Introducing: cryptopan for Argus

[John Gerth]

Great news! I've been a cryptopan fan for many years and have used it for sharing data.
The prefix-preserving nature of the algorithm is critical for analysis

John Gerth      gerth at graphics.stanford.edu  Gates 378   (650) 725-3273

On 4/9/15 10:42 PM, dsp wrote:
> Hello list :)
> 
> Thanks for developing Argus, it is a tool that we extensively use in our lab (CSU netsec).
> This patch introduces cryptopan anonymization for ranonymize.
> cryptopan[1] is a prefix preserving anonymization scheme for IPs found in traces.
> The implementation i'm providing is BSD licensed so anyone that wants to use it can do so.
> 
> some implementation notes:
>   a) now you can run ranonymize -r infile -M cpankey:123456789012345678901234567890ab 
>      this will initialize cryptopan. cryptopan requires the key to be 32bytes in length.
>   b) for now i placed the cryptopan code under lib/ . it might not be the right place
>   c) ranonymize (correct me if i'm wrong) was not anonymizing ipv6 addresses. in cryptopan mode
>      it does. (i would appreciate further testing in ipv6 traces)
>   d) if no cpan key is provided then the standard anon logic is used.
>   e) i also plan to provide support for deanonymizing a trace with knoweledge of the correct key.
>   f) cryptopan's repo is: http://git.netsec.colostate.edu/?p=cryptopan.git;a=summary
>   h) i have tested this patch on Linux and OpenBSD. other supported platforms should be tested
>   h1) i'm adding some -lpthread LDFLAGS. they allow cleaner building on OpenBSD and have no effect on linux
>   h2) i really despise autotools so sorry for not conforming to it on cryptopan/.
>   j) in cryptopan mode i'm measuring a 30% speed increase. this is expected since we don't hash.
> 
> Thanks so much to carter@ for answering all my silly questions and maintaining this great tool :)
> 
> attaching the patch instead of inlining cause it's quite huge.
> 
> [1]http://www.cc.gatech.edu/computing/Telecomm/projects/cryptopan/
>