Noise Injection– Cisco Security and Privacy Concepts

Rather than stripping out, or suppressing, data, noise injection inserts or replaces existing information with false data. Figure 18-6 illustrates noise injection.

Figure 18-6 Noise Injection

Figure 18-6 shows two tables—the upper before noise injection and the lower after. Two pieces of false data are highlighted:

• Swapping the number portion of the street address for the first two entries

• Changing the last name on the third entry   A fourth entry also is added.

Aggregation

Data aggregation replaces more specific information with less specific information. Figure 18-7 illustrates data aggregation.

Figure 18-7 Data Aggregation

Figure 18-7 shows replacing the city and state fields with a new region field. Placing users in a larger pool of potential duplicates reduces the identifiability of individual users.

Segmentation

Every user or process does not need access to all available information about a set of users to do their work. In these cases, a single piece of information can be segmented or partitioned.

Segmenting, or partitioning, breaks data into several sets, each of which must be accessed separately. Figure 18-8 illustrates data segmentation.

Figure 18-8 Data Segmentation

In Figure 18-8, the table containing names and complete addresses is broken into three separate tables. Segmented data must contain a key showing which data in one table relates to another table to recombine the information.

If a user wants to discover

• The most common last name among the organization’s customers, they need only the first of the three tables.

• The city with the highest density or number of customers, they need only the third of the three tables.

• The correlation between users’ names and their region, they need only the first and third of the three tables.

The fewer tables a user or process is given access to, the less likely the user or process is to identify any individual.

Privacy and Network Operations

Privacy applies in different ways to many areas of information technology, including network engineering. Network engineers need to be careful of privacy in two distinct areas:

• Packets traveling through the network

• Information logged to understand and improve network operations

The following sections consider each of these areas of concern.

Forwarded Packets

Packets traveling through a network contain many kinds of private information, including DNS queries, passwords, and medical information—essentially, anything within a packet or flow can be private. Network engineers cannot do much to protect this data beyond encrypting it where it makes sense.

The packet’s source and destination IP addresses are also considered private. IP addresses, however, are both necessary for the network to work correctly and used by the network for their primary purpose.

Overall, packet forwarding does not raise many privacy concerns for network engineers.

Logged Information

Network operators capture a lot of information, including

• The source address, destination address, source port,  destination port, and protocol number of packets forwarded through the network.

• The contents of packets, which can include passwords,  usernames, and other private information.

• Each DNS query.

• When users are connected to the network and for how long.

• Where users connect to the network (home, the office, a coffee shop, etc.).

This information is either directly personally identifiable or can be combined with other information to identify an individual user. An attacker could use this information to reconstruct an individual’s daily life and interests. Information about users can also be used to form other attacks.

Most network operators do not spend a lot of time thinking about how to protect this private information from attack    because

• They are not aware this information is private and, therefore, legally protected in many areas.

• They do not believe logged information is valuable enough to be a target.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post