Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
IP::Anonymous(3)      User Contributed Perl Documentation     IP::Anonymous(3)

       IP::Anonymous - Perl port of Crypto-PAn to provide anonymous IP

	 use IP::Anonymous;
	 @key =	(0..31);
	 my $object = new IP::Anonymous(@key);
	 print $object->anonymize("")."\n";

       This is a Perl port of Crypto-PAn.  Crypto-PAn is a cryptography-based
       sanitization tool for network trace or log data.	 The tool has the
       following properties:

       o   One-to-one

	   The mapping from original IP	addresses to anonymized	IP addresses
	   is one-to-one.

       o   Prefix-preserving

	   The IP address anonymization	is prefix-preserving.  That is,	if two
	   original IP addresses share a k-bit	prefix,	their anonymized
	   mappings will also share a k-bit prefix.

       o   Consistent across traces

	   Multiple traces can be sanitized in a consistent way, over time and
	   across locations, even though the traces might be sanitized
	   separately at different time	and/or at different locations.

       o   Cryptography-based

	   To sanitize traces, trace owners provide a secret key.
	   Anonymization consistency across multiple traces is achieved	by the
	   use of the same key.	 The construction of IP::Anonymous preserves
	   the secrecy of the key and the (pseudo)randomness of	the mapping
	   from	an original IP address to its anonymized counterpart.

       This Perl port of Crypto-PAn uses similar logic to that found in
       Crypto-PAn 1.0, but most	importantly maintains consistency in the
       process so that regardless of implementation, using the same key	in
       each will give consistent results.

       Crypt::Rijndael - XS-based implementation of the	Advanced Encryption
       Standard	(AES) algorithm	Rijndael by Joan Daemen	and Vincent Rijmen.

       $object = new IP::Anonymous(@key)
	   Initializes the electronic codebook object with a 32	8-bit decimal
	   array.   This array,	consisting of 32 decimals between 0 and	255
	   inclusive, is the user defined private key for this anonymization
	   session.  This 256 bit key should be	kept private.  The key can be
	   used	across sessions	to maintain consistent mappings	between	the
	   original and	the anonymized IP addresses.

	   Called with a dotted	quad IP	address	string (e.g.
	   Returns an anonymized version of that IP address as a dotted	quad

       The Crypt::Rijndael module as of	version	0.05 contains at least one
       fatal flaw for users of 64-bit systems.	rijndael.h specifies a 32 bit
       integer as an unsigned long.  This works	on 32-bit systems, but not
       64-bit systems.	 This is easily	circumvented by	changing the
       definition for UINT32 from a unsigned long to an	unsigned int for
       platforms the author has	tested on.

       The Crypt::Rijndael module on CPAN tested with IP::Anonymous has	as
       it's package version number 0.05, but in	the	module file
       itself, VERSION is set to 0.04.	IP::Anonymous specifies	that at	least
       0.04 of Crypt::Rijndael is required, but	the original 0.04 version has
       not been	tested.	 It is presumed	to work, but you should	use the	module
       whose package version number is 0.05 or later if	possible.

       IP::Anonymous only provides support for IPv4 addresses.

       Original	Crypto-PAn C++ implementation was done by Jinliang Fan.	 The
       Perl module port	is by John Kristoff.  Thanks to	Stephen	Gill for
       initial testing and suggesting changes in the beginning stages of the
       module implementation process.

       This library is free software; you can redistribute it and/or modify it
       under the same terms as Perl itself.

       This module is based on the original Crypto-PAn project tool designed
       and implemented in C++ by Jinliang Fan.	The Crypto-PAn project web
       page is located at:

       Even though this	module uses strong cryptography	to anonymize IP
       addresses there may still be a number of	avenues	of attack that can be
       successful in discovering underlying information.  For a	good
       description of this problem see the paper The Devil and Packet Trace
       Anonymization by	Mark Allman, et	al., which can be found	at:

       IP::Anonymous is	available on the Comprehensive Perl Archive Network
       (CPAN) and also off the author's	homepage (as of	this writing) at:

       Hey! The	above document had some	coding errors, which are explained

       Around line 251:
	   =back doesn't take any parameters, but you said =back  The module
	   author intends to maintain software signatures (PGP and/or message
	   digest hash)	on his pages to	help you verify	that what you have
	   gotten elsewhere is what he expected	you to have.

perl v5.32.0			  2005-11-09		      IP::Anonymous(3)


Want to link to this manual page? Use this URL:

home | help