Affiliation:
1. ETH Zurich, Zurich, Switzerland
2. Hitachi Europe, Zurich, Switzerland
Abstract
In recent years, academic literature has analyzed many attacks on network trace anonymization techniques. These attacks usually correlate external information with anonymized data and successfully de-anonymize objects with distinctive signatures. However, analyses of these attacks still underestimate the real risk of publishing anonymized data, as the most powerful attack against anonymization is traffic injection. We demonstrate that performing live traffic injection attacks against anonymization on a backbone network is not difficult, and that potential countermeasures against these attacks, such as traffic aggregation, randomization or field generalization, are not particularly effective. We then discuss tradeoffs of the attacker and defender in the so-called injection attack space. An asymmetry in the attack space significantly increases the chance of a successful de-anonymization through lengthening the injected traffic pattern. This leads us to re-examine the role of network data anonymization. We recommend a unified approach to data sharing, which uses anonymization as a part of a technical, legal, and social approach to data protection in the research and operations communities.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Networks and Communications,Software
Reference27 articles.
1. Directive 95/46/EC of the European Parliament and of the Council. OJ L 281 23.11.1995 p. 31 October 1995. Directive 95/46/EC of the European Parliament and of the Council. OJ L 281 23.11.1995 p. 31 October 1995.
2. Issues and etiquette concerning use of shared measurement data
3. Legal requirements and issues in network traffic data protection
Cited by
31 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献