• Corpus ID: 13002461

kIP: a Measured Approach to IPv6 Address Anonymization

@article{Plonka2017kIPAM,
  title={kIP: a Measured Approach to IPv6 Address Anonymization},
  author={David Plonka and Arthur W. Berger},
  journal={ArXiv},
  year={2017},
  volume={abs/1707.03900}
}
Privacy-minded Internet service operators anonymize IPv6 addresses by truncating them to a fixed length, perhaps due to long-standing use of this technique with IPv4 and a belief that it's "good enough." We claim that simple anonymization by truncation is suspect since it does not entail privacy guarantees nor does it take into account some common address assignment practices observed today. To investigate, with standard activity logs as input, we develop a counting method to determine a lower… 

Figures and Tables from this paper

Measured Approaches to IPv6 Address Anonymization and Identity Association
TLDR
This paper proposes IPv6-specific approaches to address anonymization and address association identification as preferred practices in coordinated attack response and invites community feedback.
Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists
TLDR
It is shown that addresses in IPv6 hitlists are heavily clustered, and a rigorous method to detect aliased prefixes is developed, which identifies 1.5 % of the authors' prefixes as aliased, pertaining to about half of the target addresses.
Fast IPv6 Network Periphery Discovery and Security Implications
TLDR
The research results indicate that the security community should revisit IPv6 network strategies immediately and XMap, a fast network scanner, is developed to find the periphery, and the flawed implementations of IPv6 routing protocol affecting 5.8M router devices are presented.
DynamIPs: analyzing address assignment practices in IPv4 and IPv6
TLDR
This work takes a first step towards understanding the dynamics of IPv6 address assignments in various networks around the world and how they relate to IPv4 dynamics, using data collected from over 3,000 RIPE Atlas probes in dual-stack networks.
A Look at the ECS Behavior of DNS Resolvers
TLDR
A range of erroneous and detrimental behaviors are found that may unnecessarily erode client privacy, reduce the effectiveness of DNS caching, diminish ECS benefits, and in some cases turn ECS from facilitator into an obstacle to authoritative DNS servers' ability to optimize user-to-edge-server mappings.
In the IP of the Beholder: Strategies for Active IPv6 Topology Discovery
TLDR
This work develops a different approach to Internet-wide IPv6 topology mapping, and adopts randomized probing techniques in order to distribute probing load, minimize the effects of rate limiting, and probe at higher rates.
Semantics-Preserving Encryption for Computer Networking Related Data Types
TLDR
This paper presents tuneable semantics-preserving encryption methods that may be applied to common computer networking related data types such as IPv4, IPv6, and MAC addresses.
Measuring Cookies and Web Privacy in a Post-GDPR World
In response, the European Union has adopted the General Data Protection Regulation (GDPR), a legislative framework for data protection empowering individuals to control their data. Since its adoption
Evaluating Network Security Using Internet-wide Measurements
TLDR
ZMapv6 and goscanner are developed to make Internet-scale measurements in the IPv6 Internet feasible and HTTPS security techniques, the amplification potential of BACnet devices, and the security of IPMI devices are analyzed.
...
1
2
...

References

SHOWING 1-10 OF 13 REFERENCES
Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression
TLDR
The concept of minimal generalization is introduced, which captures the property of the release process not to distort the data more than needed to achieve k-anonymity, and possible preference policies to choose among diierent minimal generalizations are illustrated.
Temporal and Spatial Classification of Active IPv6 Addresses
TLDR
This work performs a year-long passive measurement study, analyzing the IPv6 addresses gleaned from activity logs for all clients accessing a global CDN, and presents measurement and classification results numerically and visually that provide details on IPv6 address use and structure in global operation across the past year.
Privacy Extensions for Stateless Address Autoconfiguration in IPv6
TLDR
An extension to IPv6 stateless address autoconfiguration for interfaces whose interface identifier is derived from an IEEE identifier is described, causing nodes to generate global-scope addresses from interface identifiers that change over time, even in cases where the interface contains an embedded IEEE identifier.
Beyond Counting: New Perspectives on the Active IPv4 Address Space
In this study, we report on techniques and analyses that enable us to capture Internet-wide activity at individual IP address-level granularity by relying on server logs of a large commercial content
Network Reconnaissance in IPv6 Networks
TLDR
This document formally obsoletes RFC 5157, which first discussed this assumption, by providing further analysis on how traditional address- scanning techniques apply to IPv6 networks and exploring some additional techniques that can be employed for IPv6 network reconnaissance.
Aguri: An Aggregation-Based Traffic Profiler
TLDR
This work proposes a technique to preferentially drop packets from aggregates whose volume is more than the fairshare, and demonstrates its ability to protect the network from DoS attacks and to provide rough fairness among aggregates.
Privacy Considerations for Internet Protocols
TLDR
This document offers guidance for developing privacy considerations for inclusion in protocol specifications, and suggests that whether any individual RFC warrants a specific privacy considerations section will depend on the document's content.
Analysis of the 64-bit Boundary in IPv6 Addressing
The IPv6 unicast addressing format includes a separation between the prefix used to route packets to a subnet and the interface identifier used to specify a given interface connected to that subnet.
Issues and Recommendations with Multiple Stateful DHCPv6 Options
TLDR
The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) specification defined two stateful options, IA_NA and IA_TA, but did not anticipate the development of additional statefuloptions, so RFCs 3315 and 3633 are updated.
...
1
2
...