-Left anonymization n-Right anonymization Full anonymization Randomly full anonymization
• This research applies these privacy levels to prefix-preserving IP address anonymization, specifically to Crypto-PAn
ConclusionConclusion
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri33
• Presenting 3 anonymization factors which are used to consider and select appropriate privacy level Privacy tree structure Network analysis functions Computer law
• Combining the anonymization factors by using rule-based method
Conclusion (Cont)Conclusion (Cont)
Chulalongkorn University
Ph.D. Seminar, August 5, 2011
Wongyos Keardsri34
Questions and AnswersQuestions and Answers
E-mail : [email protected] : http://www.facebook.com/wongyos/
Q? ...... A!