Introducing: cryptopan for Argus

Carter Bullard carter at qosient.com
Fri Apr 10 14:44:47 EDT 2015 

Hey Dsp,
Most excellent !!!  Very cool !!!

Just a few questions regarding integration … would you want this support
turned on automatically if the cryptopan libraries can be discovered
during the ./configure run ???

Do you expect cyptopan libraries to be installed system wide, or do you
expect users to download cryptopan into the local directory, like we 
see with flowtools libraries, etc… ??

It will take me a little time to integrate the changes into the official release.
With the patch and announcement in the mailing list, many can grab and test
before we get the next release out.

If we release 3.0.8.1 in the short term, this may not make it, but it will be
in argus-clients-3.0.9, the next developers version, which will start officially
very soon !!!

Thanks for all the hard work, its great to get these types of surprises !!!
Carter


> On Apr 10, 2015, at 1:42 AM, dsp <dsp at 2f30.org> wrote:
> 
> Hello list :)
> 
> Thanks for developing Argus, it is a tool that we extensively use in our lab (CSU netsec).
> This patch introduces cryptopan anonymization for ranonymize.
> cryptopan[1] is a prefix preserving anonymization scheme for IPs found in traces.
> The implementation i'm providing is BSD licensed so anyone that wants to use it can do so.
> 
> some implementation notes:
>  a) now you can run ranonymize -r infile -M cpankey:123456789012345678901234567890ab 
>     this will initialize cryptopan. cryptopan requires the key to be 32bytes in length.
>  b) for now i placed the cryptopan code under lib/ . it might not be the right place
>  c) ranonymize (correct me if i'm wrong) was not anonymizing ipv6 addresses. in cryptopan mode
>     it does. (i would appreciate further testing in ipv6 traces)
>  d) if no cpan key is provided then the standard anon logic is used.
>  e) i also plan to provide support for deanonymizing a trace with knoweledge of the correct key.
>  f) cryptopan's repo is: http://git.netsec.colostate.edu/?p=cryptopan.git;a=summary
>  h) i have tested this patch on Linux and OpenBSD. other supported platforms should be tested
>  h1) i'm adding some -lpthread LDFLAGS. they allow cleaner building on OpenBSD and have no effect on linux
>  h2) i really despise autotools so sorry for not conforming to it on cryptopan/.
>  j) in cryptopan mode i'm measuring a 30% speed increase. this is expected since we don't hash.
> 
> Thanks so much to carter@ for answering all my silly questions and maintaining this great tool :)
> 
> attaching the patch instead of inlining cause it's quite huge.
> 
> [1]http://www.cc.gatech.edu/computing/Telecomm/projects/cryptopan/
> <arguspatch.txt>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3563 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20150410/4008e9a8/attachment.bin>

More information about the argus mailing list