^ Top

NANOG Meeting Presentation Abstract

Protecting Users\' Privacy when Tracing Network Traffic
Meeting: NANOG39
Date / Time: 2007-02-05 11:15am - 11:30am
Room: Osgoode Ballroom
Presenters: Speakers:

Stefan Saroiu, Computer Science, University of Toronto

Stefan Saroiu joined the Computer Science at the University of Toronto in 2005 after a brief hiatus at Amazon.com. Stefan received his Ph.D. in 2004 from the University of Washington where he worked with Steve Gribble and Hank Levy. Stefan\'s research interests span the range from operating systems to networking and distributed systems.
Troy Ronda, Computer Science, University of Toronto.
Abstract: One of the current impediments in advancing the state of the art in Internet security research is the lack of scalable network tracing platform available to researchers. Given the complexity of today\'s attacks, packet-level tracing tools are inadequate; instead, today\'s tracing platforms must reconstruct traffic into application state and inspect it for suspicious or deviant behavior. Unfortunately, no such open-source network tracing software is available to researchers.

In our project, we are building a highly scalable, open-source network tracing platform that offers adequate privacy and anonymity guarantees to the users whose traffic is monitored. Our tracing infrastructure is reconstructing traffic across several layers, from network to the application layer. We reassemble IP fragments into IP packets, TCP segments into TCP conections, and TCP connections into HTTP transactions. To protect users\' anonymity, our platform does not store any unanonymized data in stable storage. Instead, all work (including capturing and reassembly) is done in volatile memory at line speeds.

In our presentation at NANOG, we focus on the privacy requirements for tracing the network traffic of a large Internet user population. We start by describing a list of attacks possible when collecting application-level information by network tracing. We argue that the only way to mitigate the privacy implications of all these attacks is to never store any un-anonymized data to stable storage when tracing. We then present a high-level overview of our open-source network tracing infrastructure. Our goal is to get the NANOG\'s community feedback on our anonymization and privacy protocol as well as their input in the design of our monitoring platform.
Files: youtubeProtecting Users' Privacy when Tracing Network Traffic
pdfStefan Saroiu Presentation(PDF)
Sponsors: None.

Back to NANOG39 agenda.

NANOG39 Abstracts


^ Back to Top