数据与计算发展前沿 ›› 2021, Vol. 3 ›› Issue (3): 48-58.doi: 10.11871/jfdc.issn.2096-742X.2021.03.005

• 网络通信与安全专刊 • 上一篇    下一篇

一种IP头部标识符的隐私保护方法

赵睿斌1,*(),张道德2(),杨绍亮1(),江伟玉2()   

  1. 1.国家信息中心,北京 100045
    2.华为技术有限公司,北京 100095
  • 收稿日期:2021-04-15 出版日期:2021-06-20 发布日期:2021-07-09
  • 通讯作者: 赵睿斌
  • 作者简介:赵睿斌,国家信息中心,高级工程师,博士,主要研究领域包括网络安全、大数据、云计算、移动互联、工控安全、数字政府、智慧城市和北斗导航等。
    本文中负责总体统稿、总结IP隐私保护的科学问题。
    ZHAO Ruibin, Ph.D., is a senior engineer of the National Information Center. His main research areas include network security, big data, cloud computing, mobile internet, industrial control security, digital government, smart city and Beidou navigation.
    In this paper, he is responsible for the overall draft and scientific problem summary of IP privacy protection.
    E-mail: zhrbdove@sic.gov.cn|张道德,华为技术有限公司2012实验室中央研究院网络技术实验室,高级工程师,博士,主要研究方向为密码学和网络安全协议析。
    本文中负责IP隐私保护技术的研究内容以及案例分析。
    ZHANG Daode, Ph.D., is a senior engineer of Network Tech-nology Laboratory, Central Research Institute, 2012 Laboratory, Huawei Technologies Co., Ltd.. His research interests include cryptography and network security protocol.
    In this paper, he is responsible for the research content, and the case analysis for the technology of IP privacy protection.
    E-mail: zhangdaode@huawei.com|杨绍亮,国家信息中心,高级工程师,主要研究方向是电子政务工程项目规划设计和建设管理。主持过40多个部委大型电子政务工程项目的咨询设计,重点主持了全国投资项目在线审批监管平台、全国信用信息共享平台、全国公共资源交易平台等多个国家级跨部门、跨地区大型综合信息化项目工程建设工作。重点牵头承担了《国家应急平台体系建设》、《京津冀综合信息化平台》、《国家开放数据平台规划》等课题研究。
    本文中负责IP隐私保护技术的案例分析。
    YANG Shaoliang is a senior engineer of the National Infor-mation Center. His main research direction is e-government project planning, design, and construction management. He has presided the consultation and design of large-scale e-government engineering projects for more than 40 ministries and commissions, highlighting the national investment project online approval and supervision platform, the national credit information sharing platform, the national public resource trading platform, and other national-level cross-departmental and cross-regional large-scale comprehensive information Chemical project construction work. He has lead in undertaking research projects such as “National Emergency Platform System Construction”, “Beijing-Tianjin-Hebei Integrated Information Platform”, and “National Open Data Platform Planning”.
    In this paper, he is responsible for the case analysis for the technology of IP privacy protection.
    E-mail: yangsl@cegn.gov.cn|江伟玉,华为技术有限公司2012实验室中央研究院网络技术实验室,主任工程师,博士,主要研究方向为网络安全架构及安全协议、可信身份管理、云安全。
    在本文中承担IP隐私保护技术和匿名路由技术研究。
    JIANG Weiyu, Ph.D., is the chief engineer of Network Tech-nology Laboratory, Central Research Institute, 2012 Laboratory, Huawei Technologies Co., Ltd.. Her research interests include network security, network security protocols, trusted identity man-agement, and cloud security.
    In this paper, she is responsible for the research on the IP privacy protection technique and anonymous routing.
    E-mail: jiangweiyu1@huawei.com

A Privacy Protection Method for IP Header Identifiers

ZHAO Ruibin1,*(),ZHANG Daode2(),YANG Shaoliang1(),JIANG Weiyu2()   

  1. 1. China State Information Center, Beijing 100045, China
    2. Huawei Technologies Co., Ltd., Beijing 100095, China
  • Received:2021-04-15 Online:2021-06-20 Published:2021-07-09
  • Contact: ZHAO Ruibin

摘要:

【目的】 IP地址作为网络层的唯一标识符,已经成为网络追踪和隐私关联分析的基础信息。区别于其它个人可识别标识,耦合了身份与位置隐私的IP地址作为路由寻址必备信息,不得不暴露在IP报文头部,从而难以采用终端侧的混淆技术消除IP隐私泄露风险。【方法】 为了保护IP隐私,本文提出了一种终端设备与网络设备协同的IP隐私保护技术方案。【结果】 在该方案中,网络设备对IP地址等隐私信息进行实时混淆,能够达到逐包级的IP隐私保护,防止隐私好奇者通过窃听或收集IP报文来实施隐私攻击。该技术在同时兼顾隐私保护、路由高效寻址、审计追踪等需求的情况下,不但消除当前IP地址耦合身份和位置双重语义的障碍,而且还对身份标识符和位置标识符分别进行加密保护。【结论】 本文的技术可以对IP隐私进行较好的保护,具有很高的潜在实用价值。

关键词: IP地址, 隐私保护, 地址隐私, 身份隐私, 加密

Abstract:

[Objective] As the unique identifier of network layer, IP address has become the basic information of network tracking and privacy correlation analysis. Different from other personal identifiers, the IP address coupled with identity and location privacy is the necessary information for routing addressing, and has to be exposed in the IP header, so it is difficult to eliminate the risk of IP privacy leakage by using terminal side obfuscation technology. [Methods] In order to protect IP privacy, we propose a technology based on the cooperation between terminal devices and network devices. In this scheme, IP address and other private information can be obfuscated by network devices in real-time. [Results] The proposed method can achieve packet-by-packet IP privacy protection and prevent privacy curious attackers from eavesdropping or collecting IP messages to implement privacy analysis. This technology not only eliminates the barrier of dual semantics of the current IP address coupling identity and location, but also encrypts the identity and location identifiers separately while meeting the requirements of privacy protection, efficient routing addressing, and auditing and tracing. [Conclusions] The technology in this paper can give IP privacy a good protection, so we think it may have high potential practical value.

Key words: IP address, privacy protection, location privacy, identity privacy, encryption