Dude, Where's That Ip? Circumventing Measurement-based Ip Geolocation

Many applications of IP geolocation can benefit from geolocation that is robust to adversarial clients. These include applications that limit access to online content to a specific geographic region and cloud computing, where some organizations must ensure their virtual machines stay in an appropriate geographic region. This paper studies the applicability of current IP geolocation techniques against an adversary who tries to subvert the techniques into returning a forged result. We propose and evaluate attacks on both delay-based IP geolocation techniques and more advanced topology-aware techniques. Against delay-based techniques, we find that the adversary has a clear trade-off between the accuracy and the detectability of an attack. In contrast, we observe that more sophisticated topology-aware techniques actually fare worse against an adversary because they give the adversary more inputs to manipulate through their use of topology and delay information.

[1]  David Wetherall,et al.  Towards IP geolocation using delay and topology measurements , 2006, IMC '06.

[2]  Emin Gün Sirer,et al.  Octant: A Comprehensive Framework for the Geolocalization of Internet Hosts , 2007, NSDI.

[3]  Srdjan Capkun,et al.  Secure positioning of wireless devices with application to sensor networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[4]  Dana S. Richards,et al.  Statistical Geolocation of Internet Hosts , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[5]  Keith W. Ross,et al.  Computer networking - a top-down approach featuring the internet , 2000 .

[6]  Ratul Mahajan,et al.  Measuring ISP topologies with Rocketfuel , 2004, IEEE/ACM Transactions on Networking.

[7]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[8]  Balachander Krishnamurthy,et al.  Internet Measurement - Infrastructure, Traffic, and Applications , 2006 .

[9]  Paul C. van Oorschot,et al.  Internet geolocation: Evasion and counterevasion , 2009, CSUR.

[10]  Martín Casado,et al.  Peering Through the Shroud: The Effect of Edge Opacity on IP-Based Client Identification , 2007, NSDI.

[11]  Serge Fdida,et al.  Constraint-Based Geolocation of Internet Hosts , 2004, IEEE/ACM Transactions on Networking.

[12]  Krishna P. Gummadi,et al.  Towards Trusted Cloud Computing , 2009, HotCloud.

[13]  Claude Castelluccia,et al.  Geolocalization of proxied services and its application to fast-flux hidden servers , 2009, IMC '09.

[14]  Ian Dickinson,et al.  A Means for Expressing Location Information in the Domain Name System , 1996, RFC.

[15]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[16]  Steve Uhlig,et al.  Assessing the Geographic Resolution of Exhaustive Tabulation for Geolocating Internet Hosts , 2008, PAM.

[17]  Paul Barford,et al.  A Learning-Based Approach for IP Geolocation , 2010, PAM.

[18]  Lakshminarayanan Subramanian,et al.  An investigation of geographic mapping techniques for internet hosts , 2001, SIGCOMM.

[19]  Zongpeng Li,et al.  The Flattening Internet Topology: Natural Evolution, Unsightly Barnacles or Contrived Collapse? , 2008, PAM.