CPV: Delay-Based Location Verification for the Internet

The number of location-aware services over the Internet continues growing. Some of these require the client’s geographic location for security-sensitive applications. Examples include location-aware authentication, location-aware access policies, fraud prevention, complying with media licensing, and regulating online gambling/voting. An adversary can evade existing geolocation techniques, e.g., by faking GPS coordinates or employing a non-local IP address through proxy and virtual private networks. We devise Client Presence Verification (CPV), a delay-based verification technique designed to verify an assertion about a device’s presence inside a prescribed geographic region. CPV does not identify devices by their IP addresses. Rather, the device’s location is corroborated in a novel way by leveraging geometric properties of triangles, which prevents an adversary from manipulating measured delays. To achieve high accuracy, CPV mitigates Internet path asymmetry using a novel method to deduce one-way application-layer delays to/from the client’s participating device, and mines these delays for evidence supporting/refuting the asserted location. We evaluate CPV through detailed experiments on PlanetLab, exploring various factors that affect its efficacy, including the granularity of the verified location, and the verification time. Results highlight the potential of CPV for practical adoption.

[1]  Paul A. Zandbergen,et al.  Accuracy of iPhone Locations: A Comparison of Assisted GPS, WiFi and Cellular Positioning , 2009 .

[2]  Günter Schäfer,et al.  Bounds for the Security of the Vivaldi Network Coordinate System , 2013, 2013 Conference on Networked Systems.

[3]  Paul C. van Oorschot,et al.  Location verification on the Internet: Towards enforcing location-aware access policies over Internet clients , 2014, 2014 IEEE Conference on Communications and Network Security.

[4]  Luca De Vito,et al.  One-Way Delay Measurement: State of Art , 2008, 2006 IEEE Instrumentation and Measurement Technology Conference Proceedings.

[5]  Ian Goldberg,et al.  Achieving Efficient Query Privacy for Location Based Services , 2010, Privacy Enhancing Technologies.

[6]  Marketa Trimble,et al.  The Future of Cybertravel: Legal Implications of the Evasion of Geolocation , 2011 .

[7]  Serge Fdida,et al.  Improving the accuracy of measurement-based geographic location of Internet hosts , 2005, Comput. Networks.

[8]  Jerusha Burnett Geographically Restricted Streaming Content and Evasion of Geolocation: The Applicability of the Copyright Anticircumvention Rules , 2013 .

[9]  David Lie,et al.  Dude, Where's That Ip? Circumventing Measurement-based Ip Geolocation , 2022 .

[10]  David L. Mills,et al.  Internet Engineering Task Force (ietf) Network Time Protocol Version 4: Protocol and Algorithms Specification , 2010 .

[11]  Bo Zhang,et al.  Towards network triangle inequality violation aware distributed systems , 2007, IMC '07.

[12]  Shanika Karunasekera,et al.  GeoWeight: internet host geolocation based on a probability model for latency measurements , 2010, ACSC.

[13]  Urs Hengartner,et al.  VeriPlace: a privacy-aware location proof architecture , 2010, GIS '10.

[14]  Hawoong Jeong,et al.  Modeling the Internet's large-scale topology , 2001, Proceedings of the National Academy of Sciences of the United States of America.

[15]  Rajarathnam Chandramouli,et al.  Network measurement based modeling and optimization for IP geolocation , 2012, Comput. Networks.

[16]  Balachander Krishnamurthy,et al.  Internet Measurement - Infrastructure, Traffic, and Applications , 2006 .

[17]  Guohong Cao,et al.  APPLAUS: A Privacy-Preserving Location Proof Updating System for location-based services , 2011, 2011 Proceedings IEEE INFOCOM.

[18]  Jun Liu,et al.  A novel method for estimating the variable and constant components of one-way delays without using the synchronized clocks , 2014, 2014 International Conference on Computing, Networking and Communications (ICNC).

[19]  David A. Wagner,et al.  Secure verification of location claims , 2003, WiSe '03.

[20]  Paul C. van Oorschot,et al.  Internet geolocation: Evasion and counterevasion , 2009, CSUR.

[21]  Dexter H. Hu,et al.  GPS-Based Location Extraction and Presence Management for Mobile Instant Messenger , 2007, EUC.

[22]  Evangelos P. Markatos,et al.  The man who was there: validating check-ins in location-based services , 2013, ACSAC.

[23]  Paul C. van Oorschot,et al.  Accurate One-Way Delay Estimation With Reduced Client Trustworthiness , 2015, IEEE Communications Letters.

[24]  Paul C. van Oorschot,et al.  Taxing the Queue: Hindering Middleboxes From Unauthorized Large-Scale Traffic Relaying , 2015, IEEE Communications Letters.

[25]  Benjamin Teitelbaum,et al.  A One-way Active Measurement Protocol (OWAMP) , 2006, RFC.

[26]  Ítalo S. Cunha,et al.  DTRACK: A System to Predict and Track Internet Path Changes , 2014, IEEE/ACM Transactions on Networking.

[27]  Bobby Bhattacharjee,et al.  Triangle Inequality and Routing Policy Violations in the Internet , 2009, PAM.

[28]  Ying Zhang,et al.  A Measurement Study of Internet Delay Asymmetry , 2008, PAM.

[29]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[30]  Emin Gün Sirer,et al.  Octant: A Comprehensive Framework for the Geolocalization of Internet Hosts , 2007, NSDI.

[31]  Hongli Zhang,et al.  Triangulation Inequality Violation in Internet Delay Space , 2012 .

[32]  Randy H. Katz,et al.  Geographic Properties of Internet Routing , 2002, USENIX Annual Technical Conference, General Track.

[33]  Chen-Nee Chuah,et al.  An AS-level study of Internet path delay characteristics , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[34]  Srdjan Capkun,et al.  Secure positioning of wireless devices with application to sensor networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[35]  David E. Culler,et al.  PlanetLab: an overlay testbed for broad-coverage services , 2003, CCRV.

[36]  Robert Tappan Morris,et al.  Vivaldi: a decentralized network coordinate system , 2004, SIGCOMM '04.

[37]  L. De Vito,et al.  One-Way Delay Measurement: State of Art , 2008, 2006 IEEE Instrumentation and Measurement Technology Conference Proceedings.

[38]  Sándor Laki,et al.  Spotter: A model based active geolocation service , 2011, 2011 Proceedings IEEE INFOCOM.

[39]  H Robbins,et al.  Complete Convergence and the Law of Large Numbers. , 1947, Proceedings of the National Academy of Sciences of the United States of America.

[40]  Yin Zhang,et al.  On the constancy of internet path properties , 2001, IMW '01.

[41]  Jean-Charles Grégoire,et al.  Accurate One-Way Delay Estimation: Limitations and Improvements , 2012, IEEE Transactions on Instrumentation and Measurement.

[42]  Alexey Melnikov,et al.  The WebSocket Protocol , 2011, RFC.

[43]  Martín Casado,et al.  Peering Through the Shroud: The Effect of Edge Opacity on IP-Based Client Identification , 2007, NSDI.

[44]  Serge Fdida,et al.  Constraint-Based Geolocation of Internet Hosts , 2004, IEEE/ACM Transactions on Networking.

[45]  Weichao Li,et al.  Appraising the delay accuracy in browser-based network measurement , 2013, Internet Measurement Conference.

[46]  Benoit Donnet,et al.  A Survey on Network Coordinates Systems, Design, and Security , 2010, IEEE Communications Surveys & Tutorials.

[47]  Miguel Rio,et al.  Measuring the Relationships between Internet Geography and RTT , 2013, 2013 22nd International Conference on Computer Communication and Networks (ICCCN).

[48]  David Wetherall,et al.  Towards IP geolocation using delay and topology measurements , 2006, IMC '06.

[49]  Israel Cidon,et al.  One-way delay estimation using network-wide measurements , 2006, IEEE Transactions on Information Theory.