Skip to content

04 Applications

Jump to bottom
Lucas Kohler edited this page May 26, 2024 · 5 revisions

Lucid applications

This document describes some of the more interesting Lucid applications.

Pivot attack detection

Source: examples/apps/pivotting_app

Description: This program detects pivot attacks. TODO: add a sentence describing what a pivot attack is, ideally with a link to a paper. Packets, represented by the eth_ip event, arrive at the switch and trigger an eth_ip handler, which checks whether the packet is part of a pivot attack. The main criteria is the hash of the TCP payload, along with size of the packet and the timestamp. When it detects a suspicious packet, it generates a report event to SERVER_PORT.

Real-Time Packet Anonymization

Source: examples/apps/pkt_anonymizer

Description: This program is a real-time packet anonymization program that anonymizes MAC addresses and IPv4 addresses adhering to user-defined parameters. Packet anonymization is crucial for preserving user privacy and security in network communications by concealing sensitive information, such as MAC and IP addresses, within packet traces. This process enables the safe sharing and analysis of network data without compromising the identity of the users involved, addressing the growing concern for privacy in the digital age where network data can reveal personal user activities and behaviors. The significance of this approach to network data anonymization, along with the challenges it seeks to overcome, is thoroughly explored in "ONTAS: Flexible and Scalable Online Network Traffic Anonymization System" by Hyojoon Kim and Arpit Gupta. This paper highlights the importance of developing methods that safeguard user privacy while retaining the data's value for technical and analytical purposes.

The application operates by intercepting packets, identified by the eth_ip event, as they arrive at the network switch. Upon interception, the eth_ip handler anonymizes the MAC and IPv4 addresses according to the specified policy, ensuring the preservation of essential prefix information for network analysis. The anonymized packet is then forwarded out of a physical port on the switch, allowing network traffic to flow without disclosing sensitive information. Concurrently, the program generates a report showcasing the packet before and after the anonymization process. This report is sent to a dedicated monitoring server connected to a different port on the switch, enabling the validation of the anonymization process and auditing.

Clone this wiki locally