TU Berlin

Main document

Literature Database Entry


Fabian Haibl, "Erstellung einer Funktion zur regelbasierten Anonymisierung von Verbindungsdaten im Internet," Bachelor Thesis, Wilhelm-Schickard-Institute for Computer Science, University of Tübingen, May 2005. (Advisors: Falko Dressler and Manfred Gerblinger)


In this our age of information society computer networks increasingly adopt the role of a base infrastructure. This growing importance is accompanied by new requirements: the economic value is to be skimmed, performance and permanent availability need to be assured and the network's security guaranteed. These goals can be approached by monitoring applications such as accounting, traffic engineering and intrusion detection. Though this requires the gathering, processing and storage of personal data, so conflicts with the protection of data privacy arise. This work's objective is to examine the current legal position, to develop possibilities of anonymization and to implement a rule based anonymization module. At first the data to be retained is investigated regarding its sensitivity. This leads to the result that only the ip address is capable to provide a link to the user and that the target port gives a hint to the type of service requested. Introductory to the legal expertise a review of the history and development of privacy is provided. Thereafter the capability to relate to a natural person as the connection factor and prerequisite for the applicability of any privacy related regulation is discussed and determined how far the ip address is suitable to create such a link to a person. This is affirmed for the university's ip addresses due to manual allocation or use of DHCP log files and authentication data of the VPN servers. Against common opinion for external ip addresses no effective way was found to discover the person using a given ip address. The area of application of the TKG (telecommunications act) and the TDG/TDDSG (teleservices act/teleservices privacy act) as well as the MDStV (treaty on media services) were distinguished and the facts of the case were assigned to the telecommunication. After determining the applicable law it was searched for an admission to collect and process personal data which is generally interdicted. This is done with regard to accounting and intrusion detection. In the field of accounting there exists only one admission pertaining to billing (\S 97 TKG) which is not suitable for the university's telecommunication services that are free of charge. Concerning intrusion detection there is an admission in \S 100 TKG for failure detection and treatment. Beyond the relation between user and service provider a recourse to the general permission in \S 15 I LDSG (privacy act of Baden-Württemberg) is possible to process personal data according to the protective measures stated in \S\S 109 I TKG, 9 II, III LDSG. The necessity for the processing of personal data is answered in the affirmative. After deciding the processing of personal data admissible the modalities are deduced from the principles of avoidance and thriftiness in processing personal data. Thus the collected data has to be pseudonymized, anonymized or deleted as soon as possible if the intended purpose can still be accomplished. Subsequent to the legal expertise the design and discussion of various anonymization algorithms take place. These comprise the retainment of the ip addresses in shortened form or of their hash value, their encryption or their mapping by a injective and prefix preserving function. Thereby is realized, that only by shortening the address progress is effectuated regarding privacy laws. Otherwise only a pseudonymization of the address takes place which is already a pseudonym or the process which itself needs to be permitted is beyond the purpose of the legal admission. Above all future prospects on the collection and processing of personal data on the layer above, the service layer, are given. Finally the framework is introduced which parameterizes and applies the algorithms similar to the rules of a network firewall depending on source and target address and port.

Quick access

BibTeX BibTeX


Fabian Haibl

BibTeX reference

    author = {Haibl, Fabian},
    title = {{Erstellung einer Funktion zur regelbasierten Anonymisierung von Verbindungsdaten im Internet}},
    advisor = {Dressler, Falko and Gerblinger, Manfred},
    institution = {Wilhelm-Schickard-Institute for Computer Science},
    location = {T{\"{u}}bingen, Germany},
    month = {5},
    school = {University of T{\"{u}}bingen},
    type = {Bachelor Thesis},
    year = {2005},

Copyright notice

Links to final or draft versions of papers are presented here to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or distributed for commercial purposes without the explicit permission of the copyright holder.

The following applies to all papers listed above that have IEEE copyrights: Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

The following applies to all papers listed above that are in submission to IEEE conference/workshop proceedings or journals: This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessible.

The following applies to all papers listed above that have ACM copyrights: ACM COPYRIGHT NOTICE. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept., ACM, Inc., fax +1 (212) 869-0481, or permissions@acm.org.

The following applies to all SpringerLink papers listed above that have Springer Science+Business Media copyrights: The original publication is available at www.springerlink.com.

This page was automatically generated using BibDB and bib2web.