Download How Others Compromise Your Location Privacy

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
Document related concepts

Zero-configuration networking wikipedia , lookup

Dynamic Host Configuration Protocol wikipedia , lookup

Deep packet inspection wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Net bias wikipedia , lookup

TV Everywhere wikipedia , lookup

VSide wikipedia , lookup

Transcript 
How Others Compromise Your Location Privacy:
The Case of Shared Public IPs at Hotspots
N. Vratonjic, K. Huguenin, V. Bindschaedler, and J.-P. Hubaux
PETS 2013, 07/2013
1
GPS-Level Geo-location at Public Hotspots:
A Crowd-Sourcing Approach Based on Shared Public IPs
How Others Compromise Your Location Privacy:
The Case of Shared Public IPs at Hotspots
co-location
information
(e.g., same IP)
location
information
location
Information
(e.g., LBS)
2
Location Information
• The place one visits convey a large amount
of (sensitive) information
• Location information is valuable
• Offers context-aware services
• Creates new revenue opportunities
• Potential to provide targeted advertisements
(US$ 31.74 Billion ad revenue in the US in 2011)
• Web services are interested in obtaining users’ locations
• Users reveal their locations to Location-Based Services (LBS) in
exchange for context-aware services
• Non-LBS service providers rely on IP – location
• i.e., determining a location from an IP address
3
IP-Location Services
• Provides IP address to geo-location translation
• Active techniques (e.g., delay measurements)
• Passive techniques
• Databases with records of IP – location mappings
• Commercial (e.g., Quova Inc., MaxMind, IP2Location)
• Free (e.g., HostIP, IPInfoDB)
• Results are not very accurate (country-, state-, city-? level)
• Incentives for service providers (e.g., Google) to implement finegrained IP geo-location techniques
4
Adversary & Threat
• Goal: Learn (and exploit) users’ (current) locations
• e.g., monetize through location-targeted ads
• Adversary: Service providers that
• Offer either LBS or geo-location service
• Might offer other online services (e.g., webmail, search, etc.)
• Threat: Location privacy compromised by others
• Location + co-location information
co-location
information
(e.g., same IP)
5
location
information
location
Information
(e.g., LBS)
The Threat
Controlled by the adversary
Web Server
Location-Based Service
Use mapping: (a.b.c.d) ↔ 𝑥0 , 𝑦0
Build mapping: (a.b.c.d) ↔ 𝑥0 , 𝑦0
Request
(IP: a.b.c.d)
Mobile Phone
private IP: 192.168.1.5
LBS Request 𝑥0 , 𝑦0
(IP: a.b.c.d)
Access Point (AP)
location 𝑥1 , 𝑦1
public IP: a.b.c.d (obtained by DHCP)
Private IP: 192.168.1.1
Uses Network Address Translation (NAT)
Mobile Phone (GPS)
private IP: 192.168.1.3
position: 𝑥0 , 𝑦0
6
DHCP Lease & IP Change Inference
Web Server
Renew IP
a1.b1.c1.d1
Infer IP change:
(a1.b1.c1.d1) → (a2.b2.c2.d2)
Renew IP
Renew IP
Public IP obtained by DHCP
Uses Network Address Translation (NAT)
Renew IP
a2.b2.c2.d2
Access Point (AP)
DHCP lease
time 𝑡
7
Laptop
Quantifying the Threat
Renew IP
A5
A6
T – IP periodicity
Ai /Di – arrival/departure
LBSi – LBS req. from user i
Stdi – Standard req. from user i
Authi – Authenticated req. from user i
A7
D1
D4
Renew IP
TComp
(k+1)T
kT
Auth5
LBS5 Auth7
Std7
Std4
t
Std6
Vulnerability Window W


Compromise time TComp : First LBS query in T
Probability of the adversary successfully obtaining the mapping
8
Victims : |{U4, U6, U7}|= 3 (ads), |{U5, U7}|= 2 (tracking)
Proportion of Victims: Victims/(NCon+ λArrT)
System Model
• Users U
• Connecting to AP: Poisson (λArr)
• Connection duration: exponential distribution λDur
• Stationary system
• Number of connected users NCon = λArr / λDur
• LBS, standard, authenticated requests: Poisson* (λLBS ), (λStd ), (λAuth )
• Access point AP
• At location (x,y)
• Single dynamic public IP with lease T, renewed with prob. pNew
• Adversary
• Goal: obtain MAP =(IP ↔Loc) mapping
9
Success of the Adversary
10
EPFL Data Set
•
•
•
•
Traces collected from 2 EPFL campus Wi-Fi APs over 23 days in June 2012
User session, traffic and DNS traces
4302 users in total (136 users on average around 6PM)
Considered traffic to Google services
• 17% of the traffic; 81.3% of the users access at least one Google service
• 9.5% of the users generate LBS requests


Measured the compromise time and the proportion of victims
Measured the probability of inferring IP changes
11
Results – Victims (ads)
Theoretical TComp = 7:42 AM
Experimental TComp = 8:25 AM

Users start arriving around 7AM
Compromised location
privacy of 90% of Google
users
12
Probability of Inferring the IP
Change
13
Countermeasures
(Oh boy what can I do?!)
• Hiding users’ actual IPs from the destination
• Relay-based communication (e.g., Tor, mix networks, proxies)
• Virtual Private Networks (VPNs)
• ISPs implementing country-wide NAT or IP Mixing
• Decreasing the knowledge of the adversary
• Reducing accuracy of the reported location (e.g., spatial cloaking,
adding noise)
• Increase adversary’s uncertainty (e.g., inject dummy requests)
• Adjust the system parameters
• Reduce the DHCP lease, always allocate a new IP, IP change when the
traffic is low
• Do-not-geolocalize initiative
• Opt-out of being localized
14
Conclusions
• Location privacy at hotspots can be compromised by other users
• Consequence of network operational mode
• i.e., APs with NATs
• Scale of the threat is immense
• New business opportunities for service providers
• Users’ lack of incentives to coordinate and their lack of know-how
impede the wide deployment of the countermeasures
15
Related documents
Definition of `civil resistance`
Definition of `civil resistance`
Date: ______ Student`s
Date: ______ Student`s
Chapter 5 5.1 * 5.2: The Standard Normal Distribution
Chapter 5 5.1 * 5.2: The Standard Normal Distribution
Chapter 5 5.1 * 5.2: The Standard Normal Distribution
Chapter 5 5.1 * 5.2: The Standard Normal Distribution
Populations, Samples - Basic Biostatistics Concepts and Tools
Populations, Samples - Basic Biostatistics Concepts and Tools
A second look at Shoup`s lemma - Prosecco
A second look at Shoup`s lemma - Prosecco
Sampling Distributions of Sample Means and Sample Proportions
Sampling Distributions of Sample Means and Sample Proportions
EXAMPLE 10/08: Intended as an example only
EXAMPLE 10/08: Intended as an example only
Basic Statistics for Engineers.
Basic Statistics for Engineers.
Pharmacy Trivia #2 with answer key - CSHP-BC
Pharmacy Trivia #2 with answer key - CSHP-BC
Privacy-Preserving Applications on Smartphones Yan Huang
Privacy-Preserving Applications on Smartphones Yan Huang
Ch. 6.3 Proportions Ratio – a fraction, or quotient of two quantities
Ch. 6.3 Proportions Ratio – a fraction, or quotient of two quantities
Units of Measurement - Karen Timberlake`s chemistry
Units of Measurement - Karen Timberlake`s chemistry
Review of Normal Distribution
Review of Normal Distribution
Speaker Training for ISTR19
Speaker Training for ISTR19
DHCP
DHCP
Remote Access Service
Remote Access Service
pdf
pdf
Introduction to Operations Security (OPSEC)
Introduction to Operations Security (OPSEC)
DHCP - Personal Web Pages
DHCP - Personal Web Pages
Dude, where’s that IP? Circumventing measurement-based IP geolocation
Dude, where’s that IP? Circumventing measurement-based IP geolocation