Dude, where’s that IP? Circumventing measurement-based geolocation

Slides:

Advertisements

Similar presentations

Pune, India, 13 – 15 December 2010 ITU-T Kaleidoscope 2010 Beyond the Internet? - Innovations for future networks and services Dr. Bamba Gueye Joint work.

Advertisements

Dude, where’s that IP? Circumventing measurement-based IP geolocation Presented by: Steven Zittrower.

Security in Mobile Ad Hoc Networks

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Phillipa Gill, Yashar Ganijali Dept. of CS University of Toronto Bernard Wong Dept. of CS Cornell University David Lie Dept. of Electrical and Computer.

Fabián E. Bustamante, 2007 Meridian: A lightweight network location service without virtual coordinates B. Wong, A. Slivkins and E. Gün Sirer SIGCOM 2005.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Geolocation Les Cottrell – SLAC University of Helwan / Egypt, Sept 18 – Oct 3, 2010 Partially funded by DOE/MICS Field Work Proposal on Internet End-to-end.

King : Estimating latency between arbitrary Internet end hosts Krishna Gummadi, Stefan Saroiu Steven D. Gribble University of Washington Presented by:

Privacy-Preserving Cross-Domain Network Reachability Quantification

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.

A Detailed Path-latency Model for Router Geolocation Sándor Laki *, Péter Mátray, Péter Hága, István Csabai and Gábor Vattay Department of Physics of Complex.

Topology-Aware Overlay Networks By Huseyin Ozgur TAN.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

Understanding Network Failures in Data Centers: Measurement, Analysis and Implications Phillipa Gill University of Toronto Navendu Jain & Nachiappan Nagappan.

Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.

TOWARDS IDENTITY ANONYMIZATION ON GRAPHS. INTRODUCTION.

Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks Locations.

(jeez y) Where is the Internet? Answers from : (G. Whilikers) Out there. (Mike) the way I see it, the "internet" has to be somewhere. a router collects.

PingER: Research Opportunities and Trends R. Les Cottrell, SLAC University of Malaya.

Ao-Jan Su, David R. Choffnes, Fabián E. Bustamante and Aleksandar Kuzmanovic Department of EECS Northwestern University Relative Network Positioning via.

Sensor Positioning in Wireless Ad-hoc Sensor Networks Using Multidimensional Scaling Xiang Ji and Hongyuan Zha Dept. of Computer Science and Engineering,

Peer to Peer Research survey TingYang Chang. Intro. Of P2P Computers of the system was known as peers which sharing data files with each other. Build.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Towards Street-Level Client- Independent IP Geolocation Yong Wang, UESTC/Northwestern Daniel Burgener, Northwestern Marcel Flores, Northwestern Aleksandar.

University of Central Florida CAP 6135: Malware and Software Vulnerability Spring 2012 Paper Presentation Dude, where’s that IP? Circumventing measurement-based.

Aadil Zia Khan and Shahab Baqai LUMS School of Science and Engineering QoS Aware Path Selection in Content Centric Networks Fahad R. Dogar Carnegie Mellon.

CSE 548 Advanced Computer Network Security Document Search in MobiCloud using Hadoop Framework Sayan Cole Jaya Chakladar Group No: 1.

Energy-Aware Scheduling with Quality of Surveillance Guarantee in Wireless Sensor Networks Jaehoon Jeong, Sarah Sharafkandi and David H.C. Du Dept. of.

Streaming over Subscription Overlay Networks Department of Computer Science Iowa State University.

Live Streaming over Subscription Overlay Networks CS587x Lecture Department of Computer Science Iowa State University.

1 Passive Network Tomography Using Bayesian Inference Lili Qiu Joint work with Venkata N. Padmanabhan and Helen J. Wang Microsoft Research Internet Measurement.

Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson

An IP Address Based Caching Scheme for Peer-to-Peer Networks Ronaldo Alves Ferreira Joint work with Ananth Grama and Suresh Jagannathan Department of Computer.

A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-Time Lusheng Ji†, Joint work with Changxi Zheng‡, Dan Pei†, Jia Wang†, Paul Francis‡

How Others Compromise Your Location Privacy: The Case of Shared Public IPs at Hotspots N. Vratonjic, K. Huguenin, V. Bindschaedler, and J.-P. Hubaux PETS.

Determining the Geographic Location of Internet Hosts Venkata N. Padmanabhan Microsoft Research Lakshminarayanan Subramanian University of California at.

Eclipse Attacks on Overlay Networks: Threats and Defenses By Atul Singh, et. al Presented by Samuel Petreski March 31, 2009.

WSP: A Network Coordinate based Web Service Positioning Framework for Response Time Prediction Jieming Zhu, Yu Kang, Zibin Zheng and Michael R. Lyu The.

Privacy Preserving Payments in Credit Networks By: Moreno-Sanchez et al from Saarland University Presented By: Cody Watson Some Slides Borrowed From NDSS’15.

Network/Computer Security Workshop, May 06 The Robustness of Localization Algorithms to Signal Strength Attacks A Comparative Study Yingying Chen, Konstantinos.

Location Privacy Protection for Location-based Services CS587x Lecture Department of Computer Science Iowa State University.

U of Minnesota DIWANS'061 Energy-Aware Scheduling with Quality of Surveillance Guarantee in Wireless Sensor Networks Jaehoon Jeong, Sarah Sharafkandi and.

A Detailed Path-latency Model for Router Geolocation* Internetes hosztok mérés alapú geolokalizációja Sándor Laki, Péter Mátray, Péter Hága, István Csabai.

1 Travel Times from Mobile Sensors Ram Rajagopal, Raffi Sevlian and Pravin Varaiya University of California, Berkeley Singapore Road Traffic Control TexPoint.

Incrementally Improving Lookup Latency in Distributed Hash Table Systems Hui Zhang 1, Ashish Goel 2, Ramesh Govindan 1 1 University of Southern California.

Anycast enumeration and geolocation approaches Scuola Politecnica e delle Scienze di Base Corso di Laurea Magistrale in Ingegneria Informatica master’s.

Privacy Vulnerability of Published Anonymous Mobility Traces Chris Y. T. Ma, David K. Y. Yau, Nung Kwan Yip (Purdue University) Nageswara S. V. Rao (Oak.

Interaction and Animation on Geolocalization Based Network Topology by Engin Arslan.

Spam detection using IP geolocation O-talk Andriy Stetsko.

In the name of God.

Internet Quarantine: Requirements for Containing Self-Propagating Code

Lecture 13 – Network Mapping

Suhankar Mishra1, Thang N. Dinh2, My T. Thai1, and Incheol Shin3

Vivaldi: A Decentralized Network Coordinate System

Authors – Johannes Krupp, Michael Backes, and Christian Rossow(2016)

Packet Leashes: Defense Against Wormhole Attacks

Location Cloaking for Location Safety Protection of Ad Hoc Networks

Zhichen Xu, Mallik Mahalingam, Magnus Karlsson

RandPing: A Randomized Algorithm for IP Mapping

Phillipa Gill University of Toronto

Chandrika Jayant Ethan Katz-Bassett

CS590B/690B Detecting network interference (Spring 2018)

Provable Security at Implementation-level

Storing and Replication in Topic-Based Pub/Sub Networks

No-Jump-into-Latency in China's Internet

Presentation transcript:

Dude, where’s that IP? Circumventing measurement-based geolocation Phillipa Gill* Yashar Ganjali*,Bernard Wong**, David Lie*** *Dept. of Computer Science, University of Toronto **Dept. of Computer Science, Cornell University ***Dept. of Electrical and Computer Engineering, University of Toronto

P. Gill - University of Toronto Motivation Applications benefit from geolocating clients: Online advertising & search engines Restricting access to online content Multimedia Online gambling Fraud prevention Looking forward: Geolocation to locate VMs hosted by cloud provider Location-based SLAs 11/10/2018 P. Gill - University of Toronto

P. Gill - University of Toronto Motivation (con’t) Targets have incentive to lie Web clients: Gain access to content Commit fraud Cloud computing: Need the ability to guarantee the result of geolocation 11/10/2018 P. Gill - University of Toronto

P. Gill - University of Toronto Our contributions First to consider measurement-based geolocation of an adversary Two models of adversarial geolocation targets Web client (end host) Cloud provider (network) Evaluation of attacks on delay and topology-based geolocation. 11/10/2018 P. Gill - University of Toronto

P. Gill - University of Toronto Road map Motivation & Contributions Background Adversary models Evaluation Conclusions Future work 11/10/2018 P. Gill - University of Toronto

Geolocation background Databases/passive approaches whois services Commercial databases Quova, MaxMind, etc. Drawbacks: coarse-grained, slow to update Measurement-based geolocation Landmark machines with known locations Active probing of the target Constrain location of target 11/10/2018 P. Gill - University of Toronto

Measurement-based geolocation Delay-based geolocation example Constraint-based geolocation [Gueye et al. ToN ‘06] Ping other landmarks to calibrate Distance-delay function Ping! Ping! Ping! 11/10/2018 P. Gill - University of Toronto

Measurement-based geolocation Delay-based geolocation example Constraint-based geolocation [Gueye et al. ToN ‘06] 2. Ping target Ping! Ping! Ping! Ping! 11/10/2018 P. Gill - University of Toronto

Measurement-based geolocation Delay-based geolocation example Constraint-based geolocation [Gueye et al. ToN ‘06] 3. Map delay to distance from target 4. Constrain target location 11/10/2018 P. Gill - University of Toronto

Types of measurement-based geolocation: Delay-based: Constraint-based geolocation (CBG) [Gueye et al. ToN ‘06] Computes region where target may be located Average accuracy: 78-182 km Topology-aware: Octant [Wong et al. NSDI 2007] Considers delay between hops on path Geolocates nodes along the path Median accuracy: 35-40 km 11/10/2018 P. Gill - University of Toronto

P. Gill - University of Toronto Road map Motivation & Contributions Background Adversary models Evaluation Conclusions Future work 11/10/2018 P. Gill - University of Toronto

Simple adversary (e.g., Web client) Knows the geolocation algorithm Able to delay their response to probes i.e., increase observed delays Landmark i 11/10/2018 P. Gill - University of Toronto

Sophisticated adversary (e.g., Cloud provider) Controls the network the target is located in Network has multiple geographically distributed entry points Adversary constructs network paths to mislead topology-aware geolocation tar target 11/10/2018 landmark

P. Gill - University of Toronto Road map Motivation & Contributions Background Adversary models Evaluation Conclusions Future work 11/10/2018 P. Gill - University of Toronto

P. Gill - University of Toronto Evaluation Questions: How accurately can an adversary mislead geolocation? Can they be detected? Methodology: Collected traceroutes between 50 PlanetLab nodes. Each node takes turn as target Each target moved to a set of forged locations 11/10/2018 P. Gill - University of Toronto

P. Gill - University of Toronto Delay-adding attack L3 L2 L1 Increase delay by time to travel difference of g1 and g2 Challenge: how to map distance to delay Attack v1: speed of light Attack v2: knowledge of the “best-line” function Forged location 11/10/2018 P. Gill - University of Toronto

P. Gill - University of Toronto Hop-adding attack Multiple network entry points In-degree 3 for each node Fake node next to each forged location 11/10/2018 P. Gill - University of Toronto

Accuracy for the adversary Best-case delay adding attack Even in best-case delay-adding attack is less precise than hop-adding Hop adding attack 11/10/2018 P. Gill - University of Toronto

Detectability: Delay-adding Area of intersection increases as delay is added Abnormally large region sizes can reveal results that have been tampered with 11/10/2018 P. Gill - University of Toronto

Detectability: Hop-adding Hop adding is able to mislead the algorithm without increasing region size! 11/10/2018 P. Gill - University of Toronto

P. Gill - University of Toronto Road map Motivation Background Adversary models Evaluation Conclusions Future work 11/10/2018 P. Gill - University of Toronto

P. Gill - University of Toronto Conclusions Current geolocation approaches are susceptible to malicious targets Databases misled by proxies Measurement-based geolocation by attacks on delay and topology measurements Topology-aware geolocation techniques are more susceptible to the sophisticated adversary Delay-adding attacks limited by accuracy and detectability 11/10/2018 P. Gill - University of Toronto

P. Gill - University of Toronto Future work Develop a framework for secure geolocation Leverage the existence of desired location: Require the adversary to prove they are in the correct location Goals: Provable security: Upper bound on what an adversary can get away with. Practical framework: Should be tolerant of variations in network delay 11/10/2018 P. Gill - University of Toronto

P. Gill - University of Toronto Questions? Another reason not to trust databases! Contact: phillipa@cs.toronto.edu 11/10/2018 P. Gill - University of Toronto

P. Gill - University of Toronto 11/10/2018 P. Gill - University of Toronto

P. Gill - University of Toronto 11/10/2018 P. Gill - University of Toronto