Structure preserving anonymization of router configuration data

David Maltz, Jibin Zhan, Gísli Hjálmtýsson, Albert Greenberg, Jennifer L. Rexford, Geoffrey Xie, Hui Zhang

Research output: Contribution to journalArticlepeer-review

Abstract

A repository of router configuration files from production networks would provide the research community with a treasure trove of data about network topologies, routing designs, and security policies. However, configuration files have been largely unobtainable precisely because they provide detailed information that could be exploited by competitors and attackers. This paper describes a method for anonymizing router configuration files by removing all information that connects the data to the identity of the underlying network, while still preserving the structure of information that makes the data valuable to networking researchers. Anonymizing configuration files has unusual requirements, including preserving relationships between elements of data, anonymizing regular expressions, and robustly coping with more than 200 versions of the configuration language. Conventional tools and techniques are poorly suited to the problem. Our anonymization method has been validated with a major carrier, earning unprivileged researchers access to the configuration files of thousands of routers in hundreds of networks. Through example analysis, we demonstrate that the anonymized data retains the key properties of the network design. The paper sets out techniques that could be used in an attempt to break the anonymization, and it concludes our anonymization techniques are most applicable to enterprise networks, because the large number of enterprises and the difficulty of probing them from the outside make it hard to recognize an anonymized network based solely on publicly-available information about its topology or configuration. When applied to backbone networks, which are few in number and many of whose properties can be publicly measured, the anonymization might be broken by fingerprinting techniques described in this paper.

Original languageEnglish (US)
Article number4808478
Pages (from-to)349-358
Number of pages10
JournalIEEE Journal on Selected Areas in Communications
Volume27
Issue number3
DOIs
StatePublished - Apr 2009

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Keywords

  • Data anonymization
  • Router configuration

Fingerprint Dive into the research topics of 'Structure preserving anonymization of router configuration data'. Together they form a unique fingerprint.

Cite this