diff options
Diffstat (limited to 'README')
| -rw-r--r-- | README | 73 |
1 files changed, 73 insertions, 0 deletions
@@ -0,0 +1,73 @@ +README + +$Id$ + +This directory contains two utilities used by LANDER project: + + http://www.isi.edu/ant/lander/ + +for removing user data from packet traces and anonymizing IP addresses +"dag_scrubber" and "scramble_ips". + +dag_scrubber - reads input packet tracefile in ERF format (produced by + DAG capture cards) and does two things. The first function is + dubbed "scrubbing" and is designed to zero out or chop off (if at + the end of the packet) all user data. "User data" is a vague term; + it's precise definition in the dag_scrubber context can be derived + from the dag_scrubber decision tree described in the accompanying + file "scrubber_decisiontree.txt". + + The second process, called "scrambling", performs cryptography-based + prefix-preserving IP address anonymization for both IPv4 and IPv6 + addresses. This algorithm was published by Jun Xu, Jinliang Fan, + Mostafa Ammar, and Sue Moon in "Prefix-Preserving IP Address + Anonymization: Measurement-based Security Evaluation and a New + Cryptography-based Scheme": + + http://www.cc.gatech.edu/computing/Telecomm/cryptopan/icnp02.ps + + This code does not derive from the Crypto-PAn package, and is an + independent implementation of the ideas described in the paper. + +scramble_ips - allows the user to scramble some known IP addresses and + find out their anonymized counterparts. This is useful, for + example, if your trace contains traffic to your server and you'd + like to know the server's address to find traffic addressed to/from + it in the scrambled trace. Note that it should be very hard to find + the reverse mapping (i.e. from scrambled to unscrambled addresses) if + the key is not available. If the key is available, the "reverse"- + mode of this tool allows to recover original addresses (-r switch). + +CHANGELOG.txt contains details about changes made to this software +package. + + +PLATFORMS + +These utilities have been tested only on x86-based platforms running +GNU-Linux. In particular, we've tested them on RedHat Entriprise +Linux AS release 3, Fedora Core 3, and Fedora Core 4. Note, that we +HAVE NOT tested this code on any big-endian machines; one potential +caveat could be related to memory acessing unaligned packet header +structures, but we have not explored this issue. We may address this +in future releases. + + +BUILDING BINARIES + + 1. Make sure you have installed PCAP and SSL libraries in + standard places. Without these libraries linking of the binaries + will fail. + 2. Run make and pray. + + +VALIDATIONS + +Sample sets of random IP addresses (both IPv4 and IPv6) have been +added to the distribution, as well as a sample keyfile. These can +be used for simple validation of the prefix-preserving properties of +the crypto-scrambling code. To run validations, type: + make validate +It may take a minute or two (especially for IPv6 addresses) to +complete, because unscrambling operations are relatively slow. + |