University of Central Florida CAP 6135: Malware and Software Vulnerability Spring 2012 Paper Presentation Dude, where’s that IP? Circumventing measurement-based.

Slides:

Advertisements

Similar presentations

Pune, India, 13 – 15 December 2010 ITU-T Kaleidoscope 2010 Beyond the Internet? - Innovations for future networks and services Dr. Bamba Gueye Joint work.

Advertisements

Dude, where’s that IP? Circumventing measurement-based IP geolocation Presented by: Steven Zittrower.

Security in Mobile Ad Hoc Networks

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.

Locating Prefix Hijackers using LOCK Tongqing Qiu +, Lusheng Ji *, Dan Pei * Jia Wang *, Jun (Jim) Xu +, Hitesh Ballani ++ + College of Computing, Georgia.

CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Phillipa Gill, Yashar Ganijali Dept. of CS University of Toronto Bernard Wong Dept. of CS Cornell University David Lie Dept. of Electrical and Computer.

Data Communications and Computer Networks Chapter 4 CS 3830 Lecture 22 Omar Meqdadi Department of Computer Science and Software Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

IP: The Internet Protocol

Traffic Engineering With Traditional IP Routing Protocols

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Kyushu University Graduate School of Information Science and Electrical Engineering Department of Advanced Information Technology Supervisor: Professor.

A Framework for Cost-Effective Peer-to- Peer Content Distribution Mohamed Hefeeda and Bharat Bhargava Department of Computer Sciences Purdue University.

Stealth Probing: Efficient Data- Plane Security for IP Routing Ioannis Avramopoulos Princeton University Joint work with Jennifer Rexford.

NEtwork MObility By: Kristin Belanger. Contents Introduction Introduction Mobile Devices Mobile Devices Objectives Objectives Security Security Solution.

1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.

COMPUTER NETWORKS.

Securing Wireless Mesh Networks By Ben Salem & Jean-Pierre Hubaux Presented by Akilesh Sadassivam (Group Leader) Harish Varadarajan Selvaganesh Dharmeswaran.

Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks Locations.

Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.

How the Internet Works Acknowledgment and Disclaimer: This presentation is supported in part by the National Science Foundation under Grant Any.

IP-Geolocation Mapping for Moderately Connected Internet Regions.

Ao-Jan Su, David R. Choffnes, Fabián E. Bustamante and Aleksandar Kuzmanovic Department of EECS Northwestern University Relative Network Positioning via.

Impact of Prefix Hijacking on Payments of Providers Pradeep Bangera and Sergey Gorinsky Institute IMDEA Networks, Madrid, Spain Developing the Science.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

Towards Street-Level Client- Independent IP Geolocation Yong Wang, UESTC/Northwestern Daniel Burgener, Northwestern Marcel Flores, Northwestern Aleksandar.

IDRM: Inter-Domain Routing Protocol for Mobile Ad Hoc Networks C.-K. Chau, J. Crowcroft, K.-W. Lee, S. H.Y. Wong.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

Streaming over Subscription Overlay Networks Department of Computer Science Iowa State University.

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

Live Streaming over Subscription Overlay Networks CS587x Lecture Department of Computer Science Iowa State University.

Review of the literature : DMND:Collecting Data from Mobiles Using Named Data Takashima Daiki Park Lab, Waseda University, Japan 1/15.

A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.

A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-Time Lusheng Ji†, Joint work with Changxi Zheng‡, Dan Pei†, Jia Wang†, Paul Francis‡

Peer Centrality in Socially-Informed P2P Topologies Nicolas Kourtellis, Adriana Iamnitchi Department of Computer Science & Engineering University of South.

Probabilistic Coverage in Wireless Sensor Networks Authors : Nadeem Ahmed, Salil S. Kanhere, Sanjay Jha Presenter : Hyeon, Seung-Il.

1 CNT 4704 Analysis of Computer Communication Networks Cliff Zou Department of Electrical Engineering and Computer Science University of Central Florida.

SECURITY IN CLOUD COMPUTING By Bina Bhaskar Anand Mukundan.

Vulnerability in Socially-informed Peer-to-Peer Systems Jeremy Blackburn Nicolas Kourtellis Adriana Iamnitchi University of South Florida.

Determining the Geographic Location of Internet Hosts Venkata N. Padmanabhan Microsoft Research Lakshminarayanan Subramanian University of California at.

Cybersecurity: Expanding the Front Lines of Defense Dr. George K. Kostopoulos Professor Electrical and Computer Engineering Cybersecurity New York Institute.

Privacy Preserving Payments in Credit Networks By: Moreno-Sanchez et al from Saarland University Presented By: Cody Watson Some Slides Borrowed From NDSS’15.

Routing Security in Wireless Ad Hoc Networks Chris Zingraf, Charisse Scott, Eileen Hindmon.

Free, online, technical courses Take a free online course. Microsoft Virtual Academy.

1 Data Overhead Impact of Multipath Routing for Multicast in Wireless Mesh Networks Yi Zheng, Uyen Trang Nguyen and Hoang Lan Nguyen Department of Computer.

1 IP2Geo: Locating Internet Hosts Geographically Venkat Padmanabhan Microsoft Research Joint work with L. Subramanian (UC Berkeley)

1 Scalability and Accuracy in a Large-Scale Network Emulator Nov. 12, 2003 Byung-Gon Chun.

Interaction and Animation on Geolocalization Based Network Topology by Engin Arslan.

1 Computer Networks Chapter 5. Network layer The network layer is concerned with getting packets from the source all the way to the destination. Getting.

Presented by Edith Ngai MPhil Term 3 Presentation

CNT 4704 Computer Communication Networking (not “analysis”)

Vivaldi: A Decentralized Network Coordinate System

Mohammad Malli Chadi Barakat, Walid Dabbous Alcatel meeting

COMP 3270 Computer Networks

Dude, where’s that IP? Circumventing measurement-based geolocation

RandPing: A Randomized Algorithm for IP Mapping

Phillipa Gill University of Toronto

DDoS Attack Detection under SDN Context

Chandrika Jayant Ethan Katz-Bassett

i-Path : Network Transparency Project

Anupam Das , Nikita Borisov

CS590B/690B Detecting network interference (Spring 2018)

Rob Jansen, U.S. Naval Research Laboratory

No-Jump-into-Latency in China's Internet

Presentation transcript:

University of Central Florida CAP 6135: Malware and Software Vulnerability Spring 2012 Paper Presentation Dude, where’s that IP? Circumventing measurement-based IP geolocation Phillipa Gill, Yashar Ganjali, Bernard Wong, and David Lie Presenter Ahmad Alzahrani

Information about the Paper: Authors: Phillipa Gill and Yashar Ganjali Dept. of Computer Science, University of Toronto David Lie Dept. of Electrical and Computer Engineering, University of Toronto Bernard Wong Dept. of Computer Science, Cornell University Presented at the 19th USENIX Security Symposium, on August 12, 2010 in San Jose, CA during the Internet Security session.

Background What is IP Geolocation?

Introduction Applications benefit from IP Geolocation –Online advertising –Search engines –Restrict access to online content Multimedia –Fraud Preventions –Geolocation to locate VMs hosted by cloud provider

Motivation Who has incentive to circumvent IP geolocation? Web clients: –Gain access to content –Online payment fraud Cloud service –Location-based SLAs - cloud providers.

Paper Contributions Evaluation of two attacks. First to study measurement-based geolocation of an adversary Studied two models of adversarial geolocation targets (end host & WAN)

Background

Measurement-based geolocation Delay-based geolocation (e.g. Constraint-based geolocation Gueye et al. ) Ping! courtesy Phillipa

Measurement-based geolocation Delay-based geolocation (e.g. Constraint-based geolocation Gueye et al. ) Ping! courtesy Phillipa

12 courtesy Phillipa

Topology-aware geolocation Assume no direct path to target. Locate also hops on the way. Takes into account circuitous network paths. courtesy Phillipa Ping!

Measurement-based geolocation Delay-based: –Constraint-based geolocation (CBG) [Gueye et al] –Accuracy: ~ km Topology-aware: –Octant [Wong et al.] –Delay between hops on path is considered –Locate nodes along the path –Median accuracy: ~ km

Two Attacks have been studied: (1) Delay-adding attack Increase delay by time to travel the difference Challenge: how to map distance to delay? - - Access to the map function. L3 L2 L1 Forged location

Two Attacks have been studied: (2) Hop-adding attack Landmark 1 Landmark 2 Target

Two Attacks have been studied: (2) Hop-adding attack Multiple network entry points Internal router (each connected to 3)Forged location courtesy Phillipa

Evaluation –Are the attacks effective? –What is the accuracy achieved by the attacker to mislead geolocation. –Can the attacks be detected? Experiment1 (Delay-adding Attack) –Collected measurements inputs using 50 PlanetLab nodes. –Each node of the 50 takes turn as target. –Each target moved to 50 forged locations.

Delay-adding Attack - Simulation Setup

Delay-adding attack (Detectability?)

Delay-adding attack (How accurate?) 22 NYC-SFO 700 M/KM

Hop-Adding Attack - Simulation Setup -Targets : 80 nodes (50 in US and 30 in EU) -Forget Locations : 11 inside above WAN (4 Gateways, 15 Internal Routers)

Hop-adding attack (Detectability?)

Best-case(delay adding attack) Hop adding attack 25 Hop-adding attack (How accurate?)

Recap Simple Attacker Sophisticated Attacker Delay-based Attack 11 Topology-aware Attack 12 1 – Detectable using region size, accuracy depends on distance to forged location. 2 – High Accuracy and difficult to detect.

Conclusion Measurement-Based Geolocation algorithms are susceptible to delay-based and topology measurements. Two models of adversaries have been considered. Two attacks have been developed and evaluated. The more advanced and accurate algorithm is more susceptible to tampering

Possible Extensions Develop secure measurement protocol to reduce ability of attackers to change measurements. Provide real-world results of the proposed attacks to study the effect of network congestion state on accuracy.

Qs & As