Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dude, where’s that IP? Circumventing measurement-based IP geolocation Presented by: Steven Zittrower.

Published byMaia Hince Modified over 9 years ago

Similar presentations

Presentation on theme: "Dude, where’s that IP? Circumventing measurement-based IP geolocation Presented by: Steven Zittrower."— Presentation transcript:

1 Dude, where’s that IP? Circumventing measurement-based IP geolocation Presented by: Steven Zittrower

2 Authors: Phillipa Gill, Yashar Ganjali, David Lie (University of Toronto) & Bernard Wong (Cornell University)

3 USENIX Security ‘10 Proceedings of the 19 th USENIX Conference on Security

4 IP Geolocation  Determine location of computer based on its IP  Methods  Passive methods  Delay-based techniques  Topology-aware techniques  Hulu, BBC iPlayer, Pandora, mlb.tv, Google Search Results  Banks, Facebook, Gmail  Internet Gambling

5 Examples, Access Control

6 More examples, Custom Content Geolocation Based Search Results

7 Examples in Cloud Computing  Regional restrictions of cloud servers  Virtual Machines required by law or SLA to be in certain physical locations  Malicious providers incentivized to circumvent geolocation

8 Passive Approaches for Location  WHOIS  Database of server information  Commercial databases  Quova  MaxMind  Arbitrarily updated  Proxies can circumvent databases

9 Active Approaches  Measurement Based  Use known landmarks  Calculate time delays and traffic paths  Algorithms approximate location  Combination of passive and active methods

10 Delay-based Geolocation ping

11 Delay-based Geolocation

12 Topology-aware Geolocation  Knows some routing information ( traceroute )  Uses RTT and topology to better determine location Delay-based geolocation assumes direct routes ping

13 Effectiveness of Approaches ClassAlgorithmAverage Accuracy (km) Delay-Based GeoPing109-150 CGB78-182 Statistical92 Learning-based407-449 Topology- Aware TBG194 Octant35-40 (median) Other GeoTrack156 (median) Courtesy of Dude, where’s that IP…

14 Attacks and Adversaries Simple Adversary  Tampers with RTT times  Delays packets from certain landmarks  Can only increase RTT  Models a home user Sophisticated Adversary  Can fake routes and paths  Owns several IP addresses/gateways  Constructs paths to confuse topology-aware geolocation  Adds delays in-between hops on path  Models a cloud service provider

15 Delay Adding Attacks (Simple Attack)

16 Limits and Downsides  Cannot move a target to a forged location that’s in the same region of the landmarks  Cannot decrease RRT’s  Detection is evident by large intersection areas  Limited accuracy  Poor against topology-aware geolocation

17 50 Landmarks Used For Evaluation

18 Each Landmark Moved To “Forged” Location

19 Accuracy of Attacks Courtesy of Dude, where’s that IP…

20 CDF of Region Sizes Courtesy of Dude, where’s that IP…

21 Topology-Aware Geolocation  Determines delay of each intermediate router in path  Estimates location of each stop  Limits impact of circuitous end-to-end paths  Better estimates of target location  Very effective in detecting Simple attacks

22 Sophisticated Attacks vs. Topology- Aware Geolocation  Adversary has geographically distributed gateway routers in its network  Delay routes along path instead of just the last node  Paper’s Claim: Theoretically with three or more geographically distributed gateway routers an adversary can move a target to an arbitrary location!

23 Accuracy of Attack Courtesy of Dude, where’s that IP…

24 CDF of Region Sizes Courtesy of Dude, where’s that IP… Very little increase in intersection sizes

25 Conclusions  Current Geolocation methods are highly susceptible to attacks  Topology-Aware Method  Better at locating non-malicious users  Much worse at detecting malicious attackers  Simple attacks good enough to get within target country  Sophisticated attacks with topology-aware geolocation can relocate to specific states  Need for better location based detection  Better algorithms for detection of malicious users

26 Contributions  Evaluated current methods of geolocation  Devised two separate attacks for each method (simple & sophisticated)  Suggested methods for detection of attacks

27 Weaknesses  No data on frequency of attacks (are these attacks common?)  Evaluation nodes all within North America (only one outside of the USA)  Limited explanation on Best-Line vs. Speed of Light attacks

28 Improvements  Provide suggestions for ways to prevent attacks  Better analysis on which algorithms within each class work the best for detecting malicious users

29 References  Dude, where’s that IP? Circumventing measurement-based IP geolocation  mlb.tv  Google  Amazon EC2

Download ppt "Dude, where’s that IP? Circumventing measurement-based IP geolocation Presented by: Steven Zittrower."

Similar presentations

Pune, India, 13 – 15 December 2010 ITU-T Kaleidoscope 2010 Beyond the Internet? - Innovations for future networks and services Dr. Bamba Gueye Joint work.

Pune, India, 13 – 15 December 2010 ITU-T Kaleidoscope 2010 Beyond the Internet? - Innovations for future networks and services Dr. Bamba Gueye Joint work.
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Understanding Geolocation Accuracy using Network Geometry Brian Eriksson Technicolor Palo Alto Mark Crovella Boston University.

Understanding Geolocation Accuracy using Network Geometry Brian Eriksson Technicolor Palo Alto Mark Crovella Boston University.
TYPES OF COMPUTER NETWORKS

TYPES OF COMPUTER NETWORKS
Ningning HuCarnegie Mellon University1 Optimizing Network Performance In Replicated Hosting Peter Steenkiste (CMU) with Ningning Hu (CMU), Oliver Spatscheck.

Ningning HuCarnegie Mellon University1 Optimizing Network Performance In Replicated Hosting Peter Steenkiste (CMU) with Ningning Hu (CMU), Oliver Spatscheck.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
Impact Analysis of Cheating in Application Level Multicast s 1090176 Masayuki Higuchi.

Impact Analysis of Cheating in Application Level Multicast s 1090176 Masayuki Higuchi.
Phillipa Gill, Yashar Ganijali Dept. of CS University of Toronto Bernard Wong Dept. of CS Cornell University David Lie Dept. of Electrical and Computer.

Phillipa Gill, Yashar Ganijali Dept. of CS University of Toronto Bernard Wong Dept. of CS Cornell University David Lie Dept. of Electrical and Computer.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
Geolocation Les Cottrell – SLAC University of Helwan / Egypt, Sept 18 – Oct 3, 2010 Partially funded by DOE/MICS Field Work Proposal on Internet End-to-end.

Geolocation Les Cottrell – SLAC University of Helwan / Egypt, Sept 18 – Oct 3, 2010 Partially funded by DOE/MICS Field Work Proposal on Internet End-to-end.
Internet Traffic Patterns Learning outcomes –Be aware of how information is transmitted on the Internet –Understand the concept of Internet traffic –Identify.

Internet Traffic Patterns Learning outcomes –Be aware of how information is transmitted on the Internet –Understand the concept of Internet traffic –Identify.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
CS 672 Paper Presentation Presented By Saif Iqbal “CarNet: A Scalable Ad Hoc Wireless Network System” Robert Morris, John Jannotti, Frans Kaashoek, Jinyang.

CS 672 Paper Presentation Presented By Saif Iqbal “CarNet: A Scalable Ad Hoc Wireless Network System” Robert Morris, John Jannotti, Frans Kaashoek, Jinyang.
Geographic Routing Without Location Information A. Rao, C. Papadimitriou, S. Shenker, and I. Stoica In Proceedings of the 9th Annual international Conference.

Geographic Routing Without Location Information A. Rao, C. Papadimitriou, S. Shenker, and I. Stoica In Proceedings of the 9th Annual international Conference.
Network Measurement Bandwidth Analysis. Why measure bandwidth? Network congestion has increased tremendously. Network congestion has increased tremendously.

Network Measurement Bandwidth Analysis. Why measure bandwidth? Network congestion has increased tremendously. Network congestion has increased tremendously.
A Criticism of: “Moving beyond end-to-end path information to optimize CDN performance” Gautam Bhawsar Alok Rakkhit.

A Criticism of: “Moving beyond end-to-end path information to optimize CDN performance” Gautam Bhawsar Alok Rakkhit.
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
ROUTING ON THE INTERNET COSC 6590 1 14-Aug-15. Routing Protocols  routers receive and forward packets  make decisions based on knowledge of topology.

ROUTING ON THE INTERNET COSC Aug-15. Routing Protocols  routers receive and forward packets  make decisions based on knowledge of topology.
© 2014 UZH, chkroute – A tool for route compliance analyisis Daniel Dönni 1 1 Department of Informatics IFI, Communication Systems Group CSG, University.

© 2014 UZH, chkroute – A tool for route compliance analyisis Daniel Dönni 1 1 Department of Informatics IFI, Communication Systems Group CSG, University.

Similar presentations

Ads by Google