IP::Anonymous - Perl port of Crypto-PAn to provide anonymous IP addresses
use IP::Anonymous; @key = (0..31); my $object = new IP::Anonymous(@key); print $object->anonymize("192.0.2.0")."\n";
This is a Perl port of Crypto-PAn. Crypto-PAn is a cryptography-based sanitization tool for network trace or log data. The tool has the following properties:
The mapping from original IP addresses to anonymized IP addresses is one-to-one.
The IP address anonymization is prefix-preserving. That is, if two original IP addresses share a k-bit prefix, their anonymized mappings will also share a k-bit prefix.
Multiple traces can be sanitized in a consistent way, over time and across locations, even though the traces might be sanitized separately at different time and/or at different locations.
To sanitize traces, trace owners provide a secret key. Anonymization consistency across multiple traces is achieved by the use of the same key. The construction of IP::Anonymous preserves the secrecy of the key and the (pseudo)randomness of the mapping from an original IP address to its anonymized counterpart.
This Perl port of Crypto-PAn uses similar logic to that found in Crypto-PAn 1.0, but most importantly maintains consistency in the process so that regardless of implementation, using the same key in each will give consistent results.
Crypt::Rijndael - XS-based implementation of the Advanced Encryption Standard (AES) algorithm Rijndael by Joan Daemen and Vincent Rijmen.
Initializes the electronic codebook object with a 32 8-bit decimal array. This array, consisting of 32 decimals between 0 and 255 inclusive, is the user defined private key for this anonymization session. This 256 bit key should be kept private. The key can be used across sessions to maintain consistent mappings between the original and the anonymized IP addresses.
Called with a dotted quad IP address string (e.g. 192.0.2.0). Returns an anonymized version of that IP address as a dotted quad string.
The Crypt::Rijndael module as of version 0.05 contains at least one fatal flaw for users of 64-bit systems. rijndael.h specifies a 32 bit integer as an unsigned long. This works on 32-bit systems, but not 64-bit systems. This is easily circumvented by changing the definition for UINT32 from a unsigned long to an unsigned int for platforms the author has tested on.
The Crypt::Rijndael module on CPAN tested with IP::Anonymous has as it's package version number 0.05, but in the Rijndael.pm module file itself, VERSION is set to 0.04. IP::Anonymous specifies that at least 0.04 of Crypt::Rijndael is required, but the original 0.04 version has not been tested. It is presumed to work, but you should use the module whose package version number is 0.05 or later if possible.
IP::Anonymous only provides support for IPv4 addresses.
Original Crypto-PAn C++ implementation was done by Jinliang Fan. The Perl module port is by John Kristoff. Thanks to Stephen Gill for initial testing and suggesting changes in the beginning stages of the module implementation process.
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
This module is based on the original Crypto-PAn project tool designed and implemented in C++ by Jinliang Fan. The Crypto-PAn project web page is located at:
Even though this module uses strong cryptography to anonymize IP addresses there may still be a number of avenues of attack that can be successful in discovering underlying information. For a good description of this problem see the paper The Devil and Packet Trace Anonymization by Mark Allman, et al., which can be found at:
IP::Anonymous is available on the Comprehensive Perl Archive Network (CPAN) and also off the author's homepage (as of this writing) at: