The role of network trace anonymization under attack

Burkhart, Martin; Schatzmann, Dominik; Trammell, Brian; Boschi, Elisa; Plattner, Bernhard

doi:10.1145/1672308.1672310

Cited by 55 publications

(28 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although such frameworks are aimed to be quite generic, a significant drawback is that they base on quite "static" anonymisation policies specification; in all cases, the policies that will regulate the execution of the underlying anonymisation APIs must be defined in an explicit manner. Additionally, although they work well for applications using previously collected traffic data, they are not applicable to applications' domains that demand real-time data, such as intrusion detection systems, while being vulnerable to attacks able to infer sensitive information [22] [23].…”

Section: Related Workmentioning

confidence: 99%

A privacy-aware access control model for distributed network monitoring

Papagiannakopoulou

Koukovini

Lioudakis

et al. 2013

Computers & Electrical Engineering

View full text Add to dashboard Cite

Despite the usefulness of network monitoring for the operation, maintenance, control and protection of communication networks, as well as law enforcement, network monitoring activities are surrounded by serious privacy implications. Their inherent leakage-proneness is harshened due to the increasing complexity of the monitoring procedures and infrastructures, that may include multiple traffic observation points, distributed mitigation mechanisms and even inter-operator cooperation. However, current approaches present limitations in effectively addressing such privacy issues, as they have not been designed for meeting the particular requirements of distributed network monitoring and conceptualising the corresponding functionalities and infrastructures; additionally, they are not suitable for highly dynamic and distributed environments and for automating privacy-awareness. In this paper, we introduce a new access control model that aims at addressing these concerns; it is conceived on the basis of data protection legislation, as well as distributed network monitoring. The proposed approach provides rich expressiveness, captures all the underlying concepts along with their associations and enables the specification of contextual authorisation policies and * Corresponding author.Email address: epapag@icbnet.ntua.gr (Eugenia I. Papagiannakopoulou) ⋆ This is a revised and expanded version of a paper that appeared in the proceedings of the 4th MITACS Workshop on Foundations & Practice of Security, Paris, France, May 2011, pp. 208-217 [44]. Computers & Electrical Engineering 2011 June 7, 2012 expressive separation and binding of duty constraints. Finally, two key innovations of our work consist in the ability to define access control rules in any possible level of abstraction and in enabling a verification procedure which results in inherently privacy-aware workflows, thus minimising run-time reasoning overheads and fostering the realisation of the Privacy by Design vision. Preprint submitted to Elsevier

show abstract

Section: Related Workmentioning

confidence: 99%

A privacy-aware access control model for distributed network monitoring

Papagiannakopoulou

Koukovini

Lioudakis

et al. 2013

Computers & Electrical Engineering

View full text Add to dashboard Cite

show abstract

“…Research on network trace anonymization techniques and attacks against them is ongoing. Indeed, there is increasing evidence that anonymization applied to network trace or flow data on its own is insufficient for many data protection applications as in [Bur10]. Therefore, this document explicitly does not recommend any particular technique or implementation thereof.…”

Section: Supporting Experimentation With Anonymizationmentioning

confidence: 99%

“…Timestamps can be used in traffic injection attacks, which use known information about a set of traffic generated or otherwise known by an attacker to recover mappings of other anonymized fields, as well as to identify certain activity by response delay and size fingerprinting, which compares response sizes and inter-flow times in anonymized data to known values. Note that these attacks have been shown to be relatively robust against timestamp anonymization techniques (see [Bur10]), so the techniques presented in this section are relatively weak and should be used with care.…”

Section: Structured Pseudonymizationmentioning

confidence: 99%

IP Flow Anonymization Support

Trammell¹,

Boschi²

2011

View full text Add to dashboard Cite

This document describes anonymization techniques for IP flow data and the export of anonymized data using the IP Flow Information Export (IPFIX) protocol. It categorizes common anonymization schemes and defines the parameters needed to describe them. It provides guidelines for the implementation of anonymized data export and storage over IPFIX, and describes an information model and Optionsbased method for anonymization metadata export within the IPFIX protocol or storage in IPFIX Files.

show abstract

“…Other information should be anonymized or otherwise obscured to hide users' identities. Unfortunately, it is now pretty well-known that it is very difficult to effectively anonymize network trace data of the kind considered here while preserving its utility for research purposes [4]. In general there is an inverse relationship between the difficulty of of mapping logged addresses and applications to actual real-world counterparts, and the usefulness of the log information for various purposes.…”

Section: Privacy and Securitymentioning

confidence: 99%

Instrumenting home networks

Calvert

Edwards

Feamster

et al. 2010

Proceedings of the 2010 ACM SIGCOMM Workshop on Home Networks

View full text Add to dashboard Cite

In managing and troubleshooting home networks, one of the challenges is in knowing what is actually happening. Availability of a record of events that occurred on the home network before trouble appeared would go a long way toward addressing that challenge. In this position/work-in-progress paper, we consider requirements for a general-purpose logging facility for home networks. Such a facility, if properly designed, would potentially have other uses. We describe several such uses and discuss requirements to be considered in the design of a logging platform that would be widely supported and accepted. We also report on our initial experience deploying such a facility.

show abstract

The role of network trace anonymization under attack

Cited by 55 publications

References 17 publications

A privacy-aware access control model for distributed network monitoring

A privacy-aware access control model for distributed network monitoring

IP Flow Anonymization Support

Instrumenting home networks

Contact Info

Product

Resources

About