ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Protecting privacy with protocol stack virtualization
Full text PdfPdf (377 KB)
Source
Conference on Computer and Communications Security archive
Proceedings of the 7th ACM workshop on Privacy in the electronic society table of contents
Alexandria, Virginia, USA
SESSION: Data privacy table of contents
Pages 65-74  
Year of Publication: 2008
ISBN:978-1-60558-289-4
Authors
Janne Lindqvist  Helsinki University of Technology, Espoo, Finland
Juha-Matti Tapio  Helsinki University of Technology, Espoo, Finland
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 9,   Downloads (12 Months): 152,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1456403.1456416
What is a DOI?

ABSTRACT

Previously proposed host-based privacy protection mechanisms use pseudorandom or disposable identifiers on some or all layers of the protocol stack. These approaches either require changes to all hosts participating in the communication or do not provide privacy for the whole protocol stack or the system. Building on previous work, we propose a relatively simple approach: protocol stack virtualization. The key idea is to provide isolation for traffic sent to the network. The granularity of the isolation can be, for example, flow or process based. With process based granularity, every application uses a distinct identifier space on all layers of the protocol stack. This approach does not need any infrastructure support from the network and requires only minor changes to the single host that implements the privacy protection mechanism. To show that no changes to typical applications are required, we implemented the protocol stack virtualization as a user space daemon and tested it with various legacy applications.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Martín Abadi , Cédric Fournet, Private authentication, Theoretical Computer Science, v.322 n.3, p.427-476, 6 September 2004  [doi>10.1016/j.tcs.2003.12.023]
2
William Aiello , Steven M. Bellovin , Matt Blaze , Ran Canetti , John Ioannidis , Angelos D. Keromytis , Omer Reingold, Just fast keying: Key agreement in a hostile internet, ACM Transactions on Information and System Security (TISSEC), v.7 n.2, p.242-273, May 2004  [doi>10.1145/996943.996946]
 
3
J. Arkko, P. Nikander, and M. N0slund. Enhancing Privacy with Shared Pseudo Random Sequences (preliminary version). In Security Protocols, 13rd International Workshop, Apr. 2005.
 
4
Tuomas Aura , Janne Lindqvist , Michael Roe , Anish Mohammed, Chattering Laptops, Proceedings of the 8th international symposium on Privacy Enhancing Technologies, p.167-186, July 23-25, 2008, Leuven, Belgium  [doi>10.1007/978-3-540-70630-4_11]
 
5
T. Aura, M. Roe, and S. J. Murdoch. Securing Network Location Awareness with Authenticated DHCP. In 3rd International Conference on Security and Privacy in Communication Networks (SecureComm), Sept. 2007.
 
6
T. Aura and A. Zugenmaier. Privacy, Control and Internet Mobility. In Security Protocols, 12th International Workshop, Apr. 2004.
7
Paul Barham , Boris Dragovic , Keir Fraser , Steven Hand , Tim Harris , Alex Ho , Rolf Neugebauer , Ian Pratt , Andrew Warfield, Xen and the art of virtualization, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
8
David L. Chaum, Untraceable electronic mail, return addresses, and digital pseudonyms, Communications of the ACM, v.24 n.2, p.84-90, Feb. 1981  [doi>10.1145/358549.358563]
 
9
R. Dingledine and N. Mathewson. Anonymity Loves Company: Usability and the Network Effect. In Workshop on the Economics of Information Security, June 2006.
 
10
Roger Dingledine , Nick Mathewson , Paul Syverson, Tor: the second-generation onion router, Proceedings of the 13th conference on USENIX Security Symposium, p.21-21, August 09-13, 2004, San Diego, CA
 
11
N. Droux, S. Tripathi, and K. Belgaied. Crossbow: Network virtualization and resource control. http://www.usenix.org/events/usenix07/posters/droux.pdf.
 
12
Jason Franklin , Damon McCoy , Parisa Tabriz , Vicentiu Neagoe , Jamie Van Randwyk , Douglas Sicker, Passive data link layer 802.11 wireless device driver fingerprinting, Proceedings of the 15th conference on USENIX Security Symposium, July 31-August 04, 2006, Vancouver, B.C., Canada
13
Tal Garfinkel , Ben Pfaff , Jim Chow , Mendel Rosenblum , Dan Boneh, Terra: a virtual machine-based platform for trusted computing, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
 
14
R. Gerdes, T. Daniels, M. Mina, and S. Russell. Device identification via analog signal fingerprinting: A matched filter approach. In Network and Distributed System Security Symposium (NDSS), Feb. 2006.
 
15
Peter M. Gleitz , Steven M. Bellovin, Transient addressing for related processes: improved firewalling by using IPV6 and multiple addresses per host, Proceedings of the 10th conference on USENIX Security Symposium, p.8-8, August 13-17, 2001, Washington, D.C.
 
16
J. A. Goguen and J. Meseguer. Security policies and security models. In IEEE Symposium on Research in Security and Privacy, Apr. 1982.
 
17
David M. Goldschlag , Michael G. Reed , Paul F. Syverson, Hiding Routing Information, Proceedings of the First International Workshop on Information Hiding, p.137-150, May 30-June 01, 1996
 
18
Marco Gruteser , Dirk Grunwald, Enhancing location privacy in wireless LAN through disposable interface identifiers: a quantitative analysis, Mobile Networks and Applications, v.10 n.3, p.315-325, June 2005  [doi>10.1007/s11036-005-6425-1]
 
19
S. Guha and P. Francis. Identity Trail: Covert Surveillance Using DNS. In Workshop on Privacy Enhancing Technologies (PET), June 2007.
 
20
Mark Handley , Vern Paxson , Christian Kreibich, Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics, Proceedings of the 10th conference on USENIX Security Symposium, p.9-9, August 13-17, 2001, Washington, D.C.
 
21
Sotiris Ioannidis , Stelios Sidiroglou , Angelos D. Keromytis, Privacy as an operating system service, Proceedings of the 1st USENIX Workshop on Hot Topics in Security, p.8-8, July 31, 2006, Vancouver, B.C., Canada
 
22
T. Jiang, H. J. Wang, and Y.-C. Hu. Location privacy in wireless networks. In MobiSys, June 2007.
 
23
S. Katti, J. Cohen, and D. Katabi. Information Slicing: Anonymity Using Unreliable Overlays. In NSDI, Apr. 2007.
 
24
Tadayoshi Kohno , Andre Broido , K. C. Claffy, Remote Physical Device Fingerprinting, IEEE Transactions on Dependable and Secure Computing, v.2 n.2, p.93-108, April 2005  [doi>10.1109/TDSC.2005.26]
25
Janne Lindqvist , Laura Takkinen, Privacy management for secure mobility, Proceedings of the 5th ACM workshop on Privacy in electronic society, October 30-30, 2006, Alexandria, Virginia, USA  [doi>10.1145/1179601.1179612]
 
26
Aravind Menon , Alan L. Cox , Willy Zwaenepoel, Optimizing network virtualization in Xen, Proceedings of the annual conference on USENIX '06 Annual Technical Conference, p.2-2, May 30-June 03, 2006, Boston, MA
27
Steven J. Murdoch, Hot or not: revealing hidden services by their clock skew, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA  [doi>10.1145/1180405.1180410]
28
Andrew C. Myers , Barbara Liskov, Protecting privacy using the decentralized label model, ACM Transactions on Software Engineering and Methodology (TOSEM), v.9 n.4, p.410-442, Oct. 2000  [doi>10.1145/363516.363526]
 
29
T. Narten, R. Draves, and S. Krishnan. RFC 4941: Privacy Extensions for Stateless Address Autoconfiguration in IPv6, Sept. 2007. Status: Draft Standard.
 
30
Nmap. http://www.insecure.org/nmap/.
31
Jeffrey Pang , Ben Greenstein , Ramakrishna Gummadi , Srinivasan Seshan , David Wetherall, 802.11 user fingerprinting, Proceedings of the 13th annual ACM international conference on Mobile computing and networking, September 09-14, 2007, Montréal, Québec, Canada  [doi>10.1145/1287853.1287866]
 
32
J. Peterson, A Privacy Mechanism for the Session Initiation Protocol (SIP), RFC Editor, 2002
 
33
Planetlab. https://www.planet-lab.org/.
34
Michael K. Reiter , Aviel D. Rubin, Crowds: anonymity for Web transactions, ACM Transactions on Information and System Security (TISSEC), v.1 n.1, p.66-92, Nov. 1998  [doi>10.1145/290163.290168]
 
35
J. Rosenberg , H. Schulzrinne , G. Camarillo , A. Johnston , J. Peterson , R. Sparks , M. Handley , E. Schooler, SIP: Session Initiation Protocol, RFC Editor, 2002
36
Umesh Shankar , Chris Karlof, Doppelganger: Better browser privacy without the bother, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA  [doi>10.1145/1180405.1180426]
 
37
P. Srisuresh , K. Egevang, Traditional IP Network Address Translator (Traditional NAT), RFC Editor, 2001
 
38
G. Su and J. Nieh. Mobile communication with virtual network address translation. CUCS--003--02, Columbia University Department of Computer Science, Feb. 2002.
 
39
S. Thomson, T. Narten, and T. Jinmei. RFC 4862: IPv6 Stateless Address Autoconfiguration, Sept. 2007. Status: Draft Standard.
 
40
VMware. http://www.vmware.com.
 
41
David Watson , Matthew Smart , G. Robert Malan , Farnam Jahanian, Protocol scrubbing: network security through transparent flow modification, IEEE/ACM Transactions on Networking (TON), v.12 n.2, p.261-273, April 2004  [doi>10.1109/TNET.2003.822645]
 
42
A. R. Yumerefendi, B. Mickle, and L. P. Cox. TightLip: Keeping Applications from Spilling the Beans. In NSDI, Apr. 2007.
 
43
K. Zetter. Rogue nodes turn tor anonymizer into eavesdropper's paradise. Wired, Sept. 2007.

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.5 Local and Wide-Area Networks
          Subjects: Internet (e.g., TCP/IP)

Additional Classification:
  K. Computing Milieux
  K.4 COMPUTERS AND SOCIETY
      K.4.1 Public Policy Issues
          Subjects: Privacy


General Terms:
Design, Experimentation, Security


Keywords:
privacy, protocol stack virtualization, pseudonymity

Collaborative Colleagues:
Janne Lindqvist: colleagues
Juha-Matti Tapio: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player