Anonymization Tools Taxonomy
Subcategory: Anonymization
Anonymization tools and methods have become particularly important as they provide cricital infrastructure
for pursuing solutions to some of the top problems of the Internet.
| URL: | http://www.ics.forth.gr/dcs/Activities/Projects/anontool.html |
| Contact: | mfukar at ics.forth.gr and antonat at ics.forth.gr |
| Overview: |
AnonTool provides an open-source implementation of the Anonymization API developed by Distributed Computing Systems Laboratory
at the Institute of Computer Science (ICS) of the Foundation for Research and Technology -- Hellas (FORTH). Developed and
tested on Debian Linux, the package provides command-line tools for accomplishing prefix-preserving anonymization of TCP and
UDP packets as well as Netflow traces from Cisco routers in tcpdump format.
|
| URL: | http://security.ncsa.uiuc.edu/distribution/CanineDownLoad.html |
| Contact: | Katherine Luo (xluo1@ncsa.uiuc.edu) or Yifan Li (yifan@ncsa.uiuc.edu) or Bill Yurcik (byurcik@ncsa.uiuc.edu) or Adam J Slagell (slagell@ncsa.uiuc.edu) |
| Overview: |
CANINE addresses the issue of anonymization of multiple incompatible NetFlow formats. It acts as converter amongst various
NetFlow formats as well as an anonymizer of the embedded data.
|
| URL: | https://www.caida.org/tools/measurement/coralreef/ |
| Contact: | coral-info@caida.org |
| Overview: |
CoralReef is a comprehensive software suite developed by CAIDA to collect and analyze data from passive Internet traffic monitors, in real time or from trace files. Realtime monitoring support includes system network interfaces (via libpcap), FreeBSD drivers for Apptel POINT (OC12 and OC3 ATM) and FORE ATM (OC3 ATM) cards, and support for Linux and FreeBSD drivers for Endace DAG (POS and ATM) cards. The package also includes programming APIs for C and perl, and applications for capture, analysis, and web report generation.
|
| URL: | http://www.cc.gatech.edu/computing/Networking/projects/cryptopan/ |
| Contact: | Jinliang Fan <jlfan@cc.gatech.edu> |
| Overview: |
Crypto-PAn is a cyrptography-based sanitization
library that contains panonymizer.cpp, the C++ implentation of the
prefix-preserving IP anonymizer using the Rijndael cipher(now AES)
as its pseudorandom function. Crypto-PAn maintains one-to-one mappings of original
to anonymized IP addresses, maintains consistency across multiple traces through
the use of secret cryptographic keys.
|
| URL: | http://www.cc.gatech.edu/computing/Networking/projects/cryptopan/lucent.shtml |
| Overview: |
This version claims several improvements over the original Crypto-PAn:
- improved randomness
- improved performance, using OpenSSL
- three levels of anonymization can be stored compactly, with access
controlled through keys:
with no keys, only the random permution is available;
with one key, the prefix-preserving permution is also available;
with two keys, the original address can be recovered.
|
| URL: | http://flaim.ncsa.uiuc.edu/ |
| Contact: | Adam Slagell |
| Overview: |
FLAIM is a general framework, created to support the anonymization of heterogeneous logs to multiple levels.
Its main contributions are to provide (1) the anonymization
engine containing a broad set of anonymization algorithms for various datatypes, (2) the XML based policy engine which
validates and parses users' XML policies against a variety of schemas (we incorporate Relax NG, Schematron, XML and XSLT
technologies here), and (3) a simple yet strict API governing how parsing modules (loaded dynamically at run-time) can pass
records back and forth with FLAIM's anonymization engine.
|
| URL: | http://search.cpan.org/dist/IP-Anonymous/ |
| Contact: | John Kristoff <jtk@northwestern.edu> |
| Overview: |
IP::Anonymous, a Perl module port of Crypto-PAn, originally designed and implemented in C++ by Jinliang Fan.
The package accomplishes one-to-one mapping from original IP addresses to anonymized IP addresses, preserves prefixes, provides
consistency across traces, and uses cryptographic methods to preserve secrecy. The module reuires the Crypt::Rijndael Perl
package, an XS-based implementation of the Advanced Encryption Standard (AES) algorithm Rijndael by Joan Daemen and Vincent Rijmen.
|
| URL: | http://www.cs.ucla.edu/~kohler/ipsumdump/ |
| Contact: | Eddie Kohler |
| Overview: |
The ipsumdump program summarizes TCP/IP dump files into a self-describing ASCII format easily readable by humans and programs.
Ipsumdump can read packets from network interfaces, from tcpdump files, and from existing ipsumdump files. It will transparently uncompress tcpdump or ipsumdump files when necessary. It can randomly sample traffic, filter traffic based on its contents, anonymize IP addresses, and sort packets from multiple dumps by timestamp. Also, it can optionally create a tcpdump file containing actual packet data.
|
| URL: | http://nfdump.sourceforge.net/ |
| Contact: | Peter Haag |
| Overview: |
NFDUMP provides a suite of tools that support netflow v5, v7, and v9 including: nfcapd - netflow capture daemon, nfdump -
netflow dump, nfprofile - netflow profiler, nfreplay - netflow replay, nfclean.pl - cleanup old data, and ft2nfdump - Read and
convert flow-tools data.
The goal of the design is to able to analyze netflow data from the past as well as to track interesting traffic patterns
continuously. The amount of time back in the past is limited only by the disk space available for all the netflow data. The
tools are optimized for speed for efficient filtering. The filter rules look familiar to the syntax of tcpdump ( pcap like ).
|
| URL: | http://scrub-tcpdump.sourceforge.net/ |
| Overview: | SCRUB-tcpdump is a set of functions that are used to anonymize a
packetflow trace in libpcap or tcpdump format so that it can be used to
collaborate or release without jeapordizing the anonymity of the network
represented by the capture flow. SCRUB-tcpdump allows the user to
select from a variety of options for anonymizing fields like the ports, IP
addresses, time-stamps, transport protocols, flags, options, etc. For more
information on how to download and use SCRUB-tcpdump see our Download page. If you
would like to see the results of studies about SCRUB-tcpdump and its
impacts and uses in security analysis, please see Papers and read
about it there.
|
| URL: | http://www.ing.unibs.it/ntw/tools/ |
| Contact: | Francesco Gringoli (francesco.gringoli@ing.unibs.it) |
| Overview: |
tcpanon is a TCP trace anonymizer written in Python. Referring to the TCP/IP stack, what's new is the capability to work at level 7: the TCP stream of each flow in a traffic trace is first interpreted and reassembled at the application layer. Then, sensitive information, according to the rules set in a configuration file, are either erased or camouflaged. The current version works with some of the most common "clear text" protocols: HTTP, SMTP, POP3, IMAP4, FTP, FTP-data, but it can be easily extended to other protocols.
|
| URL: | http://ita.ee.lbl.gov/html/contrib/tcpdpriv.html |
| Contact: | Greg Minshall |
| Overview: |
Tcpdpriv is program for eliminating confidential information from packets collected on a network interface (or, from trace files created using the -w argument to tcpdump).
|
| URL: | http://brewformulas.org/Tcpurify |
| Contact: | Ethan Blanton |
| Overview: |
TCPurify is a packet sniffer/capture program similar to tcpdump, but with much reduced functionality. What sets TCPurify apart from other, similar programs is its focus on privacy. TCPurify is designed from the ground up to protect the privacy of users on the sniffed network as much as possible.
In order to accomplish this goal, TCPurify truncates almost all packets immediately after the last recognized header (IP or Ethernet), removing all data payload before storing the packet. (There are some notable exceptions, such as ICMP packets, chargen, daytime, etc. Some of these protocols are left in because they are useful for security auditing (ICMP) and others merely because they should be uninteresting) Furthermore, it has the capability of randomizing some or all IP addresses (based on the network portion of the address) to mask exactly where packets are where or to while still retaining some general idea. This randomization is reversible with the help of a one-shot generated file which is created at capture time.
|
Last Modified: Fri Dec-18-2020 21:59:46 UTC
Page URL: https://www.caida.org/tools/taxonomy/anontaxonomy.xml
![[CAIDA - Center for Applied Internet Data Analysis logo]](/images/caida_globe_faded.png "Go to CAIDA home page")
