[rssac-caucus] FOR REVIEW: Harmonizing the Anonymization of Queries to the Root

Wessels, Duane dwessels at verisign.com
Wed Feb 14 23:17:05 UTC 2018 

I was really curious how the different proposed techniques compared to each other in the way that they scramble/anonymize source IP addresses.  So I took a pcap file of DNS traffic and ran it through each algorithm, then visualized the output as a hilbert-curve heatmap.  I ran each algorithm 10 times to see how it changes depending on the secret/key.

I asked Wes to create a github repository in the rssac-caucus account and I've uploaded the results here:

https://github.com/rssac-caucus/anonymization-harmonization/tree/master/heatmaps

The PNG images are quite large (4096x4096) so you may need to download and/or zoom in to see some of the detail.  Maybe this will be helpful for others and I'm happy to answer any questions about it.

DW



> On Feb 13, 2018, at 2:59 PM, Wessels, Duane via rssac-caucus <rssac-caucus at icann.org> wrote:
> 
> Andrew,
> 
> Thank you and the work party for this document.  I think it will prove to be useful.
> 
> I'm attaching a copy of the doc with my comments.
> 
> In addition I would really like to see some kind of summary (table perhaps) that presents the following for the various techniques:
> 
> - advantages / disadvantages
> - cryptographic strength (I realize this could be difficult since not all are well-studied at this point).
> - efficiency (i.e. CPU time to anonymize some amount of (DITL) data).
> - whether or not "decryption with the same key" is a property of the technique
> - known implementations
> 
> Also I would like to better understand if the different techniques have any different cryptographic properties when there is at least one known true -> anonymized mapping.  I think we should assume it is trivial for a consumer of the anonymized data to inject beacon queries that would enable them to know the anonymized value of a specific source IP.
> 
> DW
> 
> 
> 
> 
> 
> 
> > On Feb 13, 2018, at 5:19 AM, Andrew Mcconachie <andrew.mcconachie at icann.org> wrote:
> > 
> > Dear RSSAC Caucus Members,
> > 
> > On behalf of the RSSAC Caucus Work Party on Harmonization of Anonymization Procedures for Data Collecting, please find Harmonizing the Anonymization of Queries to the Root v1 attached.
> > 
> > Please send your comments and/or additions to the list by February 27th, 2018. Depending on the volume of comments received the work party may then decide to create a new version or forward v1 to the RSSAC for a vote on publication.
> > 
> > Thanks,
> > Andrew
> > 
> > 
> > <RSSAC0XX_Harmonizating_Anonymization_Queries_Root_v1.docx>
> > <RSSAC0XX_Harmonizating_Anonymization_Queries_Root_v1.pdf>
> > _______________________________________________
> > rssac-caucus mailing list
> > rssac-caucus at icann.org
> > https://mm.icann.org/mailman/listinfo/rssac-caucus
> 
> <RSSAC0XX_Harmonizating_Anonymization_Queries_Root_v1_DW.docx>_______________________________________________
> rssac-caucus mailing list
> rssac-caucus at icann.org
> https://mm.icann.org/mailman/listinfo/rssac-caucus

More information about the rssac-caucus mailing list