⍺-MON: Anonymized Passive Traffic Monitoring

Presenter: Thomas Favale
Monday, October 19th, 2020 17:30
Location: Microsoft Teams – click here to join

Thomas Favale: ⍺-MON: Anonymized Passive Traffic Monitoring

Packet measurements are essential for several applications, such as cyber-security, accounting and troubleshooting. They, however, threaten privacy by exposing sensitive informa- tion. Anonymization has been the answer to this challenge, i.e., replacing sensitive information by obfuscated copies. Anonymization of packet traces, however, comes with some drawbacks. First, it reduces the value of data. Second, it requires to consider diverse protocols because information may leak from many non-encrypted fields. Third, it must be performed at high speeds directly at the monitor, to prevent private data from leaking, calling for real-time solutions. We present α-MON, a flexible tool for privacy-preserving packet monitoring. It replicates input packet streams to different consumers while anonymizing values according to flexible policies that cover all protocol layers. Beside classic anonymization mechanisms such as IP address obfuscation, α-MON supports α-anonymization, a novel solution to obfuscate values that can be uniquely traced back to limited sets of users. Differently from classic anonymization approaches, α-anonymity works on a streaming fashion, with zero delay, operating at high-speed links on a packet-by-packet basis. We evaluate α-MON performance using packet traces collected from an ISP network. Results show that it enables α-anonymity in real-time. α-MON is available to the community as an open-source project.

Biography: Thomas Favale comes from Brindisi and was born on April 1st, 1994. He got his Master Degree in Computer Engineering, specializing in the network branch, in 2019 at Politecnico di Torino. From May 2019 he started the Ph.D. at Politecnico di Torino under the supervision of Professor Marco Mellia, joining the Interdepartmental Centre for Smart Data. His research interests focus on traffic anonymization.