ONTAS Flexible and Scalable Online Network Traffic Anonymization System

Real packet traces are not only used to detect and diagnose various network issues related to performance and security, but also to train intelligent learning models enabling networks that can run themselves.

However, packets in a network carry a lot of information which can be used to personally identify users and their online behavior. Such information, like MAC and IP addresses, should be anonymized.

Yet, anonymizing a captured packet trace takes significant amount of time and effort, and existing tools that run on x86 systems cannot keep up with the speed of live traffic.

ONTAS is an anonymization service that runs directly on a programmable data plane.

  • Performs anonymization of traffic in line-rate
  • Flexible and versatile
  • Easy to configure anonymization policy
  • Runs on real hardware with a Tofino chip

Code for BMv2

GitHub Repo

Code for Tofino

GitHub Repo

Project lead

Joon Kim (joonk@princeton.edu)
Arpit Gupta (arpitgupta@cs.ucsb.edu)

Publications