Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of Central Florida CAP 6135: Malware and Software Vulnerability Spring 2012 Paper Presentation Dude, where’s that IP? Circumventing measurement-based.

Published byReynard Cooper Modified over 8 years ago

Similar presentations

Presentation on theme: "University of Central Florida CAP 6135: Malware and Software Vulnerability Spring 2012 Paper Presentation Dude, where’s that IP? Circumventing measurement-based."— Presentation transcript:

1 University of Central Florida CAP 6135: Malware and Software Vulnerability Spring 2012 Paper Presentation Dude, where’s that IP? Circumventing measurement-based IP geolocation Phillipa Gill, Yashar Ganjali, Bernard Wong, and David Lie Presenter Ahmad Alzahrani

2 Information about the Paper: Authors: Phillipa Gill and Yashar Ganjali Dept. of Computer Science, University of Toronto David Lie Dept. of Electrical and Computer Engineering, University of Toronto Bernard Wong Dept. of Computer Science, Cornell University Presented at the 19th USENIX Security Symposium, on August 12, 2010 in San Jose, CA during the Internet Security session.

3 Background What is IP Geolocation?

4 Introduction Applications benefit from IP Geolocation –Online advertising –Search engines –Restrict access to online content Multimedia –Fraud Preventions –Geolocation to locate VMs hosted by cloud provider

5

6 Motivation Who has incentive to circumvent IP geolocation? Web clients: –Gain access to content –Online payment fraud Cloud service –Location-based SLAs - cloud providers.

7 Paper Contributions Evaluation of two attacks. First to study measurement-based geolocation of an adversary Studied two models of adversarial geolocation targets (end host & WAN)

8 Background

9 Measurement-based geolocation Delay-based geolocation (e.g. Constraint-based geolocation Gueye et al. ) Ping! courtesy Phillipa

10 Measurement-based geolocation Delay-based geolocation (e.g. Constraint-based geolocation Gueye et al. ) Ping! courtesy Phillipa

11

12 12 courtesy Phillipa

13 Topology-aware geolocation Assume no direct path to target. Locate also hops on the way. Takes into account circuitous network paths. courtesy Phillipa Ping!

14 Measurement-based geolocation Delay-based: –Constraint-based geolocation (CBG) [Gueye et al] –Accuracy: ~ 78-182 km Topology-aware: –Octant [Wong et al.] –Delay between hops on path is considered –Locate nodes along the path –Median accuracy: ~ 35-40 km

15

16 Two Attacks have been studied: (1) Delay-adding attack Increase delay by time to travel the difference Challenge: how to map distance to delay? - - Access to the map function. L3 L2 L1 Forged location

17 Two Attacks have been studied: (2) Hop-adding attack Landmark 1 Landmark 2 Target

18 Two Attacks have been studied: (2) Hop-adding attack Multiple network entry points Internal router (each connected to 3)Forged location courtesy Phillipa

19 Evaluation –Are the attacks effective? –What is the accuracy achieved by the attacker to mislead geolocation. –Can the attacks be detected? Experiment1 (Delay-adding Attack) –Collected measurements inputs using 50 PlanetLab nodes. –Each node of the 50 takes turn as target. –Each target moved to 50 forged locations.

20 Delay-adding Attack - Simulation Setup

21 Delay-adding attack (Detectability?)

22 Delay-adding attack (How accurate?) 22 NYC-SFO 700 M/KM

23 Hop-Adding Attack - Simulation Setup -Targets : 80 nodes (50 in US and 30 in EU) -Forget Locations : 11 inside above WAN (4 Gateways, 15 Internal Routers)

24 Hop-adding attack (Detectability?)

25 Best-case(delay adding attack) Hop adding attack 25 Hop-adding attack (How accurate?)

26 Recap Simple Attacker Sophisticated Attacker Delay-based Attack 11 Topology-aware Attack 12 1 – Detectable using region size, accuracy depends on distance to forged location. 2 – High Accuracy and difficult to detect.

27 Conclusion Measurement-Based Geolocation algorithms are susceptible to delay-based and topology measurements. Two models of adversaries have been considered. Two attacks have been developed and evaluated. The more advanced and accurate algorithm is more susceptible to tampering

28 Possible Extensions Develop secure measurement protocol to reduce ability of attackers to change measurements. Provide real-world results of the proposed attacks to study the effect of network congestion state on accuracy.

29 Qs & As

Download ppt "University of Central Florida CAP 6135: Malware and Software Vulnerability Spring 2012 Paper Presentation Dude, where’s that IP? Circumventing measurement-based."

Similar presentations

Pune, India, 13 – 15 December 2010 ITU-T Kaleidoscope 2010 Beyond the Internet? - Innovations for future networks and services Dr. Bamba Gueye Joint work.

Pune, India, 13 – 15 December 2010 ITU-T Kaleidoscope 2010 Beyond the Internet? - Innovations for future networks and services Dr. Bamba Gueye Joint work.
Dude, where’s that IP? Circumventing measurement-based IP geolocation Presented by: Steven Zittrower.

Dude, where’s that IP? Circumventing measurement-based IP geolocation Presented by: Steven Zittrower.
Security in Mobile Ad Hoc Networks

Security in Mobile Ad Hoc Networks
CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.
Locating Prefix Hijackers using LOCK Tongqing Qiu +, Lusheng Ji *, Dan Pei * Jia Wang *, Jun (Jim) Xu +, Hitesh Ballani ++ + College of Computing, Georgia.

Locating Prefix Hijackers using LOCK Tongqing Qiu +, Lusheng Ji *, Dan Pei * Jia Wang *, Jun (Jim) Xu +, Hitesh Ballani ++ + College of Computing, Georgia.
CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.

CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
Phillipa Gill, Yashar Ganijali Dept. of CS University of Toronto Bernard Wong Dept. of CS Cornell University David Lie Dept. of Electrical and Computer.

Phillipa Gill, Yashar Ganijali Dept. of CS University of Toronto Bernard Wong Dept. of CS Cornell University David Lie Dept. of Electrical and Computer.
Data Communications and Computer Networks Chapter 4 CS 3830 Lecture 22 Omar Meqdadi Department of Computer Science and Software Engineering University.

Data Communications and Computer Networks Chapter 4 CS 3830 Lecture 22 Omar Meqdadi Department of Computer Science and Software Engineering University.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
IP: The Internet Protocol

IP: The Internet Protocol
Traffic Engineering With Traditional IP Routing Protocols

Traffic Engineering With Traditional IP Routing Protocols
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Kyushu University Graduate School of Information Science and Electrical Engineering Department of Advanced Information Technology Supervisor: Professor.

Kyushu University Graduate School of Information Science and Electrical Engineering Department of Advanced Information Technology Supervisor: Professor.
A Framework for Cost-Effective Peer-to- Peer Content Distribution Mohamed Hefeeda and Bharat Bhargava Department of Computer Sciences Purdue University.

A Framework for Cost-Effective Peer-to- Peer Content Distribution Mohamed Hefeeda and Bharat Bhargava Department of Computer Sciences Purdue University.
Stealth Probing: Efficient Data- Plane Security for IP Routing Ioannis Avramopoulos Princeton University Joint work with Jennifer Rexford.

Stealth Probing: Efficient Data- Plane Security for IP Routing Ioannis Avramopoulos Princeton University Joint work with Jennifer Rexford.

Similar presentations

Ads by Google