me measu sured approa oaches s to ip ipv6 ad addres ess
play

Me Measu sured Approa oaches s to IP IPv6 Ad Addres ess An - PowerPoint PPT Presentation

Oct 18, 2023 •406 likes •1.01k views

Me Measu sured Approa oaches s to IP IPv6 Ad Addres ess An Anonym ymiz izatio ion an and Id Iden entit ity As y Associa ciatio ion CARIS2 Workshop Cambridge, MA, 1 Mar 2019 David Plonka

  1. Me Measu sured Approa oaches s to IP IPv6 Ad Addres ess An Anonym ymiz izatio ion an and Id Iden entit ity As y Associa ciatio ion CARIS2 Workshop – Cambridge, MA, 1 Mar 2019 David Plonka <plonka@akamai.com|dave@plonka.us> & Arthur Berger “kI kIP: : a Measured Approach to IPv6 Address Anonymization” (p (pre-pr print) https://arxiv.org/abs/1707.03900 “In “In th the IP e IP of of th the B e Beh ehol older er: S Str trateg egies f es for or A Acti tive T e Top opol olog ogy D Disc scover ery” ( ” (IM IMC 2018) 2018) https://arxiv.org/abs/1805.11308

  2. Premise: an intersection of Privacy and Security IPv6 poses (at least) two challenges in facets of coordinated attack response: 1. Sharing IP address-related info while respecting victim and even potential/candidate attacker’s privacy. 2. Mitigating abuse by dropping or rate-limiting only traffic associated with an attackers’ (or victims’) identities. Meeting these challenges depends on knowledge - or on assumptions - about IP address identities, typically in the form of a public, globally-routed IP address prefix – the Identity Associations (or IAs) – of the victimized or attacking parties. What is a best practice for anonymization of these identities? Can the identity association be reliably determined, remotely? 2

  3. IP Address Anonymization and Identity Association Today we’ll consider: • Truncation and/or aggregation-based anonymization i.e., for sharing network identifiers for attack response or, generally, in traffic data, e.g., correlating with network topology, routing, service providers, and geographic locations. • Nascent IPv6 topology discovery results and implications for determining associated identify i.e., for sharing topology information for attack response e.g., anonymization and identity association involving router addresses. 3

  4. IP Address Anonymization and Identity Association Consider these questions: • How can passive and active Internet measurements inform decisions about address anonymization and identity association? 4

  5. IP Address Anonymization and Identity Association Consider these questions: • How can passive and active Internet measurements inform decisions about address anonymization and identity association? • Is there reason to believe that any one IP prefix length would perform satisfactorily for either? 5

  6. IP Address Anonymization and Identity Association We consider these questions: • How can passive and active Internet measurements inform decisions about address anonymization and identity association? • Is there reason to believe that any one IP prefix length would perform satisfactorily for either? • In the face of attack, when, where, and how should IP addresses be de- aggregated or coalesced to effectively associate them with victims or attackers? 6

  7. Background: IPv4 Address Anonymization by aggregation 10.0.42.31 1 10.0.42.24 1 10.0.42.30 1 10.0.42.10 1 10.0.42.25 1 10.0.42.22 1 10.0.42.16 1 10.0.42.6 1 10.0.42.4 1 10.0.42.17 1 10.0.42.17 1 10.0.42.21 1 10.0.42.9 1 10.0.42.8 1 10.0.42.20 1 10.0.42.19 1 10.0.42.29 1 10.0.42.3 1 10.0.42.26 1 10.0.42.14 1 10.0.42.11 1 10.0.42.1 1 10.0.42.15 1 10.0.42.27 1 10.0.42.13 1 10.0.42.7 1 10.0.42.0 1 10.0.42.12 1 10.0.42.28 1 10.0.42.2 1 10.0.42.23 1 7 10.0.42.5 1

  8. Background: IPv4 Address Anonymization by aggregation to a fixed length 10.0.42.31 1 10.0.42.24 1 10.0.42.30 1 10.0.42.10 1 10.0.42.25 1 10.0.42.22 1 10.0.42.16 1 10.0.42.6 1 10.0.42.4 1 10.0.42.17 1 10.0.42.17 1 10.0.42.21 1 10.0.42.9 1 10.0.42.8 1 10.0.42.0/27 32 10.0.42.20 1 10.0.42.19 1 10.0.42.29 1 10.0.42.3 1 10.0.42.26 1 10.0.42.14 1 10.0.42.11 1 10.0.42.1 1 10.0.42.15 1 10.0.42.27 1 10.0.42.13 1 10.0.42.7 1 10.0.42.0 1 10.0.42.12 1 10.0.42.28 1 10.0.42.2 1 10.0.42.23 1 8 10.0.42.5 1

  9. IP Address Anonymization • Truncation-based anonymization is ideal if, and only if, it can be guaranteed to improve privacy. We propose k IP anonymization, i.e., make an individual appear indistinguishable amongst a set of [ k ] individuals [https://en.wikipedia.org/wiki/K-anonymity, RFC 6973: “Privacy Considerations for Internet Protocols”] 9

  10. k IP: a measurement-based approach… 1. Temporal & Spatial Address Classification See “kIP: a Measured Approach to IPv6 Address Anonymization” Slides/video: https://trac.ietf.org/trac/irtf/wiki/map 2. Address Activity Matrix Analysis: estimating a lower bound on simultaneously assigned addresses 3. Anonymous Aggregate (Prefix) Synthesis : then perform longest-prefix match to produce results 10

  11. Step 2. Address Activity Matrix Analysis Related Work: IPv4 Address Activity Matrix introduced in “Beyond Counting …”, MAPRG Meeting July 2016 11 Beyond Counting: New Perspectives on the Active IPv4 Address Space (Richter et al. IMC 2016): https://arxiv.org/abs/1606.00360

  12. Related Work: IPv4 Address Activity Matrix 12 Beyond Counting: New Perspectives on the Active IPv4 Address Space (Richter et al. IMC 2016): https://arxiv.org/abs/1606.00360

  13. Related Work: IPv4 Address Activity Matrix 13 Beyond Counting: New Perspectives on the Active IPv4 Address Space (Richter et al. IMC 2016): https://arxiv.org/abs/1606.00360

  14. IPv6 Address Activity Matrix 0 1 2 012345678901234567890123 20010db823000a00117ae091b2bdca65 67 0d |-------+-------+--##--- 20010db823000a0021ad6d24641a1314 68 0d |--#----+-------+------- 20010db823000a003454ae0d20a0df4d 68 0d |-------+--#----+------- 20010db823000a004974fa8b465d4c2a 68 0d |-------+-------+#---#-- 20010db823000a00503ca91dbe009a63 68 0d |-------##-###--+------- 20010db823000a0068678a645417e731 70 0d |-------+---##--+------- 20010db823000a006d35ee11ec45f658 70 0d |-------+-------+#------ 20010db823000a007070a7fc47d502ba 70 0d |------#+-------+------- 20010db823000a007554b66aa9839665 70 0d |-------+--#----+------- 20010db823000a0079391bd6fec285bb 70 0d |-------+------#+------- 20010db823000a007ccc39777c76bdef 70 0d |-------+-------+---#--- 20010db823000a00890b1f0d14e20ccb 67 0d |-------+----#--+------- 20010db823000a00a0fc1e1848aaeb2e 67 0d |-------+---#---#------- 20010db823000a00f9309833f8c53926 74 0d |-------+----#--#------- 20010db823000a00f94dfcec6b8ed61f 74 0d |-------#-------+------- 20010db823000a00fd2850fe844583e7 70 0d |--#----+-------+------- 20010db823000a00 16 Temporary SLAAC: 100.00% stable: 0.00% legend: # = activity counted during the given hour 14

  15. IPv6 Address Activity Matrix 0 1 2 012345678901234567890123 20010db823000a00117ae091b2bdca65 67 0d |-------+-------+--##--- 20010db823000a0021ad6d24641a1314 68 0d |--#----+-------+------- 20010db823000a003454ae0d20a0df4d 68 0d |-------+--#----+------- 20010db823000a004974fa8b465d4c2a 68 0d |-------+-------+#---#-- 20010db823000a00503ca91dbe009a63 68 0d |-------##-###--+------- 20010db823000a0068678a645417e731 70 0d |-------+---##--+------- 20010db823000a006d35ee11ec45f658 70 0d |-------+-------+#------ 20010db823000a007070a7fc47d502ba 70 0d |------#+-------+------- 20010db823000a007554b66aa9839665 70 0d |-------+--#----+------- 20010db823000a0079391bd6fec285bb 70 0d |-------+------#+------- 20010db823000a007ccc39777c76bdef 70 0d |-------+-------+---#--- 20010db823000a00890b1f0d14e20ccb 67 0d |-------+----#--+------- 20010db823000a00a0fc1e1848aaeb2e 67 0d |-------+---#---#------- 20010db823000a00f9309833f8c53926 74 0d |-------+----#--#------- 20010db823000a00f94dfcec6b8ed61f 74 0d |-------#-------+------- 20010db823000a00fd2850fe844583e7 70 0d |--#----+-------+------- 20010db823000a00 16 Temporary SLAAC: 100.00% stable: 0.00% /64 prefix legend: # = activity counted during the given hour 15

  16. IPv6 Address Activity Matrix 0 1 2 012345678901234567890123 20010db823000a00117ae091b2bdca65 67 0d |-------+-------+--##--- 20010db823000a0021ad6d24641a1314 68 0d |--#----+-------+------- 20010db823000a003454ae0d20a0df4d 68 0d |-------+--#----+------- 20010db823000a004974fa8b465d4c2a 68 0d |-------+-------+#---#-- 20010db823000a00503ca91dbe009a63 68 0d |-------##-###--+------- 20010db823000a0068678a645417e731 70 0d |-------+---##--+------- 20010db823000a006d35ee11ec45f658 70 0d |-------+-------+#------ 20010db823000a007070a7fc47d502ba 70 0d |------#+-------+------- 20010db823000a007554b66aa9839665 70 0d |-------+--#----+------- 20010db823000a0079391bd6fec285bb 70 0d |-------+------#+------- 20010db823000a007ccc39777c76bdef 70 0d |-------+-------+---#--- 20010db823000a00890b1f0d14e20ccb 67 0d |-------+----#--+------- 20010db823000a00a0fc1e1848aaeb2e 67 0d |-------+---#---#------- 20010db823000a00f9309833f8c53926 74 0d |-------+----#--#------- 20010db823000a00f94dfcec6b8ed61f 74 0d |-------#-------+------- 20010db823000a00fd2850fe844583e7 70 0d |--#----+-------+------- 20010db823000a00 16 Temporary SLAAC: 100.00% stable: 0.00% /64 prefix IID legend: # = activity counted during the given hour 16

Recommend

k IP IP: a Measured Approach ch to IPv6 Ad Addres ess An Anon onymiz ization ion MAPRG

k IP IP: a Measured Approach ch to IPv6 Ad Addres ess An Anon onymiz ization ion MAPRG

k IP IP: a Measured Approach ch to IPv6 Ad Addres ess An Anon onymiz ization ion MAPRG Meeting Prague, July 20, 2017 David Plonka &lt;plonka@akamai.com&gt; kI kIP: : a Me Measured Approach to IPv6 Address Anonymizati tion

873 views • 64 slides
IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

Outline IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer Science and IPv6 Autoconfiguration Institute of Communications Engineering National Tsing Hua University jcchen@cs.nthu.edu.tw

783 views • 11 slides
Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6 Global allocations by RIR APNIC 337 21% RIPENCC 737 45% ARIN 438 LACNIC AFRINIC 27% 87 37 5% 2% Unit: IPv6 pref i x 3 IPv6

603 views • 24 slides
IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6 Ready Logo Goal 2001-Present: Conformance and Interoperability test program intended to increase user confidence and promote IPv6 deployment.

403 views • 11 slides
IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already

IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already

IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already Here Monash IPv6 Progress Addressing End Systems Monitoring Network Address Usage Traffic Monitoring Problems IPv6 is Coming

779 views • 41 slides
Nov Novel Appr Approaches oaches to to ID ID Te Testing Usi Using NGS NGS Based Based

Nov Novel Appr Approaches oaches to to ID ID Te Testing Usi Using NGS NGS Based Based

Nov Novel Appr Approaches oaches to to ID ID Te Testing Usi Using NGS NGS Based Based Metagenom nomics cs Robert Schlaberg, MD, MPH Disclosures Commercial Interest What was Received For What Role Roche Diagnostics Honorarium Advisor

522 views • 51 slides
Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA &lt;keiichi@iijlab.net&gt; IIJ Research Laboratory / WIDE project Contents IPv6 service in Japan How I live Example of IPv6 configuration Some news of IPv6

653 views • 16 slides
Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A =

617 views • 20 slides
IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6 Deployment WG Chair Takashi Arano (Intec NetCore, Inc.) IPv6 Deployment Guideline solves barriers for deployment I cant see IPv6s

319 views • 7 slides
Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6

Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6

Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A =

556 views • 20 slides
Addr Addres essing t g the Ga he Gap: p: Identi tifying Varyin ing Le Levels of s of Pro

Addr Addres essing t g the Ga he Gap: p: Identi tifying Varyin ing Le Levels of s of Pro

Addr Addres essing t g the Ga he Gap: p: Identi tifying Varyin ing Le Levels of s of Pro ro-En Envi viron onmental al B Beha ehavi viour in t the e Cana nadian P Popu opulation MATTHEW HEW P PERKS, M MA SOCIOL OLOG

224 views • 19 slides
A Disrete Approa h to Mo del Gene Regulatory Net w orks and the Use of F ormal

A Disrete Approa h to Mo del Gene Regulatory Net w orks and the Use of F ormal

A Disrete Approa h to Mo del Gene Regulatory Net w orks and the Use of F ormal Logi to Prop ose New W et Exp erimen ts Gilles Bernot Univ ersit y of Nie sophia antipolis , I3S lab oratory A kno wledgmen ts

694 views • 24 slides
Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com When will IPv6-only deployment happen? Hypothesis 1 1st node is All IPv4 nodes dual-stack speak also IPv6 IPv4-only IPv4 &amp; IPv6 IPv6-only

675 views • 25 slides
Taking the Scared Ou Out of t of School hool Strategies ies to Addres ess Anxiety

Taking the Scared Ou Out of t of School hool Strategies ies to Addres ess Anxiety

Taking the Scared Ou Out of t of School hool Strategies ies to Addres ess Anxiety ety- based d Absent nteeism eeism Teresa Miller, LLPC Forest Hills Public Schools, Grand Rapids Community College Donna Secor Pennington, LMSW

575 views • 43 slides
Best Pr Best Practice actice Appr pproac oaches hes in the in the New Econo New Economy my

Best Pr Best Practice actice Appr pproac oaches hes in the in the New Econo New Economy my

Best Pr Best Practice actice Appr pproac oaches hes in the in the New Econo New Economy my Dave Ivan 1 Michigan State University Webinar Agenda Review research approach; Discuss findings and community examples; Discuss

928 views • 55 slides
IPv6 Introduction by Harald Welte &lt;laforge@rfc2460.org&gt; IPv6 Introduction What? Why?

IPv6 Introduction by Harald Welte &lt;laforge@rfc2460.org&gt; IPv6 Introduction What? Why?

IPv6 Introduction by Harald Welte &lt;laforge@rfc2460.org&gt; IPv6 Introduction What? Why? What is IPv6? Successor of currently used IP Version 4 Specified 1995 in RFC 2460 Why? Address space in IPv4 too small Routing tables too large

476 views • 19 slides
1 IPv6 Packet Format IPv6 Packet Format 40 Byte minimum 0 8 16 31 Mandatory fields

1 IPv6 Packet Format IPv6 Packet Format 40 Byte minimum 0 8 16 31 Mandatory fields

IPv6 IPv6, MPLS History Next generation IP (AKA IPng) Intended to extend address space and routing limitations of IPv4 Requires header change Attempted to include everything new in one change IETF moderated Based

506 views • 5 slides
Internet Protocol Version 6 (IPv6): North American IPv6 Summit April 10, 2012 Steven Pirzchalski

Internet Protocol Version 6 (IPv6): North American IPv6 Summit April 10, 2012 Steven Pirzchalski

Department of Veterans Affairs Internet Protocol Version 6 (IPv6): North American IPv6 Summit April 10, 2012 Steven Pirzchalski Director, Enterprise Transport Services VA IPv6 Transition Manager Outreach Chair, Federal IPv6 Task Force Major

382 views • 13 slides
DrK DrK: Brea eaking Ker ernel el Addres ess Space e La Layout ut Ra Rando ndomi

DrK DrK: Brea eaking Ker ernel el Addres ess Space e La Layout ut Ra Rando ndomi

DrK DrK: Brea eaking Ker ernel el Addres ess Space e La Layout ut Ra Rando ndomi mization n wi with h In Intel el TSX Yeongjin Jang, Sangho Lee, and Taesoo Kim Georgia Institute of Technology, August 3, 2016 1 KA KASLR: A A P

875 views • 70 slides
IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and

IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and

IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and ISP networks) Joel Jaeggli Nokia This talk is focused on the issues faced by network operators in deploying IPV6 Most of these observations are

548 views • 50 slides
I.I.S CARLO LEVI The e school ol is is an institute with h va varius studys addres ess. .

I.I.S CARLO LEVI The e school ol is is an institute with h va varius studys addres ess. .

I.I.S CARLO LEVI The e school ol is is an institute with h va varius studys addres ess. . It It is is located ed in Portici, a city near Naples es. The e school ol have ve three ee scientific labora ratori ories es, , one is

893 views • 4 slides
IPv6 IPv6 IIJ IPv6 Home Networks and IPv6 Appliances Progress and Potential Moderator Kazu

IPv6 IPv6 IIJ IPv6 Home Networks and IPv6 Appliances Progress and Potential Moderator Kazu

IPv6 IPv6 IIJ IPv6 Home Networks and IPv6 Appliances Progress and Potential Moderator Kazu Yamamoto, IIJ

338 views • 9 slides
Measu easuri ring What Mat atters: : KPI PIs for Data Quality, Cost st, and Sp Speed

Measu easuri ring What Mat atters: : KPI PIs for Data Quality, Cost st, and Sp Speed

Measu easuri ring What Mat atters: : KPI PIs for Data Quality, Cost st, and Sp Speed Panelists: Smita Asare , Executive Director, I-SPY Trials Operations at Quantum Leap Healthcare Collaborative Iris Castro, MPH, CCRP , Clinical Project

835 views • 19 slides
Latest est measu asureme rements ts of LGAD D dio iodes fabric ricated ted at IMB-CN

Latest est measu asureme rements ts of LGAD D dio iodes fabric ricated ted at IMB-CN

Genova, February 26-28, 2014 9 th Trento Workshop on Advanced Silicon Radiation Detectors Latest est measu asureme rements ts of LGAD D dio iodes fabric ricated ted at IMB-CN CNM Vir irgin inia ia Greco eco - IMB-CNM

429 views • 21 slides

More recommend