Changes between Initial Version and Version 1 of TraceAnon


Ignore:
Timestamp:
02/27/07 14:52:52 (14 years ago)
Author:
spa1
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TraceAnon

    v1 v1  
     1{{{traceanon}}} is a libtrace tool that anonymises the IP addresses found in the IP and ICMP headers of packets within a trace. It will also updates the checksums of packets inside the TCP and UDP headers.
     2
     3=== Usage ===
     4{{{traceanon [ -s | --encrypt-source ] [ -d | --encrypt-dest ] [ -p prefix | --prefix=prefix ] [ -c key | --cryptopan=key ] sourceuri desturi}}}
     5
     6=== Options ===
     7 {{{-s, --encrypt-source}}}::
     8   Encrypt source IP addresses.
     9 {{{-d, --encrypt-dest}}}::
     10   Encrypt destination IP addresses.
     11 {{{-p, --prefix}}}::
     12   Substitute the high bits of the IP addresses with the provided prefix
     13 {{{-c, --cryptopan}}}::
     14   Anonymise IPs using the cryptopan method using the provided key
     15
     16=== Applications ===
     17==== Anonymising traces using cryptopan ====
     18{{{
     19traceanon -sd -c "I like bears" erf:unanonymised.erf.gz erf:anonymised.erf.gz
     20}}}
     21
     22==== Anonymising traces using prefix substitution ====
     23{{{
     24traceanon -sd -p 192.168.0.0/16 erf:unanonymised.erf.gz erf:anonymised.erf.gz
     25}}}
     26
     27=== Details ===
     28==== Prefix substitution ====
     29Prefix substitution is the simpler of the two anonymisation schemes. It works by replacing the prefix of the IP addresses in the trace with the prefix provided on the
     30command line. Obviously, this can result in multiple different IP addresses in the original trace becoming the same IP address in the anonymised trace. As a result, prefix substitution is only useful in certain circumstances and using cryptopan encryption is recommended for regular anonymisation.
     31
     32==== Cryptopan encryption ====
     33Cryptopan is a prefix preserving encryption scheme based on AES. Under cryptopan, every IP address will map to a unique new IP address and IP addresses within the same subnet will share the same encrypted prefix. Generally, cryptopan is the anonymisation scheme that should be used with traceanon. Cryptopan encryption requires an encryption key that may be up to 32 bytes long and will be padded with NULLs. The same encryption key will produce the same mappings of real IPs to encrypted IPs.
     34
     35==== Checksum Update ====
     36In addition to IP anonymisation, {{{traceanon}}} also updates the checksums within the TCP and UDP headers to be correct once the IP addresses have been replaced with their anonymised counterparts.
     37
     38=== Notes ===
     39 * The output trace format does not have to match the input formats, e.g.
     40{{{
     41traceanon pcapfile:unanonymised.pcap.gz erf:anon.erf.gz
     42}}}
     43   will work. There is also no requirement for the input traces to all be of the same format either. These properties hold true for all libtrace applications, although format header information can be lost converting from one format to another, e.g. pcap headers have no space to store the ERF rxerror variable.
     44 * IP addresses within ARP packets are currently not anonymised - this may be added in a future version of libtrace.
     45 * Currently, we do not support anonymising IP addresses based on packet direction - this may be added in a future version of libtrace.