GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
IP::Anonymous(3) User Contributed Perl Documentation IP::Anonymous(3)

IP::Anonymous - Perl port of Crypto-PAn to provide anonymous IP addresses

  use IP::Anonymous;
  @key = (0..31);
  my $object = new IP::Anonymous(@key);
  print $object->anonymize("192.0.2.0")."\n";

This is a Perl port of Crypto-PAn. Crypto-PAn is a cryptography-based sanitization tool for network trace or log data. The tool has the following properties:
  • One-to-one

    The mapping from original IP addresses to anonymized IP addresses is one-to-one.

  • Prefix-preserving

    The IP address anonymization is prefix-preserving. That is, if two original IP addresses share a k-bit prefix, their anonymized mappings will also share a k-bit prefix.

  • Consistent across traces

    Multiple traces can be sanitized in a consistent way, over time and across locations, even though the traces might be sanitized separately at different time and/or at different locations.

  • Cryptography-based

    To sanitize traces, trace owners provide a secret key. Anonymization consistency across multiple traces is achieved by the use of the same key. The construction of IP::Anonymous preserves the secrecy of the key and the (pseudo)randomness of the mapping from an original IP address to its anonymized counterpart.

This Perl port of Crypto-PAn uses similar logic to that found in Crypto-PAn 1.0, but most importantly maintains consistency in the process so that regardless of implementation, using the same key in each will give consistent results.

Crypt::Rijndael - XS-based implementation of the Advanced Encryption Standard (AES) algorithm Rijndael by Joan Daemen and Vincent Rijmen.

$object = new IP::Anonymous(@key)
Initializes the electronic codebook object with a 32 8-bit decimal array. This array, consisting of 32 decimals between 0 and 255 inclusive, is the user defined private key for this anonymization session. This 256 bit key should be kept private. The key can be used across sessions to maintain consistent mappings between the original and the anonymized IP addresses.
$object->anonymize($address)
Called with a dotted quad IP address string (e.g. 192.0.2.0). Returns an anonymized version of that IP address as a dotted quad string.

The Crypt::Rijndael module as of version 0.05 contains at least one fatal flaw for users of 64-bit systems. rijndael.h specifies a 32 bit integer as an unsigned long. This works on 32-bit systems, but not 64-bit systems. This is easily circumvented by changing the definition for UINT32 from a unsigned long to an unsigned int for platforms the author has tested on.

The Crypt::Rijndael module on CPAN tested with IP::Anonymous has as it's package version number 0.05, but in the Rijndael.pm module file itself, VERSION is set to 0.04. IP::Anonymous specifies that at least 0.04 of Crypt::Rijndael is required, but the original 0.04 version has not been tested. It is presumed to work, but you should use the module whose package version number is 0.05 or later if possible.

IP::Anonymous only provides support for IPv4 addresses.

Original Crypto-PAn C++ implementation was done by Jinliang Fan. The Perl module port is by John Kristoff. Thanks to Stephen Gill for initial testing and suggesting changes in the beginning stages of the module implementation process.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

This module is based on the original Crypto-PAn project tool designed and implemented in C++ by Jinliang Fan. The Crypto-PAn project web page is located at:

http://www.cc.gatech.edu/computing/Telecomm/cryptopan/

Even though this module uses strong cryptography to anonymize IP addresses there may still be a number of avenues of attack that can be successful in discovering underlying information. For a good description of this problem see the paper The Devil and Packet Trace Anonymization by Mark Allman, et al., which can be found at:

http://www.icir.org/enterprise-tracing/papers.html

IP::Anonymous is available on the Comprehensive Perl Archive Network (CPAN) and also off the author's homepage (as of this writing) at:

http://aharp.ittns.northwestern.edu/software/

Hey! The above document had some coding errors, which are explained below:
Around line 251:
=back doesn't take any parameters, but you said =back The module author intends to maintain software signatures (PGP and/or message digest hash) on his pages to help you verify that what you have gotten elsewhere is what he expected you to have.
2005-11-09 perl v5.32.1

Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.