[dns-operations] IP address encryption: pseudonymization

James Stevens James.Stevens at jrcs.co.uk
Mon Feb 12 16:39:29 UTC 2018

> Given sufficient traces and logs, the “personality” of an IP address
 > becomes apparent.

This is a tricky issue as, in many ways, its the purpose of the exercise 
- to spot patterns that (for example) indicate malware infection.

So, no matter how you anonymise the data, if there is a 1:1 mapping of 
original IP to anonymised IP, then the characteristics of the client can 
be identified.

But if there isn't a 1:1 mapping a lot of the possible analysis options 
are lost.

One thought - would it help to anonymise IPv4 into IPv6 addresses, but 
in a way that makes them still identifiable as originally IPv4?

More information about the dns-operations mailing list