Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dude, where’s that IP? Circumventing measurement-based geolocation

Published byΤάκης Μεσσηνέζης Modified over 5 years ago

Similar presentations

Presentation on theme: "Dude, where’s that IP? Circumventing measurement-based geolocation"— Presentation transcript:

1 Dude, where’s that IP? Circumventing measurement-based geolocation
Phillipa Gill* Yashar Ganjali*,Bernard Wong**, David Lie*** *Dept. of Computer Science, University of Toronto **Dept. of Computer Science, Cornell University ***Dept. of Electrical and Computer Engineering, University of Toronto

2 P. Gill - University of Toronto
Motivation Applications benefit from geolocating clients: Online advertising & search engines Restricting access to online content Multimedia Online gambling Fraud prevention Looking forward: Geolocation to locate VMs hosted by cloud provider Location-based SLAs 11/10/2018 P. Gill - University of Toronto

3 P. Gill - University of Toronto
Motivation (con’t) Targets have incentive to lie Web clients: Gain access to content Commit fraud Cloud computing: Need the ability to guarantee the result of geolocation 11/10/2018 P. Gill - University of Toronto

4 P. Gill - University of Toronto
Our contributions First to consider measurement-based geolocation of an adversary Two models of adversarial geolocation targets Web client (end host) Cloud provider (network) Evaluation of attacks on delay and topology-based geolocation. 11/10/2018 P. Gill - University of Toronto

5 P. Gill - University of Toronto
Road map Motivation & Contributions Background Adversary models Evaluation Conclusions Future work 11/10/2018 P. Gill - University of Toronto

6 Geolocation background
Databases/passive approaches whois services Commercial databases Quova, MaxMind, etc. Drawbacks: coarse-grained, slow to update Measurement-based geolocation Landmark machines with known locations Active probing of the target Constrain location of target 11/10/2018 P. Gill - University of Toronto

7 Measurement-based geolocation
Delay-based geolocation example Constraint-based geolocation [Gueye et al. ToN ‘06] Ping other landmarks to calibrate Distance-delay function Ping! Ping! Ping! 11/10/2018 P. Gill - University of Toronto

8 Measurement-based geolocation
Delay-based geolocation example Constraint-based geolocation [Gueye et al. ToN ‘06] 2. Ping target Ping! Ping! Ping! Ping! 11/10/2018 P. Gill - University of Toronto

9 Measurement-based geolocation
Delay-based geolocation example Constraint-based geolocation [Gueye et al. ToN ‘06] 3. Map delay to distance from target 4. Constrain target location 11/10/2018 P. Gill - University of Toronto

10 Types of measurement-based geolocation:
Delay-based: Constraint-based geolocation (CBG) [Gueye et al. ToN ‘06] Computes region where target may be located Average accuracy: km Topology-aware: Octant [Wong et al. NSDI 2007] Considers delay between hops on path Geolocates nodes along the path Median accuracy: km 11/10/2018 P. Gill - University of Toronto

11 P. Gill - University of Toronto
Road map Motivation & Contributions Background Adversary models Evaluation Conclusions Future work 11/10/2018 P. Gill - University of Toronto

12 Simple adversary (e.g., Web client)
Knows the geolocation algorithm Able to delay their response to probes i.e., increase observed delays Landmark i 11/10/2018 P. Gill - University of Toronto

13 Sophisticated adversary (e.g., Cloud provider)
Controls the network the target is located in Network has multiple geographically distributed entry points Adversary constructs network paths to mislead topology-aware geolocation tar target 11/10/2018 landmark

14 P. Gill - University of Toronto
Road map Motivation & Contributions Background Adversary models Evaluation Conclusions Future work 11/10/2018 P. Gill - University of Toronto

15 P. Gill - University of Toronto
Evaluation Questions: How accurately can an adversary mislead geolocation? Can they be detected? Methodology: Collected traceroutes between 50 PlanetLab nodes. Each node takes turn as target Each target moved to a set of forged locations 11/10/2018 P. Gill - University of Toronto

16 P. Gill - University of Toronto
Delay-adding attack L3 L2 L1 Increase delay by time to travel difference of g1 and g2 Challenge: how to map distance to delay Attack v1: speed of light Attack v2: knowledge of the “best-line” function Forged location 11/10/2018 P. Gill - University of Toronto

17 P. Gill - University of Toronto
Hop-adding attack Multiple network entry points In-degree 3 for each node Fake node next to each forged location 11/10/2018 P. Gill - University of Toronto

18 Accuracy for the adversary
Best-case delay adding attack Even in best-case delay-adding attack is less precise than hop-adding Hop adding attack 11/10/2018 P. Gill - University of Toronto

19 Detectability: Delay-adding
Area of intersection increases as delay is added Abnormally large region sizes can reveal results that have been tampered with 11/10/2018 P. Gill - University of Toronto

20 Detectability: Hop-adding
Hop adding is able to mislead the algorithm without increasing region size! 11/10/2018 P. Gill - University of Toronto

21 P. Gill - University of Toronto
Road map Motivation Background Adversary models Evaluation Conclusions Future work 11/10/2018 P. Gill - University of Toronto

22 P. Gill - University of Toronto
Conclusions Current geolocation approaches are susceptible to malicious targets Databases misled by proxies Measurement-based geolocation by attacks on delay and topology measurements Topology-aware geolocation techniques are more susceptible to the sophisticated adversary Delay-adding attacks limited by accuracy and detectability 11/10/2018 P. Gill - University of Toronto

23 P. Gill - University of Toronto
Future work Develop a framework for secure geolocation Leverage the existence of desired location: Require the adversary to prove they are in the correct location Goals: Provable security: Upper bound on what an adversary can get away with. Practical framework: Should be tolerant of variations in network delay 11/10/2018 P. Gill - University of Toronto

24 P. Gill - University of Toronto
Questions? Another reason not to trust databases! Contact: 11/10/2018 P. Gill - University of Toronto

25 P. Gill - University of Toronto
11/10/2018 P. Gill - University of Toronto

26 P. Gill - University of Toronto
11/10/2018 P. Gill - University of Toronto

Download ppt "Dude, where’s that IP? Circumventing measurement-based geolocation"

Similar presentations

Pune, India, 13 – 15 December 2010 ITU-T Kaleidoscope 2010 Beyond the Internet? - Innovations for future networks and services Dr. Bamba Gueye Joint work.

Pune, India, 13 – 15 December 2010 ITU-T Kaleidoscope 2010 Beyond the Internet? - Innovations for future networks and services Dr. Bamba Gueye Joint work.
Dude, where’s that IP? Circumventing measurement-based IP geolocation Presented by: Steven Zittrower.

Dude, where’s that IP? Circumventing measurement-based IP geolocation Presented by: Steven Zittrower.
Security in Mobile Ad Hoc Networks

Security in Mobile Ad Hoc Networks
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
Phillipa Gill, Yashar Ganijali Dept. of CS University of Toronto Bernard Wong Dept. of CS Cornell University David Lie Dept. of Electrical and Computer.

Phillipa Gill, Yashar Ganijali Dept. of CS University of Toronto Bernard Wong Dept. of CS Cornell University David Lie Dept. of Electrical and Computer.
Fabián E. Bustamante, 2007 Meridian: A lightweight network location service without virtual coordinates B. Wong, A. Slivkins and E. Gün Sirer SIGCOM 2005.

Fabián E. Bustamante, 2007 Meridian: A lightweight network location service without virtual coordinates B. Wong, A. Slivkins and E. Gün Sirer SIGCOM 2005.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Geolocation Les Cottrell – SLAC University of Helwan / Egypt, Sept 18 – Oct 3, 2010 Partially funded by DOE/MICS Field Work Proposal on Internet End-to-end.

Geolocation Les Cottrell – SLAC University of Helwan / Egypt, Sept 18 – Oct 3, 2010 Partially funded by DOE/MICS Field Work Proposal on Internet End-to-end.
King : Estimating latency between arbitrary Internet end hosts Krishna Gummadi, Stefan Saroiu Steven D. Gribble University of Washington Presented by:

King : Estimating latency between arbitrary Internet end hosts Krishna Gummadi, Stefan Saroiu Steven D. Gribble University of Washington Presented by:
Privacy-Preserving Cross-Domain Network Reachability Quantification

Privacy-Preserving Cross-Domain Network Reachability Quantification
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.

Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.
A Detailed Path-latency Model for Router Geolocation Sándor Laki *, Péter Mátray, Péter Hága, István Csabai and Gábor Vattay Department of Physics of Complex.

A Detailed Path-latency Model for Router Geolocation Sándor Laki *, Péter Mátray, Péter Hága, István Csabai and Gábor Vattay Department of Physics of Complex.
Topology-Aware Overlay Networks By Huseyin Ozgur TAN.

Topology-Aware Overlay Networks By Huseyin Ozgur TAN.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.
Understanding Network Failures in Data Centers: Measurement, Analysis and Implications Phillipa Gill University of Toronto Navendu Jain & Nachiappan Nagappan.

Understanding Network Failures in Data Centers: Measurement, Analysis and Implications Phillipa Gill University of Toronto Navendu Jain & Nachiappan Nagappan.
Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.

Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.

Similar presentations

Ads by Google