High-Speed Prefix-Preserving IP Address Anonymization for Passive Measurement Systems
Passive network measurement and packet header trace collection are vital tools for network operation and research. To protect a user's privacy, it is necessary to anonymize header fields, particularly IP addresses. To preserve the correlation between IP addresses, prefix-preserving anonymization has been proposed. The limitations of this approach for a highperformance measurement system are the need for complex cryptographic computations and potentially large amounts of memory. The authors propose a new prefix-preserving anonymization algorithm, Top-hash Subtree-replicated Anonymization (TSA), that features three novel improvements: precomputation, replicated subtrees, and top hashing.