research-article

Protecting privacy with protocol stack virtualization

Authors:

Janne Lindqvist,

Juha-Matti TapioAuthors Info & Claims

WPES '08: Proceedings of the 7th ACM workshop on Privacy in the electronic society

Pages 65 - 74

https://doi.org/10.1145/1456403.1456416

Published: 27 October 2008 Publication History

Abstract

Previously proposed host-based privacy protection mechanisms use pseudorandom or disposable identifiers on some or all layers of the protocol stack. These approaches either require changes to all hosts participating in the communication or do not provide privacy for the whole protocol stack or the system. Building on previous work, we propose a relatively simple approach: protocol stack virtualization. The key idea is to provide isolation for traffic sent to the network. The granularity of the isolation can be, for example, flow or process based. With process based granularity, every application uses a distinct identifier space on all layers of the protocol stack. This approach does not need any infrastructure support from the network and requires only minor changes to the single host that implements the privacy protection mechanism. To show that no changes to typical applications are required, we implemented the protocol stack virtualization as a user space daemon and tested it with various legacy applications.

References

[1]

M. Abadi and C. Fournet. Private authentication. Theor. Comput. Sci., 322(3):427--476, Sept. 2004.

Digital Library

[2]

W. Aiello, S. M. Bellovin, M. Blaze, R. Canetti, J. Ioannidis, A. D. Keromytis, and O. Reingold. Just fast keying: Key agreement in a hostile internet. ACM Transactions on Information and System Security (TISSEC), 7, May 2004.

Digital Library

[3]

J. Arkko, P. Nikander, and M. N0slund. Enhancing Privacy with Shared Pseudo Random Sequences (preliminary version). In Security Protocols, 13rd International Workshop, Apr. 2005.

[4]

T. Aura, J. Lindqvist, M. Roe, and A. Mohammed. Chattering laptops. In 8th Privacy Enhancing Technologies Symposium (PETS), July 2008.

Digital Library

[5]

T. Aura, M. Roe, and S. J. Murdoch. Securing Network Location Awareness with Authenticated DHCP. In 3rd International Conference on Security and Privacy in Communication Networks (SecureComm), Sept. 2007.

[6]

T. Aura and A. Zugenmaier. Privacy, Control and Internet Mobility. In Security Protocols, 12th International Workshop, Apr. 2004.

[7]

P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the Art of Virtualization. In SOSP, Oct. 2003.

Digital Library

[8]

D. L. Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM, 24(2):84--90, Feb. 1981.

Digital Library

[9]

R. Dingledine and N. Mathewson. Anonymity Loves Company: Usability and the Network Effect. In Workshop on the Economics of Information Security, June 2006.

[10]

R. Dingledine, N. Mathewson, and P. Syverson. Tor: The Second-Generation Onion Router. In 13th USENIX Security Symposium, Aug. 2004.

Digital Library

[11]

N. Droux, S. Tripathi, and K. Belgaied. Crossbow: Network virtualization and resource control. http://www.usenix.org/events/usenix07/posters/droux.pdf.

[12]

J. Franklin, D. McCoy, P. Tabriz, V. Neagoe, J. V. Randwyk, and D. Sicker. Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting. In 15th USENIX Security Symposium, July/August 2006.

Digital Library

[13]

T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: a virtual machine-based platform for trusted computing. In SOSP, Oct. 2003.

Digital Library

[14]

R. Gerdes, T. Daniels, M. Mina, and S. Russell. Device identification via analog signal fingerprinting: A matched filter approach. In Network and Distributed System Security Symposium (NDSS), Feb. 2006.

[15]

P. M. Gleitz and S. M. Bellovin. Transient addressing for related processes: improved firewalling by using IPV6 and multiple addresses per host. In 10th USENIX Security Symposium, Aug. 2001.

Digital Library

[16]

J. A. Goguen and J. Meseguer. Security policies and security models. In IEEE Symposium on Research in Security and Privacy, Apr. 1982.

[17]

D. M. Goldschlag, M. G. Reed, and P. F. Syverson. Hiding Routing Information. In Workshop on Information Hiding, May/June 1996.

Digital Library

[18]

M. Gruteser and D. Grunwald. Enhancing location privacy in wireless LAN through disposable interface identifiers: a quantitative analysis. Mob. Netw. Appl., 10(3):315--325, 2005.

Digital Library

[19]

S. Guha and P. Francis. Identity Trail: Covert Surveillance Using DNS. In Workshop on Privacy Enhancing Technologies (PET), June 2007.

[20]

M. Handley, V. Paxson, and C. Kreibich. Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In 10th USENIX Security Symposium, Aug. 2001.

Digital Library

[21]

S. Ioannidis, S. Sidiroglou, and A. D. Keromytis. Privacy as an Operating System Service. In 1st USENIX Workshop on Hot Topics in Security (HotSec), July 2006.

Digital Library

[22]

T. Jiang, H. J. Wang, and Y.-C. Hu. Location privacy in wireless networks. In MobiSys, June 2007.

Digital Library

[23]

S. Katti, J. Cohen, and D. Katabi. Information Slicing: Anonymity Using Unreliable Overlays. In NSDI, Apr. 2007.

Digital Library

[24]

T. Kohno, A. Broido, and K. Claffy. Remote physical device fingerprinting. IEEE Transactions on Dependable and Secure Computing, 2(2), April/June 2005.

Digital Library

[25]

J. Lindqvist and L. Takkinen. Privacy management for secure mobility. In Workshop on Privacy in the Electronic Society (WPES), Oct. 2006.

Digital Library

[26]

A. Menon, A. L. Cox, and W. Zwaenepoel. Optimizing network virtualization in Xen. In USENIX Annual Technical Conference, May/June 2006.

Digital Library

[27]

S. J. Murdoch. Hot or Not: Revealing Hidden Services by their Clock Skew. In CCS, October/November 2006.

Digital Library

[28]

A. C. Myers and B. Liskov. Protecting privacy using the decentralized label model. ACM Trans. Softw. Eng. Methodol., 9(4):410--442, 2000.

Digital Library

[29]

T. Narten, R. Draves, and S. Krishnan. RFC 4941: Privacy Extensions for Stateless Address Autoconfiguration in IPv6, Sept. 2007. Status: Draft Standard.

[30]

Nmap. http://www.insecure.org/nmap/.

[31]

J. Pang, B. Greenstein, R. Gummadi, S. Seshan, and D. Wetherall. 802.11 user fingerprinting. In MobiCom'07, Sept. 2007.

Digital Library

[32]

J. Peterson. RFC 3323: A Privacy Mechanism for the Session Initiation Protocol (SIP), Nov. 2002.

Digital Library

[33]

Planetlab. https://www.planet-lab.org/.

[34]

M. K. Reiter and A. D. Rubin. Crowds: Anonymity for Web Transactions. ACM Transactions on Information and System Security, 1(1):66--92, Nov. 1998.

Digital Library

[35]

J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler. RFC 3261: SIP: Session Initiation Protocol, June 2002.

Digital Library

[36]

U. Shankar and C. Karlof. Doppelganger: Better browser privacy without the bother. In CCS, October/November 2006.

Digital Library

[37]

P. Srisuresh and K. Egevang. RFC 3022: Traditional IP Network Address Translator (Traditional NAT), Jan. 2001. Status: Informational.

Digital Library

[38]

G. Su and J. Nieh. Mobile communication with virtual network address translation. CUCS--003--02, Columbia University Department of Computer Science, Feb. 2002.

[39]

S. Thomson, T. Narten, and T. Jinmei. RFC 4862: IPv6 Stateless Address Autoconfiguration, Sept. 2007. Status: Draft Standard.

[40]

VMware. http://www.vmware.com.

[41]

D. Watson, M. Smart, G. R. Malan, and F. Jahanian. Protocol scrubbing: Network security through transparent flow modification. IEEE/ACM Transactions on Networking, 12(2), Apr. 2004.

Digital Library

[42]

A. R. Yumerefendi, B. Mickle, and L. P. Cox. TightLip: Keeping Applications from Spilling the Beans. In NSDI, Apr. 2007.

Digital Library

[43]

K. Zetter. Rogue nodes turn tor anonymizer into eavesdropper's paradise. Wired, Sept. 2007.

Cited By

Herrero R(2021)Protocol stack virtualization support in IoTTransactions on Emerging Telecommunications Technologies10.1002/ett.4340Online publication date: 12-Aug-2021
https://doi.org/10.1002/ett.4340
Al-Slais Y(2020)Privacy Engineering Methodologies: A survey2020 International Conference on Innovation and Intelligence for Informatics, Computing and Technologies (3ICT)10.1109/3ICT51146.2020.9311949(1-6)Online publication date: 20-Dec-2020
https://doi.org/10.1109/3ICT51146.2020.9311949
Marx MSchwarz MBlochberger MWille FFederrath H(2020)Context-Aware IPv6 Address HoppingInformation and Communications Security10.1007/978-3-030-41579-2_31(539-554)Online publication date: 18-Feb-2020
https://doi.org/10.1007/978-3-030-41579-2_31
Show More Cited By

Index Terms

Protecting privacy with protocol stack virtualization

Recommendations

Protecting privacy in data release
Foundations of security analysis and design VI

The evolution of the Information and Communication Technology has radically changed our electronic lives, making information the key driver for today's society. Every action we perform requires the collection, elaboration, and dissemination of personal ...
A Novel Anonymous RFID Authentication Protocol Providing Strong Privacy and Security
MINES '10: Proceedings of the 2010 International Conference on Multimedia Information Networking and Security

As the radio frequency identification (RFID) technology continues to evolve and mature, RFID tags can be implemented in a wide range of applications. Due to the shared wireless medium between the RFID reader and the RFID tag, however, adversaries can ...
An anti-counterfeiting RFID privacy protection protocol

The privacy problem of many RFID systems has been extensively studied. Yet integrity in RFID has not received much attention as regular computer systems. When we evaluate an identification protocol for an RFID system for anti-counterfeiting, it is ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WPES '08: Proceedings of the 7th ACM workshop on Privacy in the electronic society

October 2008

128 pages

ISBN:9781605582894

DOI:10.1145/1456403

General Chair:
Vijay Atluri
Rutgers University, USA
,
Program Chair:
Marianne Winslett
University of Illinois at Urbana-Champaign, USA

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 October 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS08

Sponsor:

CCS08: 15th ACM Conference on Computer and Communications Security 2008

October 27, 2008

Virginia, Alexandria, USA

Acceptance Rates

Overall Acceptance Rate 106 of 355 submissions, 30%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
430
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Herrero R(2021)Protocol stack virtualization support in IoTTransactions on Emerging Telecommunications Technologies10.1002/ett.4340Online publication date: 12-Aug-2021
https://doi.org/10.1002/ett.4340
Al-Slais Y(2020)Privacy Engineering Methodologies: A survey2020 International Conference on Innovation and Intelligence for Informatics, Computing and Technologies (3ICT)10.1109/3ICT51146.2020.9311949(1-6)Online publication date: 20-Dec-2020
https://doi.org/10.1109/3ICT51146.2020.9311949
Marx MSchwarz MBlochberger MWille FFederrath H(2020)Context-Aware IPv6 Address HoppingInformation and Communications Security10.1007/978-3-030-41579-2_31(539-554)Online publication date: 18-Feb-2020
https://doi.org/10.1007/978-3-030-41579-2_31
Ambrosin MCompagno AConti MGhali CTsudik G(2018)Security and Privacy Analysis of National Science Foundation Future Internet ArchitecturesIEEE Communications Surveys & Tutorials10.1109/COMST.2018.279828020:2(1418-1442)Online publication date: Oct-2019
https://doi.org/10.1109/COMST.2018.2798280
Bauer KMccoy DGreenstein BGrunwald DSicker D(2009)Physical Layer Attacks on Unlinkability in Wireless LANsProceedings of the 9th International Symposium on Privacy Enhancing Technologies10.1007/978-3-642-03168-7_7(108-127)Online publication date: 27-Jul-2009
https://dl.acm.org/doi/10.1007/978-3-642-03168-7_7

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten