[dns-operations] IP address encryption: pseudonymization
James Stevens
James.Stevens at jrcs.co.uk
Mon Feb 12 16:39:29 UTC 2018
> Given sufficient traces and logs, the “personality” of an IP address
> becomes apparent.
This is a tricky issue as, in many ways, its the purpose of the exercise
- to spot patterns that (for example) indicate malware infection.
So, no matter how you anonymise the data, if there is a 1:1 mapping of
original IP to anonymised IP, then the characteristics of the client can
be identified.
But if there isn't a 1:1 mapping a lot of the possible analysis options
are lost.
One thought - would it help to anonymise IPv4 into IPv6 addresses, but
in a way that makes them still identifiable as originally IPv4?
More information about the dns-operations
mailing list