-
7/24/2019 SIN 0909 Henke
1/13
1
TU BerlinDepartment Next Generation Networks
Protecting user privacy with multi-fel anonymisation o!
"Paresses
1#$#%$# ' Taganrog ' ("N )on!erence
)arsten (chmoll* Nikolaos )hat+is* )hristian ,enke
-
7/24/2019 SIN 0909 Henke
2/13
&
TU BerlinDepartment Next Generation Networks
Nee !or Trace Data
Network esearch
Tra.c Profling
/ault 0anagement an Network 0aintenance
Tra.c ngineering
(23 4aliation
3ccounting
(ecurity
(haring o! ata i.cult
legislation* security* competitive avantage
-
7/24/2019 SIN 0909 Henke
3/13
5
TU BerlinDepartment Next Generation Networks
3nonymisation Trae-67
Trae-o7
Disclosure o! Private Data vs$ Utility o! the Trace
Utility epens on application 8 privacy isclosure not
-
7/24/2019 SIN 0909 Henke
4/13
9
TU BerlinDepartment Next Generation Networks
)urrent "P 3ress 3nonymisation
"P 3ress ientifes an en-host :iniviual;
"P 3ress 3nonymisation 3lgorithms
Black 0arker - "P 3ress emoval
Prefx Truncation
Pseuonym instea o! "P 3ress
)onsecutive mapping
anomi+e 0apping,ash over 3ress :opt$ with see;
Prefx-Preserving 3nonymisation
-
7/24/2019 SIN 0909 Henke
5/13
Brugger#9? 8
-
7/24/2019 SIN 0909 Henke
10/13
1#
TU BerlinDepartment Next Generation Networks
7ect on 3ttack Detection 3lgorithms
Pro=ing
4ertical :port; scan etecta=le * hori+ontal :host; scan not
etecta=lea!ter anonymisation
Do(
)ra!te packets etecta=le with DP" as usual
Do( =y Fooing only i! 1-to-1 attack in progress
0alware
3ctivity etecta=le only i! tra.c attacks are 1-to-1
Penetrations
emote userIroot access an cache poisoning etection not
a7ecte
-
7/24/2019 SIN 0909 Henke
11/13
11
TU BerlinDepartment Next Generation Networks
)ritical )onsieration
6ur 3lgorithms cannot =e use !or general purpose
2eaks private in!ormation :we iscusse only "P aressesas
ientifers;
may not =e use!ul !or your application :purpose =ase
anonymisation =etter; But provies a stronger protection than
pseuonym
anonymisation
-
7/24/2019 SIN 0909 Henke
12/13
1&
TU BerlinDepartment Next Generation Networks
)onclusion
Presente the relation profle =ase eanonymisation attack
Propose new "P aress anonymisation algorithm
(tronger than toays pseuonymisation algorithms
utility evaluation =ase on network intrusion etection tra.c
characteristics Traces still inclue via=le in!ormation
Utility epens on network attack scenario
-
7/24/2019 SIN 0909 Henke
13/13
15
TU BerlinDepartment Next Generation Networks
Thank you Questions?
c.henketuberlin.de
carsten.schmollfokus.fraunhofer.de
nikolaos.chatzisfokus.fraunhofer.de
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]
