一种IP头部标识符的隐私保护方法

doi:10.11871/jfdc.issn.2096-742X.2021.03.005

数据与计算发展前沿 ›› 2021, Vol. 3 ›› Issue (3): 48-58.

doi: 10.11871/jfdc.issn.2096-742X.2021.03.005

一种IP头部标识符的隐私保护方法

赵睿斌^1,^*(),张道德²(),杨绍亮¹(),江伟玉²()

1.国家信息中心,北京 100045
2.华为技术有限公司,北京 100095

收稿日期:2021-04-15 出版日期:2021-06-20 发布日期:2021-07-09
通讯作者: 赵睿斌
作者简介:赵睿斌,国家信息中心,高级工程师,博士,主要研究领域包括网络安全、大数据、云计算、移动互联、工控安全、数字政府、智慧城市和北斗导航等。
本文中负责总体统稿、总结IP隐私保护的科学问题。
ZHAO Ruibin, Ph.D., is a senior engineer of the National Information Center. His main research areas include network security, big data, cloud computing, mobile internet, industrial control security, digital government, smart city and Beidou navigation.
In this paper, he is responsible for the overall draft and scientific problem summary of IP privacy protection.
E-mail: zhrbdove@sic.gov.cn|张道德,华为技术有限公司2012实验室中央研究院网络技术实验室,高级工程师,博士,主要研究方向为密码学和网络安全协议析。
本文中负责IP隐私保护技术的研究内容以及案例分析。
ZHANG Daode, Ph.D., is a senior engineer of Network Tech-nology Laboratory, Central Research Institute, 2012 Laboratory, Huawei Technologies Co., Ltd.. His research interests include cryptography and network security protocol.
In this paper, he is responsible for the research content, and the case analysis for the technology of IP privacy protection.
E-mail: zhangdaode@huawei.com|杨绍亮,国家信息中心,高级工程师,主要研究方向是电子政务工程项目规划设计和建设管理。主持过40多个部委大型电子政务工程项目的咨询设计,重点主持了全国投资项目在线审批监管平台、全国信用信息共享平台、全国公共资源交易平台等多个国家级跨部门、跨地区大型综合信息化项目工程建设工作。重点牵头承担了《国家应急平台体系建设》、《京津冀综合信息化平台》、《国家开放数据平台规划》等课题研究。
本文中负责IP隐私保护技术的案例分析。
YANG Shaoliang is a senior engineer of the National Infor-mation Center. His main research direction is e-government project planning, design, and construction management. He has presided the consultation and design of large-scale e-government engineering projects for more than 40 ministries and commissions, highlighting the national investment project online approval and supervision platform, the national credit information sharing platform, the national public resource trading platform, and other national-level cross-departmental and cross-regional large-scale comprehensive information Chemical project construction work. He has lead in undertaking research projects such as “National Emergency Platform System Construction”, “Beijing-Tianjin-Hebei Integrated Information Platform”, and “National Open Data Platform Planning”.
In this paper, he is responsible for the case analysis for the technology of IP privacy protection.
E-mail: yangsl@cegn.gov.cn|江伟玉,华为技术有限公司2012实验室中央研究院网络技术实验室,主任工程师,博士,主要研究方向为网络安全架构及安全协议、可信身份管理、云安全。
在本文中承担IP隐私保护技术和匿名路由技术研究。
JIANG Weiyu, Ph.D., is the chief engineer of Network Tech-nology Laboratory, Central Research Institute, 2012 Laboratory, Huawei Technologies Co., Ltd.. Her research interests include network security, network security protocols, trusted identity man-agement, and cloud security.
In this paper, she is responsible for the research on the IP privacy protection technique and anonymous routing.
E-mail: jiangweiyu1@huawei.com

A Privacy Protection Method for IP Header Identifiers

ZHAO Ruibin^1,^*(),ZHANG Daode²(),YANG Shaoliang¹(),JIANG Weiyu²()

1. China State Information Center, Beijing 100045, China
2. Huawei Technologies Co., Ltd., Beijing 100095, China

Received:2021-04-15 Online:2021-06-20 Published:2021-07-09
Contact: ZHAO Ruibin

摘要/Abstract

摘要：

【目的】 IP地址作为网络层的唯一标识符,已经成为网络追踪和隐私关联分析的基础信息。区别于其它个人可识别标识,耦合了身份与位置隐私的IP地址作为路由寻址必备信息,不得不暴露在IP报文头部,从而难以采用终端侧的混淆技术消除IP隐私泄露风险。【方法】 为了保护IP隐私,本文提出了一种终端设备与网络设备协同的IP隐私保护技术方案。【结果】 在该方案中,网络设备对IP地址等隐私信息进行实时混淆,能够达到逐包级的IP隐私保护,防止隐私好奇者通过窃听或收集IP报文来实施隐私攻击。该技术在同时兼顾隐私保护、路由高效寻址、审计追踪等需求的情况下,不但消除当前IP地址耦合身份和位置双重语义的障碍,而且还对身份标识符和位置标识符分别进行加密保护。【结论】 本文的技术可以对IP隐私进行较好的保护,具有很高的潜在实用价值。

关键词: IP地址, 隐私保护, 地址隐私, 身份隐私, 加密

Abstract:

[Objective] As the unique identifier of network layer, IP address has become the basic information of network tracking and privacy correlation analysis. Different from other personal identifiers, the IP address coupled with identity and location privacy is the necessary information for routing addressing, and has to be exposed in the IP header, so it is difficult to eliminate the risk of IP privacy leakage by using terminal side obfuscation technology. [Methods] In order to protect IP privacy, we propose a technology based on the cooperation between terminal devices and network devices. In this scheme, IP address and other private information can be obfuscated by network devices in real-time. [Results] The proposed method can achieve packet-by-packet IP privacy protection and prevent privacy curious attackers from eavesdropping or collecting IP messages to implement privacy analysis. This technology not only eliminates the barrier of dual semantics of the current IP address coupling identity and location, but also encrypts the identity and location identifiers separately while meeting the requirements of privacy protection, efficient routing addressing, and auditing and tracing. [Conclusions] The technology in this paper can give IP privacy a good protection, so we think it may have high potential practical value.

Key words: IP address, privacy protection, location privacy, identity privacy, encryption

赵睿斌,张道德,杨绍亮,江伟玉. 一种IP头部标识符的隐私保护方法[J]. 数据与计算发展前沿, 2021, 3(3): 48-58.

ZHAO Ruibin,ZHANG Daode,YANG Shaoliang,JIANG Weiyu. A Privacy Protection Method for IP Header Identifiers[J]. Frontiers of Data and Computing, 2021, 3(3): 48-58.

图/表 4

参考文献 17

[1]	The Usage of VPN in Website[EB/OL]. https://blog.globalwebindex.com/chart-of-the-day/1-in-4-vpn-users-accessing-daily/.
[2]	The official GDPR website[EB/OL]. https://ec.europa.eu/info/law/law-topic/data-protection_en.
[3]	The official CCPA website[EB/OL]. https://www.dlapiper.com/en/us/focus/ccpa/.
[4]	Google fined[EB/OL]. https://www.theverge.com/2019/1/21/18191591/google-gdpr-fine-50-million-euros-data-consent-cnil.
[5]	Xin Liu, Ang Li, Xiaowei Yang, David Wetherall: Passport: Secure and Adoptable Source Authentication[M]. NSDI 2008: 365-376.
[6]	Barath Raghavan, Tadayoshi Kohno, Alex C. Snoeren, David Wetherall: Enlisting ISPs to Improve Online Privacy: IP Address Mixing by Default[M]. Privacy Enhancing Technologies 2009: 143-163.
[7]	David Chaum: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms[M]. Commun. ACM 24(2): 84-88( 1981).
[8]	Roger Dingledine, Nick Mathewson, Paul F. Syverson: Tor: The Second-Generation Onion Router[M]. USENIX Security Symposium 2004: 303-320.
[9]	David Meyer, Lixia Zhang, Kevin Fall: Report from the IAB Workshop on Routing and Addressing[S]. RFC 4984:1-39( 2007).
[10]	Fernando Gont: A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC)[S]. RFC 7217: 1-19( 2014).
[11]	Thomas Narten, Richard Draves: Privacy Extensions for Stateless Address Autoconfiguration in IPv6[S]. RFC 3041:1-17( 2001).
[12]	Richard Draves: Default Address Selection for Internet Protocol version 6 (IPv6)[S]. RFC 3484:1-24( 2003).
[13]	Thomas Narten, Richard Draves, Suresh Krishnan: Privacy Extensions for Stateless Address Autoconfiguration in IPv6[S]. RFC 4941:1-23( 2007).
[14]	Tuomas Aura: Cryptographically Generated Addresses (CGA)[S]. RFC 3972:1-22( 2005).
[15]	Fernando Gont: A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC)[S]. RFC 7217:1-19( 2014).
[16]	鲁红梅, 周华春, 张晖, 秦雅娟. 一种移动IPv6地址隐私性解决方法[J]. 信息安全与通信保密, 2006,(12):145-147.
[17]	鲁红梅. 移动IPv6地址隐私性研究与实现设计[D]. 北京:北京交通大学, 2007.

一种IP头部标识符的隐私保护方法

A Privacy Protection Method for IP Header Identifiers

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 17

相关文章 5

编辑推荐

Metrics

本文评价

[1]	邹慧,李彦彪,于晨晖,马迪,毛伟. 基于行为透明性的RPKI撤销检测机制[J]. 数据与计算发展前沿, 2022, 4(3): 90-109.
[2]	陈磊,刘文懋. 合规视角下的数据安全技术前沿与应用[J]. 数据与计算发展前沿, 2021, 3(3): 19-31.
[3]	吴一铭,王伟,延志伟,汪洋. 基于多解析器的域名隐私保护机制[J]. 数据与计算发展前沿, 2021, 3(3): 75-85.
[4]	刘思瀚,徐石成,何光宇. 基于区块链技术的电动汽车电池溯源系统构建[J]. 数据与计算发展前沿, 2020, 2(5): 76-83.
[5]	张笑宇,沈超,陈宇飞,吴星辉,刘畅. 智能语音系统安全分析[J]. 数据与计算发展前沿, 2019, 1(2): 98-109.