Presentation is loading. Please wait.

Presentation is loading. Please wait.

Phillipa Gill, Yashar Ganijali Dept. of CS University of Toronto Bernard Wong Dept. of CS Cornell University David Lie Dept. of Electrical and Computer.

Published byJoelle Whitler Modified over 9 years ago

Similar presentations

Presentation on theme: "Phillipa Gill, Yashar Ganijali Dept. of CS University of Toronto Bernard Wong Dept. of CS Cornell University David Lie Dept. of Electrical and Computer."— Presentation transcript:

1 Phillipa Gill, Yashar Ganijali Dept. of CS University of Toronto Bernard Wong Dept. of CS Cornell University David Lie Dept. of Electrical and Computer Engineering University of Toronto USENIX SECURITY SYMPOSIUM, August, 2010 Phillipa Gill, Yashar Ganijali Dept. of CS University of Toronto Bernard Wong Dept. of CS Cornell University David Lie Dept. of Electrical and Computer Engineering University of Toronto USENIX SECURITY SYMPOSIUM, August, 2010 A Presentation at Advanced Defense Lab

2 Outline Introduction Geolocation Background Security Model Delay-based geolocation Topology-aware geolocation Conclusion Advanced Defense Lab2

3 Introduction Are current geolocation algorithms accurate enough to locate an IP within a certain country or jurisdiction? How can adversaries attack a geolocation system? How effective are such attacks? Advanced Defense Lab3

4 Outline Introduction Geolocation Background Security Model Delay-based geolocation Topology-aware geolocation Conclusion Advanced Defense Lab4

5 Geolocation Background Advanced Defense Lab5

6 Outline Introduction Geolocation Background Security Model Delay-based geolocation Topology-aware geolocation Conclusion Advanced Defense Lab6

7 Security Model The user want to known the geolocation of an IP. The IP owner want to mislead that user to a forged target. Additive noise introduced by the Internet. Two Assumptions: The adversary can’t compromise the landmarks or run code on them, but modify the properties of traffic traveling on network links directly connected to a machine under its control. The network measurements made by landmarks actually reach the target. Advanced Defense Lab7

8 Outline Introduction Geolocation Background Security Model Delay-based geolocation Topology-aware geolocation Conclusion Advanced Defense Lab8

9 Delay-based geolocation Using measurements of end-to-end network delays to geolocate the target IP. The landmarks (Li) have known geographic locations (Gi) (Gij,Dij) a distance-to-delay function Advanced Defense Lab9

10 Delay-based geolocation Attack the CBG system PlanetLab Advanced Defense Lab10

11 Delay-based geolocation Attack the CBG system 50 nodes from PlanetLab, take turns (2,500 results). Advanced Defense Lab11 40 nodes in the US 10 nodes outside the US

12 Delay-based geolocation Attack the CBG system An adversary can’t move a target that is not within the same region as the landmarks into that region. Advanced Defense Lab12

13 Delay-based geolocation Attack the CBG system Advanced Defense Lab13

14 Delay-based geolocation Attack the CBG system Advanced Defense Lab14

15 Delay-based geolocation Attack the CBG system Advanced Defense Lab15

16 Delay-based geolocation Attack the CBG system Advanced Defense Lab16

17 Delay-based geolocation Attack the CBG system Advanced Defense Lab17

18 Outline Introduction Geolocation Background Security Model Delay-based geolocation Topology-aware geolocation Conclusion Advanced Defense Lab18

19 Topology-aware geolocation Account all intermediate routers in addition to the target node. TBG: Towards IP Geolocation Using Delay and Topology Measurements. Octant: A Comprehensive Framework for the Geolocalization of Internet Hosts. The target is localized to a feasibility region generated based on latencies from the last hop(s) before the target, and the centroid of the region is returned. Advanced Defense Lab19

20 Topology-aware geolocation If the network paths from the landmarks to the target converge to a single common gateway router; increasing the end-to-end delays between the landmarks and the target can be detected and mitigated by topology-aware geolocation systems. Advanced Defense Lab20

21 Topology-aware geolocation Increasing the delay between each gateway and the target can only be as effective against topology-based geolocation as increasing end-to-end delays against delay-based geolocation with a reduced set of landmarks. Advanced Defense Lab21

22 Topology-aware geolocation Attack them ER = {er0,er1,…,erm} Externally visible nodes in an adversary’s network consist of gateway routers. F = {f0,f1,…,fn} Internal routers, and can be fictitious. T = {T0,T1,…,Ts} End-points. G = (V,E) V = F U ER U T, represents routers. E = {e0,e1,…,ek} with weights w(ei), is the set of links connecting the routers with weights representing network delays. Advanced Defense Lab22

23 Topology-aware geolocation Attack them An adversary with control over three or more geographically distributed gateway routers to its network can move the target to an arbitrary location. Topology-based attacks can assign arbitrary latencies from the ingress points to the target. Naming attack extension Topology-based geolocation systems [TBG,Octant] rely on undns tool witch can extract approximate city locations from the domain names of routers. Advanced Defense Lab23

24 Topology-aware geolocation Attack them Red: 14 non-existent internal routers (F) White: 11 forged locations (T) Black: 4 External routers (ER) Advanced Defense Lab24

25 Topology-aware geolocation Attack them Using the same set of 50 PlanetLab nodes used in evaluating the delay-adding attack, with an additional 30 European PlanetLab nodes that act only as targets attempting to move into North America. Each of the 80 PlanetLab nodes takes a turn being the target with the remaining US PlanetLab nodes used as landmarks. Total of 880 attacks. Advanced Defense Lab25

26 Topology-aware geolocation Attack them Advanced Defense Lab26

27 Topology-aware geolocation Attack them Without undns ext. NA target within 680 km, 50% of the time. Moving a target from EU to NA within 929 km. Advanced Defense Lab27

28 Topology-aware geolocation Attack them Advanced Defense Lab28

29 Topology-aware geolocation Attack them The def. of circuitousness (C): Advanced Defense Lab29

30 Outline Introduction Geolocation Background Security Model Delay-based geolocation Topology-aware geolocation Conclusion Advanced Defense Lab30

31 Conclusion Developed and evaluated two attacks against delay-based and topology-aware geolocation. The most surprising findings is that the more advanced and accurate topology-aware geolocation techniques are more susceptible to covert tampering than the simpler leverage delay. Topology-aware geolocation fares no better against a simple adversary and worse against a sophisticated one. Advanced Defense Lab31

Download ppt "Phillipa Gill, Yashar Ganijali Dept. of CS University of Toronto Bernard Wong Dept. of CS Cornell University David Lie Dept. of Electrical and Computer."

Similar presentations

Dude, where’s that IP? Circumventing measurement-based IP geolocation Presented by: Steven Zittrower.

Dude, where’s that IP? Circumventing measurement-based IP geolocation Presented by: Steven Zittrower.
Understanding Geolocation Accuracy using Network Geometry Brian Eriksson Technicolor Palo Alto Mark Crovella Boston University.

Understanding Geolocation Accuracy using Network Geometry Brian Eriksson Technicolor Palo Alto Mark Crovella Boston University.
LASTor: A Low-Latency AS-Aware Tor Client

LASTor: A Low-Latency AS-Aware Tor Client
SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.

SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.
1 Advancing Supercomputer Performance Through Interconnection Topology Synthesis Yi Zhu, Michael Taylor, Scott B. Baden and Chung-Kuan Cheng Department.

1 Advancing Supercomputer Performance Through Interconnection Topology Synthesis Yi Zhu, Michael Taylor, Scott B. Baden and Chung-Kuan Cheng Department.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.

Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.
Traffic Engineering With Traditional IP Routing Protocols

Traffic Engineering With Traditional IP Routing Protocols
King : Estimating latency between arbitrary Internet end hosts Krishna Gummadi, Stefan Saroiu Steven D. Gribble University of Washington Presented by:

King : Estimating latency between arbitrary Internet end hosts Krishna Gummadi, Stefan Saroiu Steven D. Gribble University of Washington Presented by:
An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.
© 2003 By Default! A Free sample background from www.powerpointbackgrounds.com Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

© 2003 By Default! A Free sample background from Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,
A Measurement Framework for Pin-Pointing Routing Changes Renata Teixeira (UC San Diego) with Jennifer Rexford (AT&T)

A Measurement Framework for Pin-Pointing Routing Changes Renata Teixeira (UC San Diego) with Jennifer Rexford (AT&T)
Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932

Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932
CS335 Networking & Network Administration Tuesday, April 20, 2010.

CS335 Networking & Network Administration Tuesday, April 20, 2010.
Spring 20071 Routing & Switching Umar Kalim Dept. of Communication Systems Engineering 06/04/2007.

Spring Routing & Switching Umar Kalim Dept. of Communication Systems Engineering 06/04/2007.
On Self Adaptive Routing in Dynamic Environments -- A probabilistic routing scheme Haiyong Xie, Lili Qiu, Yang Richard Yang and Yin Yale, MR and.

On Self Adaptive Routing in Dynamic Environments -- A probabilistic routing scheme Haiyong Xie, Lili Qiu, Yang Richard Yang and Yin Yale, MR and.
Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.

Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Similar presentations

Ads by Google