From: Neil Spring (nspring@cs.washington.edu)
Date: Wed Feb 14 2001 - 17:18:45 PST
I think there would be utility in being able to relate
flow endpoints by more than just their uniquely encrypted
IP addresses. There are bigger pictures out there.
I had a conversation with a colleague who is writing
tools to locate shared bottlenecks. This involves
finding network segments that are shared between flows
and correlating the behavior (latency) of those flows.
I suggested monitoring existing traffic to provide similar
measurements without introducing additional network load.
I'm explaining his work abysmally; the point is that
understanding network topology would be important for
deriving results and validating conclusions. Encrypting
IP addresses in a simple, highly anonymous way, removes
this information.
Internet routing practice is still strange and mystical to
me, so I don't know what information can be found easily,
how well such information reflects network topology, and
finally how to store such information in an anonymous
way.
However, if topology-related information can be preserved,
I'm all for it. I like having more information than I
know what to do with. In an ideal world, researchers like
us wouldn't have to have friends in the right places to
collect the information-rich trace data we need, it would
all be on MOAT's servers.
But I agree with Joerg, the tough part isn't figuring out
what infringes on privacy. Trying to find a line everyone
agrees upon where on one side, you're infringing and on
the other you aren't is probably not productive.
Christian, if you're interested in constructive feedback
on your proposal, it might help to write something up that
includes figures and post it on a web page as a postscript
or pdf document. In particular, I think I would need to
see a picture of the tree and what is stored in it to even
begin to understand.
I think it would be interesting to see how to preserve
topology or routing information in an anonymized trace,
particularly because it might help those of us who have
to beg for access to trace machines spend less time on
our knees. Although likely useful for ad-hoc tracing
efforts, I again agree with Joerg, making a new standard,
especially when there's more work for the trace machines to
do and more (routing) data to manipulate, seems ambitious
at this early state.
-neil
On Thu, Feb 15, 2001 at 12:17:05PM +1300, Joerg Micheel wrote:
> On Wed, Feb 14, 2001 at 03:03:33PM -0800, Cristian Estan wrote:
> > I understand that even if we come up with a new scheme that is as secure
> > as the old one, if the people whose networks the traces come from don't
> > feel confortable with it, the right thing is to continue using the old
> > scheme. What is not clear to me is whether the encryption I proposed, or
> > an improved variant thereof can provide the level of privacy they want.
>
> A good part of this problem is that there is noone to talk to. The systems
> get installed by computer centers at institutions, personel of which is
> sworn in to protect privacy and security by whatever rules exist locally.
> They invite us to measure their networks with the assumption that whatever
> we do at that measurement point will not degrade existing security/privacy.
>
> If you want to explore new ways of anonymization, you may potentially have
> to talk to lots of individuals to gain a common understanding of what is
> proper research here and get everyone to support this new standard. Good
> luck with that.
>
> > I think that if we can define the privacy needs clearly enough, deriving
> > a good encryption scheme that preserves the routing table (or proving
> > that we cannot make up one) will not be that difficult.
>
> So what exactly is it you are trying to achieve ? Have you thought of
> alternatives ? Remember you can always come to us with a piece of code
> that is interesting enough to be run by us for analysis.
>
> Joerg
> --
> Joerg B. Micheel Email: <joerg@cs.waikato.ac.nz>
> WAND and NLANR MOAT Email: <joerg@nlanr.net>
> The University of Waikato, CompScience Phone: +64 7 8384794
> Private Bag 3105 Fax: +64 7 8585095
> Hamilton, New Zealand Plan: PMA, TINE and the DAG's
This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 16:24:41 PDT