k ip ip a measured approach ch to ipv6 ad addres ess an
play

k IP IP: a Measured Approach ch to IPv6 Ad Addres ess An Anon - PowerPoint PPT Presentation

Nov 26, 2022 •216 likes •873 views

k IP IP: a Measured Approach ch to IPv6 Ad Addres ess An Anon onymiz ization ion MAPRG Meeting Prague, July 20, 2017 David Plonka <plonka@akamai.com> kI kIP: : a Me Measured Approach to IPv6 Address Anonymizati tion

  1. k IP IP: a Measured Approach ch to IPv6 Ad Addres ess An Anon onymiz ization ion MAPRG Meeting – Prague, July 20, 2017 David Plonka <plonka@akamai.com> “kI kIP: : a Me Measured Approach to IPv6 Address Anonymizati tion” (pre-pr print) t) https://arxiv.org/abs/1707.03900/

  2. IP Address Anonymization • Today we’ll only consider truncation and/or aggregation-based anonymization e.g., for correlating web analytics with network topology, routing, service providers, and geographic locations. 2

  3. Background: IPv4 Address Anonymization by aggregation 10.0.42.31 1 10.0.42.24 1 10.0.42.10 1 10.0.42.30 1 10.0.42.22 1 10.0.42.25 1 10.0.42.16 1 10.0.42.6 1 10.0.42.4 1 10.0.42.17 1 10.0.42.21 1 10.0.42.17 1 10.0.42.8 1 10.0.42.9 1 10.0.42.20 1 10.0.42.19 1 10.0.42.3 1 10.0.42.29 1 10.0.42.14 1 10.0.42.26 1 10.0.42.1 1 10.0.42.11 1 10.0.42.15 1 10.0.42.27 1 10.0.42.13 1 10.0.42.7 1 10.0.42.0 1 10.0.42.12 1 10.0.42.28 1 10.0.42.2 1 10.0.42.23 1 3 10.0.42.5 1

  4. Background: IPv4 Address Anonymization by aggregation to a fixed length 10.0.42.31 1 10.0.42.24 1 10.0.42.10 1 10.0.42.30 1 10.0.42.22 1 10.0.42.25 1 10.0.42.16 1 10.0.42.6 1 10.0.42.4 1 10.0.42.17 1 10.0.42.21 1 10.0.42.17 1 10.0.42.8 1 10.0.42.9 1 10.0.42.0/27 32 10.0.42.20 1 10.0.42.19 1 10.0.42.3 1 10.0.42.29 1 10.0.42.14 1 10.0.42.26 1 10.0.42.1 1 10.0.42.11 1 10.0.42.15 1 10.0.42.27 1 10.0.42.13 1 10.0.42.7 1 10.0.42.0 1 10.0.42.12 1 10.0.42.28 1 10.0.42.2 1 10.0.42.23 1 4 10.0.42.5 1

  5. IP Address Anonymization • Truncation-based anonymization is ideal if, and only if, it can be guaranteed to improve privacy. We propose k IP anonymization, i.e., make an individual appear indistinguishable amongst a set of [ k ] individuals [https://en.wikipedia.org/wiki/K-anonymity, RFC 6973: “Privacy Considerations for Internet Protocols”] 5

  6. Characteristics of the data sets Data set Active /48 Active /64 Active prefixes prefixes addresses (7 days) (7 days) (7 days) Meeting 1 3 15.4K Network EU ISP 163K 21.4M 125M JP ISP 2.46M 2.46M 72.2M US ISP 8.16K 2.42M 84.5M 6

  7. Characteristics of the data sets: no aggregation? Data set Active /48 Active /64 Active prefixes prefixes addresses (7 days) (7 days) (7 days) Meeting 1 3 15.4K Network EU ISP 163K 21.4M 125M JP ISP 2.46M 2.46M 72.2M US ISP 8.16K 2.42M 84.5M 7

  8. Characteristics of the data sets: bias? Data set Active /48 Active /64 Active prefixes prefixes addresses (7 days) (7 days) (7 days) Meeting 1 3 15.4K Network EU ISP 163K 21.4M 125M JP ISP 2.46M 2.46M 72.2M US ISP 8.16K 2.42M 84.5M 8

  9. Characteristics of the data sets: comparably sized? Data set Active /48 Active /64 Active prefixes prefixes addresses (7 days) (7 days) (7 days) Meeting 1 3 15.4K Network EU ISP 163K 21.4M 125M JP ISP 2.46M 2.46M 72.2M US ISP 8.16K 2.42M 84.5M 9

  10. Characteristics of the data sets: comparably sized? Data set Active /48 Active /64 Active prefixes prefixes addresses (7 days) (7 days) (7 days) Meeting 1 3 15.4K Network EU ISP 163K 21.4M 125M JP ISP 2.46M 2.46M 72.2M US ISP 8.16K 2.42M 84.5M 10

  11. k IP: a measurement-based approach… 1. Temporal & Spatial Address Classification : “address dendrachonology” 2. Address Activity Matrix Analysis: estimating a lower bound on simultaneously assigned addresses 3. Anonymous Aggregate (Prefix) Synthesis : then perform ongest-prefix match to produce results 11

  12. Step 1. Classification: address dendrachronology introduced in "IPv6 Prefix Intelligence,” MAPRG Meeting, April 2016 12

  13. Classification: Discarding [Personally Identifiable] Information 20010db8000e000000172cd5fa4bd6b1 75 0d 20010db8000e0000002ae748ea083efb 75 0d 20010db8000e0000005d58e18441347a 79 1d 20010db8000e0000005f1dd3864f2d03 79 0d 20010db8000e000000872ce4d7e0d16c 76 0d … (1594 more addresses) ... 20010db8000e0000fdbefa6dce8d096c 80 1d 20010db8000e0000fdbf6e62e74a33a4 80 1d 20010db8000e0000fdd4f4f54264cc52 75 0d 20010db8000e0000fdf73310ae0043da 75 2d 20010db8000e0000feedfacedeadbabe 71 3d Spatial Characteristic: Discriminating Prefix Length (DPL) 13

  14. Classification: Discarding [Personally Identifiable] Information 20010db8000e000000172cd5fa4bd6b1 75 0d 20010db8000e0000002ae748ea083efb 75 0d 20010db8000e0000005d58e18441347a 79 1d 20010db8000e0000005f1dd3864f2d03 79 0d 20010db8000e000000872ce4d7e0d16c 76 0d … (1594 more addresses) ... 20010db8000e0000fdbefa6dce8d096c 80 1d 20010db8000e0000fdbf6e62e74a33a4 80 1d 20010db8000e0000fdd4f4f54264cc52 75 0d 20010db8000e0000fdf73310ae0043da 75 2d 20010db8000e0000feedfacedeadbabe 71 3d Temporal Characteristic: Stable Days (SD) Spatial Characteristic: Discriminating Prefix Length (DPL) 14

  15. Classification: Discarding [Personally Identifiable] Information 20010db8000e000000172cd5fa4bd6b1 75 0d 20010db8000e0000002ae748ea083efb 75 0d 20010db8000e0000005d58e18441347a 79 1d 20010db8000e0000005f1dd3864f2d03 79 0d 20010db8000e000000872ce4d7e0d16c 76 0d … (1594 more addresses) ... 20010db8000e0000fdbefa6dce8d096c 80 1d 20010db8000e0000fdbf6e62e74a33a4 80 1d 20010db8000e0000fdd4f4f54264cc52 75 0d 20010db8000e0000fdf73310ae0043da 75 2d 20010db8000e0000feedfacedeadbabe 71 3d Stateless Classification: (from F. Gont’s IPv6 Toolkit) $ addr6 –a 20010db8000e0000feedfacedeadbabe unicast=global=global=randomized=unspecified 15

  16. Classification: Discarding [Personally Identifiable] Information 20010db8000e000000172cd5fa4bd6b1 75 0d 20010db8000e0000002ae748ea083efb 75 0d 20010db8000e0000005d58e18441347a 79 1d 20010db8000e0000005f1dd3864f2d03 79 0d 20010db8000e000000872ce4d7e0d16c 76 0d … (1594 more addresses) ... 20010db8000e0000fdbefa6dce8d096c 80 1d 20010db8000e0000fdbf6e62e74a33a4 80 1d 20010db8000e0000fdd4f4f54264cc52 75 0d 20010db8000e0000fdf73310ae0043da 75 2d 20010db8000e0000feedfacedeadbabe 71 3d Truncate here? 16

  17. Classification: Discarding [Personally Identifiable] Information 20010db8000e000000172cd5fa4bd6b1 75 0d 20010db8000e0000002ae748ea083efb 75 0d 20010db8000e0000005d58e18441347a 79 1d 20010db8000e0000005f1dd3864f2d03 79 0d 20010db8000e000000872ce4d7e0d16c 76 0d … (1594 more addresses) ... 20010db8000e0000fdbefa6dce8d096c 80 1d 20010db8000e0000fdbf6e62e74a33a4 80 1d 20010db8000e0000fdd4f4f54264cc52 75 0d 20010db8000e0000fdf73310ae0043da 75 2d 20010db8000e0000feedfacedeadbabe 71 3d Truncate here? Or here? 17

  18. Step 2. Address Activity Matrix Analysis 18

  19. Related Work: IPv4 Address Activity Matrix introduced in “Beyond Counting …”, MAPRG Meeting July 2016 19 Beyond Counting: New Perspectives on the Active IPv4 Address Space (Richter et al. IMC 2016): https://arxiv.org/abs/1606.00360

  20. Related Work: IPv4 Address Activity Matrix 20 Beyond Counting: New Perspectives on the Active IPv4 Address Space (Richter et al. IMC 2016): https://arxiv.org/abs/1606.00360

  21. Related Work: IPv4 Address Activity Matrix 21 Beyond Counting: New Perspectives on the Active IPv4 Address Space (Richter et al. IMC 2016): https://arxiv.org/abs/1606.00360

  22. IPv6 Address Activity Matrix 22

  23. IPv6 Address Activity Matrix 0 1 2 012345678901234567890123 20010db823000a00117ae091b2bdca65 67 0d |-------+-------+--##--- 20010db823000a0021ad6d24641a1314 68 0d |--#----+-------+------- 20010db823000a003454ae0d20a0df4d 68 0d |-------+--#----+------- 20010db823000a004974fa8b465d4c2a 68 0d |-------+-------+#---#-- 20010db823000a00503ca91dbe009a63 68 0d |-------##-###--+------- 20010db823000a0068678a645417e731 70 0d |-------+---##--+------- 20010db823000a006d35ee11ec45f658 70 0d |-------+-------+#------ 20010db823000a007070a7fc47d502ba 70 0d |------#+-------+------- 20010db823000a007554b66aa9839665 70 0d |-------+--#----+------- 20010db823000a0079391bd6fec285bb 70 0d |-------+------#+------- 20010db823000a007ccc39777c76bdef 70 0d |-------+-------+---#--- 20010db823000a00890b1f0d14e20ccb 67 0d |-------+----#--+------- 20010db823000a00a0fc1e1848aaeb2e 67 0d |-------+---#---#------- 20010db823000a00f9309833f8c53926 74 0d |-------+----#--#------- 20010db823000a00f94dfcec6b8ed61f 74 0d |-------#-------+------- 20010db823000a00fd2850fe844583e7 70 0d |--#----+-------+------- 20010db823000a00 16 Temporary SLAAC: 100.00% stable: 0.00% /64 prefix legend: # = activity counted during the given hour 23

Recommend

Me Measu sured Approa oaches s to IP IPv6 Ad Addres ess An Anonym ymiz izatio ion an

Me Measu sured Approa oaches s to IP IPv6 Ad Addres ess An Anonym ymiz izatio ion an

Me Measu sured Approa oaches s to IP IPv6 Ad Addres ess An Anonym ymiz izatio ion an and Id Iden entit ity As y Associa ciatio ion CARIS2 Workshop Cambridge, MA, 1 Mar 2019 David Plonka

1.01k views • 60 slides
IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

Outline IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer Science and IPv6 Autoconfiguration Institute of Communications Engineering National Tsing Hua University jcchen@cs.nthu.edu.tw

783 views • 11 slides
The Approach for IPv4-only users to access IPv6-only

The Approach for IPv4-only users to access IPv6-only

The Approach for IPv4-only users to access IPv6-only Content dra$-sun-behave-v4tov6-00 IETF 87-Berlin, July 2013 Chongfeng.

397 views • 11 slides
Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6 Global allocations by RIR APNIC 337 21% RIPENCC 737 45% ARIN 438 LACNIC AFRINIC 27% 87 37 5% 2% Unit: IPv6 pref i x 3 IPv6

603 views • 24 slides
IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6 Ready Logo Goal 2001-Present: Conformance and Interoperability test program intended to increase user confidence and promote IPv6 deployment.

403 views • 11 slides
IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already

IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already

IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already Here Monash IPv6 Progress Addressing End Systems Monitoring Network Address Usage Traffic Monitoring Problems IPv6 is Coming

779 views • 41 slides
Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA &lt;keiichi@iijlab.net&gt; IIJ Research Laboratory / WIDE project Contents IPv6 service in Japan How I live Example of IPv6 configuration Some news of IPv6

653 views • 16 slides
A Measured Approach to Planning for Surgeries and Procedures During the COVID-19 Pandemic MAY 8,

A Measured Approach to Planning for Surgeries and Procedures During the COVID-19 Pandemic MAY 8,

A Measured Approach to Planning for Surgeries and Procedures During the COVID-19 Pandemic MAY 8, 2020 Background On March 15, 2020, following the release of a memorandum from the Ministry of Health and then Directive #2 by the Chief

302 views • 18 slides
Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A =

617 views • 20 slides
IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6 Deployment WG Chair Takashi Arano (Intec NetCore, Inc.) IPv6 Deployment Guideline solves barriers for deployment I cant see IPv6s

319 views • 7 slides
IPv6 for Counties 31 August 2011 Craig Finseth Jan Nelson Russ Reilly Topics What is IPv6?

IPv6 for Counties 31 August 2011 Craig Finseth Jan Nelson Russ Reilly Topics What is IPv6?

IPv6 for Counties 31 August 2011 Craig Finseth Jan Nelson Russ Reilly Topics What is IPv6? Why Do It? What Exactly Needs Doing? OETs Approach OETs Accomplishments County Specifics Deployment Review Q &amp;

498 views • 21 slides
May 27, 2020 HAMILTON REOPENS Phased approach Gradual, safe and measured Focused on

May 27, 2020 HAMILTON REOPENS Phased approach Gradual, safe and measured Focused on

May 27, 2020 HAMILTON REOPENS Phased approach Gradual, safe and measured Focused on municipal facilities, services and programs Aligned with Province, but depends on conditions in Hamilton Updated regularly and will evolve 2

412 views • 24 slides
Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6

Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6

Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A =

556 views • 20 slides
Addr Addres essing t g the Ga he Gap: p: Identi tifying Varyin ing Le Levels of s of Pro

Addr Addres essing t g the Ga he Gap: p: Identi tifying Varyin ing Le Levels of s of Pro

Addr Addres essing t g the Ga he Gap: p: Identi tifying Varyin ing Le Levels of s of Pro ro-En Envi viron onmental al B Beha ehavi viour in t the e Cana nadian P Popu opulation MATTHEW HEW P PERKS, M MA SOCIOL OLOG

224 views • 19 slides
Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com When will IPv6-only deployment happen? Hypothesis 1 1st node is All IPv4 nodes dual-stack speak also IPv6 IPv4-only IPv4 &amp; IPv6 IPv6-only

675 views • 25 slides
Taking the Scared Ou Out of t of School hool Strategies ies to Addres ess Anxiety

Taking the Scared Ou Out of t of School hool Strategies ies to Addres ess Anxiety

Taking the Scared Ou Out of t of School hool Strategies ies to Addres ess Anxiety ety- based d Absent nteeism eeism Teresa Miller, LLPC Forest Hills Public Schools, Grand Rapids Community College Donna Secor Pennington, LMSW

575 views • 43 slides
IPv6 Introduction by Harald Welte &lt;laforge@rfc2460.org&gt; IPv6 Introduction What? Why?

IPv6 Introduction by Harald Welte &lt;laforge@rfc2460.org&gt; IPv6 Introduction What? Why?

IPv6 Introduction by Harald Welte &lt;laforge@rfc2460.org&gt; IPv6 Introduction What? Why? What is IPv6? Successor of currently used IP Version 4 Specified 1995 in RFC 2460 Why? Address space in IPv4 too small Routing tables too large

476 views • 19 slides
1 IPv6 Packet Format IPv6 Packet Format 40 Byte minimum 0 8 16 31 Mandatory fields

1 IPv6 Packet Format IPv6 Packet Format 40 Byte minimum 0 8 16 31 Mandatory fields

IPv6 IPv6, MPLS History Next generation IP (AKA IPng) Intended to extend address space and routing limitations of IPv4 Requires header change Attempted to include everything new in one change IETF moderated Based

506 views • 5 slides
Internet Protocol Version 6 (IPv6): North American IPv6 Summit April 10, 2012 Steven Pirzchalski

Internet Protocol Version 6 (IPv6): North American IPv6 Summit April 10, 2012 Steven Pirzchalski

Department of Veterans Affairs Internet Protocol Version 6 (IPv6): North American IPv6 Summit April 10, 2012 Steven Pirzchalski Director, Enterprise Transport Services VA IPv6 Transition Manager Outreach Chair, Federal IPv6 Task Force Major

382 views • 13 slides
DrK DrK: Brea eaking Ker ernel el Addres ess Space e La Layout ut Ra Rando ndomi

DrK DrK: Brea eaking Ker ernel el Addres ess Space e La Layout ut Ra Rando ndomi

DrK DrK: Brea eaking Ker ernel el Addres ess Space e La Layout ut Ra Rando ndomi mization n wi with h In Intel el TSX Yeongjin Jang, Sangho Lee, and Taesoo Kim Georgia Institute of Technology, August 3, 2016 1 KA KASLR: A A P

875 views • 70 slides
IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and

IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and

IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and ISP networks) Joel Jaeggli Nokia This talk is focused on the issues faced by network operators in deploying IPV6 Most of these observations are

548 views • 50 slides
I.I.S CARLO LEVI The e school ol is is an institute with h va varius studys addres ess. .

I.I.S CARLO LEVI The e school ol is is an institute with h va varius studys addres ess. .

I.I.S CARLO LEVI The e school ol is is an institute with h va varius studys addres ess. . It It is is located ed in Portici, a city near Naples es. The e school ol have ve three ee scientific labora ratori ories es, , one is

893 views • 4 slides
IPv6 IPv6 IIJ IPv6 Home Networks and IPv6 Appliances Progress and Potential Moderator Kazu

IPv6 IPv6 IIJ IPv6 Home Networks and IPv6 Appliances Progress and Potential Moderator Kazu

IPv6 IPv6 IIJ IPv6 Home Networks and IPv6 Appliances Progress and Potential Moderator Kazu Yamamoto, IIJ

338 views • 9 slides
IPv6 Addressing and IPv6 Addressing and Implementation Implementation Rodolfo Kohn Software

IPv6 Addressing and IPv6 Addressing and Implementation Implementation Rodolfo Kohn Software

IPv6 Addressing and IPv6 Addressing and Implementation Implementation Rodolfo Kohn Software Architect Intel Software de Argentina rodolfo.kohn@intel.com IPv6 - Agenda Why IPv6? No business case Different drivers IPv6 main

440 views • 28 slides

More recommend