Title : ConfMask: Enabling Privacy-Preserving Configuration Sharing via Anonymization
Authors : Yuejie Wang (Peking University; New York University Shanghai); Qiutong Men, Yao Xiao, Yongting Chen (New York University Shanghai); Guyue Liu (Peking University)
Scribe : Huisan Xu (Xiamen University)
Introduction
Real-world network configurations play a critical role in network management and research tasks. For example, operators from different institutions need to share details of their network configurations to handle a network failure. Such configurations are also necessary in academia to emulate production environment. However, existing methods are deficient in concealing the implicit information that can be inferred from configurations, such as topology and routing paths.
To address this, the paper presents ConfMask, a novel framework designed to systematically anonymize network topology and routing paths in configurations. The anonymization still maintains essential network properties such as reachability, way-pointing and multi-path consistency, making it suitable for a wide range of downstream tasks. Compared to existing dataplane anonymization algorithm (i.e., NetHide), ConfMask reduces ∼75% specification differences between the original and the anonymized networks.
Key idea and contribution
The key idea of Confmask is anonymizing configurations to protect privacy while preserving the utility under various use cases. This is achieved by
(1) Edge & interface pair addition in order to anonymize the network topology
(2) Restoration of data plane utility on top of the modified topology, guided by SFE (Strong Function Equivalence)
(3) Data plane anonymization by adding replicate host on fake IPs and filters on fake IPs
Evaluation
The evaluation show that on average, ConfMask solution only needs to add ∼25% of lines to the configuration files, and on large scale network, the percentage can go down to ∼5%. In performance evaluation ConfMask is capable of finishing anonymizing the large networks like FatTree-08, in around 6 minutes.
Personal thoughts
This paper addresses a significant and timely issue regarding the protection of privacy while sharing network configurations. As network environments become increasingly complex and interconnected, operators and researchers often need to exchange network configuration information for troubleshooting or academic research. However, these configurations often contain sensitive information, such as network topology and routing paths, which can expose unnecessary details to third parties if not properly handled.
The introduction of ConfMask aims to resolve this challenge by systematically anonymizing information about network topology and routing paths while maintaining critical network attributes like reachability, way-pointing, and multi-path consistency. This provides the possibility for cooperation based on network configurations across multiple network management domains.