From b141dce58128419fc414373f6aa3c1d9b425e3ad Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 31 Jan 2019 22:41:23 +0100 Subject: [PATCH] add: [anonymisation] Anonymisation object describing an anonymisation technique which is used in MISP anonymised attributes. --- objects/anonymisation/definition.json | 190 ++++++++++++++++++++++++++ 1 file changed, 190 insertions(+) create mode 100644 objects/anonymisation/definition.json diff --git a/objects/anonymisation/definition.json b/objects/anonymisation/definition.json new file mode 100644 index 0000000..5cf596b --- /dev/null +++ b/objects/anonymisation/definition.json @@ -0,0 +1,190 @@ +{ + "requiredOneOf": [ + "description", + "method", + "key", + "keyed-hash-function", + "encryption-function", + "regexp", + "iv" + ], + "attributes": { + "method": { + "description": "Anonymisation (pseudo or not) method(s) used", + "ui-priority": 1, + "disable_correlation": true, + "sane_default": [ + "hiding - Attribute is replaced with a constant value (typically 0) of the same size. Sometimes called 'black marker'.", + "hash - A hash function maps each attribute to a new (not necessarily unique) attribute.", + "permutation - Maps each original value to a unique new value.", + "prefix-preserving - Any two values that had the same n-bit prefix before anonymization will still have the same n-bit prefix as each other after anonymization. (Would be more accurately called 'prefix-relationship-preserving', because the actual prefix values are not preserved.) ", + "shift - Adds a fixed offset to each value/attribute.", + "enumeration - Map each original value to a new value such that their ordering is preserved.", + "partitioning - Possible values are partitioned into meaningful sets; actual values are replaced with a fixed value from the same set. E.g., TCP port numbers 0 to 1023 are replaced with 0, and 1024 to 65535 replaced with 65535.", + "updated - Checksums are recalculated to reflect changes made to other fields.", + "truncation - Field is shortened, losing data at the end.", + "encryption - Attribute is encrypted." + ], + "misp-attribute": "text", + "multiple": true + }, + "key": { + "description": "Key (such as a PSK in a keyed-hash-function) used to anonymise the attribute", + "ui-priority": 1, + "disable_correlation": true, + "misp-attribute": "text" + }, + "iv": { + "description": "Initialisation vector for the encryption function used to anonymise the attribute", + "ui-priority": 1, + "disable_correlation": true, + "misp-attribute": "text" + }, + "keyed-hash-function": { + "description": "Keyed-hash function used to anonymise the attribute", + "ui-priority": 1, + "disable_correlation": true, + "sane_default": [ + "hmac-sha1", + "hmac-md5", + "hmac-sha256", + "hmac-sha384", + "hmac-sha512" + ], + "misp-attribute": "text" + }, + "encryption-function": { + "description": "Encryption function or algorithm used to anonymise the attribute", + "ui-priority": 1, + "disable_correlation": true, + "sane_default": [ + "bf-cbc", + "bf", + "blowfish", + "bf-cfb", + "bf-ecb", + "bf-ofb", + "cast-cbc", + "cast", + "cast5-cbc", + "cast5-cfb", + "cast5-ecb", + "cast5-ofb", + "des-cbc", + "des", + "des-cfb", + "des-ofb", + "des-ecb", + "des-ede-cbc", + "des-ede", + "des-ede-cfb", + "des-ede-ofb", + "des-ede3-cbc", + "des-ede3", + "des3", + "des-ede3-cfb", + "des-ede3-ofb", + "desx", + "gost89", + "gost89-cnt", + "idea-cbc", + "idea", + "idea-cfb", + "idea-ecb", + "idea-ofb", + "rc2-cbc", + "rc2", + "rc2-cfb", + "rc2-ecb", + "rc2-ofb", + "rc2-64-cbc", + "rc2-40-cbc", + "rc4", + "rc4-64", + "rc4-40", + "rc5-cbc", + "rc5", + "rc5-cfb", + "rc5-ecb", + "rc5-ofb", + "seed-cbc", + "seed", + "seed-cfb", + "seed-ecb", + "seed-ofb", + "sm4-cbc", + "sm4", + "sm4-cfb", + "sm4-ctr", + "sm4-ecb", + "sm4-ofb", + "aes-128-cbc", + "aes128", + "aes-128-cfb", + "aes-128-cfb1", + "aes-128-cfb8", + "aes-128-ctr", + "aes-128-ecb", + "aes-128-ofb", + "aes-128-cbc", + "aes128", + "aes-192-cfb", + "aes-192-cfb1", + "aes-192-cfb8", + "aes-192-ctr", + "aes-192-ecb", + "aes-192-ofb", + "aes-192-cbc", + "aes192", + "aes-256-cfb", + "aes-256-cfb1", + "aes-256-cfb8", + "aes-256-ctr", + "aes-256-ecb", + "aes-256-ofb", + "camellia-128-cbc", + "camellia128", + "camellia-128-cfb", + "camellia-128-cfb1", + "camellia-128-cfb8", + "camellia-128-ctr", + "camellia-128-ecb", + "camellia-128-ofb", + "camellia-192-cbc", + "camellia192", + "camellia-192-cfb", + "camellia-192-cfb1", + "camellia-192-cfb8", + "camellia-192-ctr", + "camellia-192-ecb", + "camellia-192-ofb", + "camellia-256-cbc", + "camellia256", + "camellia-256-cfb", + "camellia-256-cfb1", + "camellia-256-cfb8", + "camellia-256-ctr", + "camellia-256-ecb", + "camellia-256-ofb" + ], + "misp-attribute": "text" + }, + "regexp": { + "description": "Regular expression to perfom the anonymisation (reversible or not)", + "ui-priority": 10, + "disable_correlation": true, + "misp-attribute": "text" + }, + "description": { + "description": "Description of the anonymisation technique or tool used", + "ui-priority": 1, + "disable_correlation": true, + "misp-attribute": "text" + } + }, + "version": 1, + "description": "Anonymisation object describing an anonymisation technique which is used in MISP anonymised attributes. Reference: https://www.caida.org/tools/taxonomy/anonymization.xml", + "meta-category": "misc", + "uuid": "5867cffe-60ff-44f6-b097-e5f36b5de0ac", + "name": "anonymisation" +}