Hi everyone, tl;dr - today (Sunday) at 17:40 CET / 08:40 PST you can watch me present about 'ipcipher', a method for encrypting IP addresses to enhance user privacy, at the NDSS DNS Privacy Workshop through: https://www.ndss-symposium.org/dns-privacy-workshop-programme/ We'd love to hear your thoughts.
Longer story: PowerDNS has long included the 'dnswasher' tool which strips customer IP addresses from PCAP files. The idea is that this allows operators to send us traces we can analyse, without us seeing actual IP addresses. A problem with 'dnswasher' however was that translating back to original IP addresses was very hard. So let's say we did find what (stub) resolver was causing problems, it was quite a puzzle for the owner of the data to find out who that actually was. In may 2017, we wrote about a solution for this problem here https://medium.com/@bert.hubert/on-ip-address-encryption-security-analysis-with-respect-for-privacy-dabe1201b476 In short, this detailed how one can encrypt and decrypt IP addresses. Later we found out there was more involved into how to do this correctly. We also learned that the new EU GDPR privacy regulations specifically recommend 'pseudonyzing' user data this way before analysis. A subsequent specific customer request spurred the writing of the 'ipcipher' specification which allows for interoperable encryption of IP addresses. This specification can be found on https://powerdns.org/ipcipher/ This code has also been added to 'dnswasher', which can now be run like this: $ dnswasher -p "supersecret2018" in.pcap encrypted.pcap $ dnswasher -d -p "supersecret2018" encrypted.pcap decrypted.pcap This will reconstruct 'decrypted.pcap' which is identical to 'in.pcap'. I will present about 'ipcipher' today (Sunday) at 08:40 PST / 17:40 CET to the NDSS DNS Privacy Workshop Programme, you can view this live on: https://www.ndss-symposium.org/dns-privacy-workshop-programme/ Your comments are more than welcome! Bert _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users