A Fast and Secure Method for Anonymizing Packet Traffic and Call Traces

Various kinds of traffic traces, containing, e.g., packet headers, signaling messages, or authorization log-files, are needed to examine the status and performance of packet switching networks. In most cases, traces contain information that can be used identify subscribers and what kind of services they have been using. This kind of information can be usually handled only by network operator and only for certain reasons, i.e., troubleshooting and accounting. However, there is an increasing trend that many network management tasks are being outsourced and thus a method, that would allow for an external staff to monitor a public network, is needed. There have been some methods for anonymizing traffic traces but they are usually not fast enough, not suitable for on-line measurements, or not secure enough. The method proposed in this paper is based on using normal symmetric block coding encryption methods in cipher block chaining mode. The advantages of the supposed method are that it is cryptographically strong, suitable for multi-site on-line measurements and very fast. Furthermore, it supports existing hardware based encryption engines without any needs for modifications. The proposed method can be also extented to prefix-preserving IP address anonymization. This extension differs form earlier proposals by using IP address lookup to determine the real network part of the address. It is also resistant to known attacks to compromise prefix-preserving anonymization methods. Key–Words: IP address anonymization, prefix-preserving anonymization, distributed measurements