More Web Proxy on the site http://driver.im/

research-article

The role of network trace anonymization under attack

Authors:

Martin Burkhart,

Dominik Schatzmann,

Brian Trammell,

Bernhard PlattnerAuthors Info & Claims

ACM SIGCOMM Computer Communication Review, Volume 40, Issue 1

Pages 5 - 11

https://doi.org/10.1145/1672308.1672310

Published: 07 January 2010 Publication History

Abstract

In recent years, academic literature has analyzed many attacks on network trace anonymization techniques. These attacks usually correlate external information with anonymized data and successfully de-anonymize objects with distinctive signatures. However, analyses of these attacks still underestimate the real risk of publishing anonymized data, as the most powerful attack against anonymization is traffic injection. We demonstrate that performing live traffic injection attacks against anonymization on a backbone network is not difficult, and that potential countermeasures against these attacks, such as traffic aggregation, randomization or field generalization, are not particularly effective. We then discuss tradeoffs of the attacker and defender in the so-called injection attack space. An asymmetry in the attack space significantly increases the chance of a successful de-anonymization through lengthening the injected traffic pattern. This leads us to re-examine the role of network data anonymization. We recommend a unified approach to data sharing, which uses anonymization as a part of a technical, legal, and social approach to data protection in the research and operations communities.

References

[1]

Directive 95/46/EC of the European Parliament and of the Council. OJ L 281, 23.11.1995, p. 31, October 1995.

[2]

M. Allman and V. Paxson. Issues and etiquette concerning use of shared measurement data. In ACM SIGCOMM conference on Internet measurement (IMC), 2007.

Digital Library

[3]

J. Bethencourt, J. Franklin, and M. Vernon. Mapping internet sensors with probe response attacks. In USENIX Security Symposium, 2005.

Digital Library

[4]

E. Boschi. Legal requirements and issues in network traffic data protection. In ACM Workshop on Network Data Anonymization (NDA), 2008.

Digital Library

[5]

T. Brekne and A. Årnes. Circumventing IP-address pseudonymization. In IASTED International Conference on Communications and Computer Networks, 2005.

[6]

T. Brekne, A. Årnes, and A. Øslebø. Anonymization of IP traffic data: Attacks on two prefix-preserving anonymization schemes and some proposed remedies. In Workshop on Privacy Enhancing Technologies, 2005.

Digital Library

[7]

M. Burkhart, D. Brauckhoff, M. May, and E. Boschi. The Risk-Utility Tradeoff for IP Address Truncation. In ACM Workshop on Network Data Anonymization (NDA), 2008.

Digital Library

[8]

A. Burstein. An Uneasy Relationship: Cyber Security Information Sharing, Communications Privacy, and the Boundaries of the Firm. In Workshop on the Economics of Information Security (WEIS), 2007.

[9]

S. Cabuk, C.E. Brodley, and C. Shields. IP covert timing channels: design and detection. In ACM conference on Computer and communications security (CCS), 2004.

Digital Library

[10]

S. Coull, C. Wright, A. Keromytis, F. Monrose, and M. Reiter. Taming the devil: Techniques for evaluating anonymized network data. In Network and Distributed System Security Symposium (NDSS), 2008.

[11]

S. Coull, C. Wright, F. Monrose, M. Collins, and M.K. Reiter. Playing devil's advocate: Inferring sensitive information from anonymized network traces. In Network and Distributed System Security Symposium (NDSS), 2007.

[12]

D. Dietrich. Bogons and bogon filtering. In 33rd meeting of the North American Network Operator's Group (NANOG 33), Feb. 2005.

[13]

J. Fan, J. Xu, M.H. Ammar, and S.B. Moon. Prefix-preserving IP address anonymization. Comput. Networks, 46(2):253--272, 2004.

Digital Library

[14]

M. Foukarakis, D. Antoniades, S. Antonatos, and E. Markatos. Flexible and High-Performance Anonymization of NetFlow Records using Anontool. In SECURECOMM Conference, 2007.

[15]

kc claffy. A Day in the Life of the Internet: Proposed community-wide experiment. ACM SIGCOMM Computer Communications Review, 36(5):39--40, Oct. 2006.

Digital Library

[16]

J. King, K. Lakkaraju, and A. Slagell. A taxonomy and adversarial model for attacks against network log anonymization. In ACM symposium on Applied Computing (SAC), 2009.

Digital Library

[17]

D. Koukis, S. Antonatos, and K.G. Anagnostakis. On the privacy risks of publishing anonymized IP network traces. In Communications and Multimedia Security, 2006.

Digital Library

[18]

J. Mirkovic. Privacy-safe network trace sharing via secure queries. In ACM Workshop on Network Data Anonymization (NDA), 2008.

Digital Library

[19]

P. Ohm. The rise and fall of invasive ISP surveillance. University of Illinois Law Review, 2009(5).

[20]

R. Pang, M. Allman, V. Paxson, and J. Lee. The devil and packet trace anonymization. ACM SIGCOMM Computer Communications Review, 36(1):29--38, 2006.

Digital Library

[21]

R. Pang and V. Paxson. A high-level programming environment for packet trace anonymization and transformation. In ACM SIGCOMM, 2003.

Digital Library

[22]

B. Ribeiro, W. Chen, G. Miklau, and D. Towsley. Analyzing privacy in enterprise packet trace anonymization. In Network and Distributed System Security Symposium (NDSS), 2008.

[23]

D. Sauter. Invasion of Privacy Using Fingerprinting Attacks. Master Thesis MA-2008-22, ETH Zurich, 2009.

[24]

V. Shmatikov and M.-H. Wang. Security against probe-response attacks in collaborative intrusion detection. In Workshop on Large scale attack defense (LSAD), 2007.

Digital Library

[25]

A. Slagell, K. Lakkaraju, and K. Luo. FLAIM: A Multi-level Anonymization Framework for Computer and Network Logs. In USENIX Large Installation System Administration Conference (LISA), 2006.

Digital Library

[26]

A. Slagell and W. Yurcik. Sharing computer network logs for security and privacy: A motivation for new methodologies of anonymization. In Workshop on the Value of Security through Collaboration (SECOVAL), 2005.

[27]

L. Sweeney. k-anonymity: A model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10(5):557--570, 2002.

Digital Library

Cited By

Xenakis ANourin SChen ZKarabatis GAleroud AAmarsingh J(2023)A Self-adaptive and Secure Approach to Share Network Trace DataDigital Threats: Research and Practice10.1145/36171814:4(1-20)Online publication date: 20-Oct-2023
https://dl.acm.org/doi/10.1145/3617181
De Keersmaeker FCao YNdonda GSadre R(2023)A Survey of Public IoT Datasets for Network Security ResearchIEEE Communications Surveys & Tutorials10.1109/COMST.2023.328894225:3(1808-1840)Online publication date: 1-Jul-2023
https://dl.acm.org/doi/10.1109/COMST.2023.3288942
Sundberg SGarcia JBrunstrom A(2023)Characterizing Wireless Link Throughput with eBPF and Hardware Timestamps2023 IEEE 28th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD)10.1109/CAMAD59638.2023.10478419(302-308)Online publication date: 6-Nov-2023
https://doi.org/10.1109/CAMAD59638.2023.10478419
Show More Cited By

Index Terms

The role of network trace anonymization under attack
1. Networks
  1. Network services

Recommendations

Preserving Both Privacy and Utility in Network Trace Anonymization
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

As network security monitoring grows more sophisticated, there is an increasing need for outsourcing such tasks to third-party analysts. However, organizations are usually reluctant to share their network traces due to privacy concerns over sensitive ...
Side-Channel Attacks on Query-Based Data Anonymization
CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

A longstanding problem in computer privacy is that of data anonymization. One common approach is to present a query interface to analysts, and anonymize on a query-by-query basis. In practice, this approach often uses a standard database back end, and ...
An evolutionary feature set decomposition based anonymization for classification workloads: Privacy Preserving Data Mining

Privacy has become an important concern while publishing micro data about a population. The emerging area called privacy preserving data mining (PPDM) focus on individual privacy without compromising data mining results. An adversarial exploitation of ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGCOMM Computer Communication Review

ACM SIGCOMM Computer Communication Review Volume 40, Issue 1

January 2010

128 pages

ISSN:0146-4833

DOI:10.1145/1672308

Issue’s Table of Contents

Copyright © 2010 Authors.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 January 2010

Published in SIGCOMM-CCR Volume 40, Issue 1

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

62
Total Citations
View Citations
751
Total Downloads

Downloads (Last 12 months)21
Downloads (Last 6 weeks)3

Reflects downloads up to 15 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Xenakis ANourin SChen ZKarabatis GAleroud AAmarsingh J(2023)A Self-adaptive and Secure Approach to Share Network Trace DataDigital Threats: Research and Practice10.1145/36171814:4(1-20)Online publication date: 20-Oct-2023
https://dl.acm.org/doi/10.1145/3617181
De Keersmaeker FCao YNdonda GSadre R(2023)A Survey of Public IoT Datasets for Network Security ResearchIEEE Communications Surveys & Tutorials10.1109/COMST.2023.328894225:3(1808-1840)Online publication date: 1-Jul-2023
https://dl.acm.org/doi/10.1109/COMST.2023.3288942
Sundberg SGarcia JBrunstrom A(2023)Characterizing Wireless Link Throughput with eBPF and Hardware Timestamps2023 IEEE 28th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD)10.1109/CAMAD59638.2023.10478419(302-308)Online publication date: 6-Nov-2023
https://doi.org/10.1109/CAMAD59638.2023.10478419
Mohammady MOqaily MWang LHong YLouafi HPourzandi MDebbabi M(2021)A Multi-view Approach to Preserve Privacy and Utility in Network Trace AnonymizationACM Transactions on Privacy and Security10.1145/343973224:3(1-36)Online publication date: 9-Feb-2021
https://dl.acm.org/doi/10.1145/3439732
Wang XHuang RYang CMao S(2021)Smartphone Sonar-Based Contact-Free Respiration Rate MonitoringACM Transactions on Computing for Healthcare10.1145/34368222:2(1-26)Online publication date: 9-Feb-2021
https://dl.acm.org/doi/10.1145/3436822
Chen DWang JRuan WNi QHelal S(2021)Enabling Cost-Effective Population Health Monitoring By Exploiting Spatiotemporal CorrelationACM Transactions on Computing for Healthcare10.1145/34286652:2(1-19)Online publication date: 4-Jan-2021
https://dl.acm.org/doi/10.1145/3428665
Akbari AGrimsley RJafari R(2021)Data-driven Context Detection Leveraging Passively Sensed Nearables for Recognizing Complex Activities of Daily LivingACM Transactions on Computing for Healthcare10.1145/34286642:2(1-22)Online publication date: 4-Jan-2021
https://dl.acm.org/doi/10.1145/3428664
Aleroud AYang FPallaprolu SChen ZKarabatis G(2021)Anonymization of Network Traces Data through Condensation-based Differential PrivacyDigital Threats: Research and Practice10.1145/34254012:4(1-23)Online publication date: 15-Oct-2021
https://dl.acm.org/doi/10.1145/3425401
Xie SMohammady MWang HWang LVaidya JHong Y(2021)A Generalized Framework for Preserving Both Privacy and Utility in Data OutsourcingIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2021.3078099(1-1)Online publication date: 2021
https://doi.org/10.1109/TKDE.2021.3078099
Li PHuang LWang CLai JHuang D(2020)Community Detection by Motif-Aware Label PropagationACM Transactions on Knowledge Discovery from Data10.1145/337853714:2(1-19)Online publication date: 9-Feb-2020
https://dl.acm.org/doi/10.1145/3378537
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents