Presentation is loading. Please wait.

Presentation is loading. Please wait.

How Others Compromise Your Location Privacy: The Case of Shared Public IPs at Hotspots N. Vratonjic, K. Huguenin, V. Bindschaedler, and J.-P. Hubaux PETS.

Published byHugh Morgan Modified over 9 years ago

Similar presentations

Presentation on theme: "How Others Compromise Your Location Privacy: The Case of Shared Public IPs at Hotspots N. Vratonjic, K. Huguenin, V. Bindschaedler, and J.-P. Hubaux PETS."— Presentation transcript:

1 How Others Compromise Your Location Privacy: The Case of Shared Public IPs at Hotspots N. Vratonjic, K. Huguenin, V. Bindschaedler, and J.-P. Hubaux PETS 2013, 07/2013 1

2 How Others Compromise Your Location Privacy: The Case of Shared Public IPs at Hotspots GPS-Level Geo-location at Public Hotspots: A Crowd-Sourcing Approach Based on Shared Public IPs location Information (e.g., LBS) location information co-location information (e.g., same IP) 2

3 Location Information The place one visits convey a large amount of (sensitive) information Location information is valuable Offers context-aware services Creates new revenue opportunities Potential to provide targeted advertisements (US$ 31.74 Billion ad revenue in the US in 2011) Web services are interested in obtaining users’ locations Users reveal their locations to Location-Based Services (LBS) in exchange for context-aware services Non-LBS service providers rely on IP – location i.e., determining a location from an IP address 3

4 IP-Location Services Provides IP address to geo-location translation Active techniques (e.g., delay measurements) Passive techniques Databases with records of IP – location mappings Commercial (e.g., Quova Inc., MaxMind, IP2Location) Free (e.g., HostIP, IPInfoDB) Results are not very accurate (country-, state-, city-? level) Incentives for service providers (e.g., Google) to implement fine- grained IP geo-location techniques 4

5 Adversary & Threat Goal: Learn (and exploit) users’ (current) locations e.g., monetize through location-targeted ads Adversary: Service providers that Offer either LBS or geo-location service Might offer other online services (e.g., webmail, search, etc.) Threat: Location privacy compromised by others Location + co-location information 5 location Information (e.g., LBS) location information co-location information (e.g., same IP)

6 The Threat Access Point (AP) Mobile Phone private IP: 192.168.1.5 Location-Based Service Mobile Phone (GPS) Web Server Request (IP: a.b.c.d) Controlled by the adversary 6

7 DHCP Lease & IP Change Inference 7 Access Point (AP) Public IP obtained by DHCP Uses Network Address Translation (NAT) Laptop HTTP Request Cookie john@dom.com (IP: a 1.b 1.c 1.d 1 ) Renew IP a 1.b 1.c 1.d 1 DHCP lease Renew IP HTTP Request Cookie john@dom.com (IP:a 2.b 2.c 2.d 2 ) Renew IP a 2.b 2.c 2.d 2 Web Server

8 Quantifying the Threat 8 A5A5 D1D1 A6A6 A7A7 D4D4 Vulnerability Window W t T – IP periodicity A i /D i – arrival/departure LBS i – LBS req. from user i Std i – Standard req. from user i Auth i – Authenticated req. from user i Victims : |{U4, U6, U7}|= 3 (ads), |{U5, U7}|= 2 (tracking) Proportion of Victims: Victims/(N Con + λ Arr T) Std 7 Std 4 Std 6 LBS 5 T Comp kT (k+1)T  Compromise time T Comp : First LBS query in T  Probability of the adversary successfully obtaining the mapping Renew IP Auth 5 Auth 7

9 System Model Users U Connecting to AP: Poisson (λ Arr ) Connection duration: exponential distribution λ Dur Stationary system Number of connected users N Con = λ Arr / λ Dur LBS, standard, authenticated requests: Poisson* (λ LBS ), (λ Std ), (λ Auth ) Access point AP At location (x,y) Single dynamic public IP with lease T, renewed with prob. p New Adversary Goal: obtain M AP =(IP ↔Loc) mapping 9

10 Success of the Adversary 10

11 EPFL Data Set Traces collected from 2 EPFL campus Wi-Fi APs over 23 days in June 2012 User session, traffic and DNS traces 4302 users in total (136 users on average around 6PM) Considered traffic to Google services 17% of the traffic; 81.3% of the users access at least one Google service 9.5% of the users generate LBS requests 11  Measured the compromise time and the proportion of victims  Measured the probability of inferring IP changes

12 Results – Victims (ads) 12  Users start arriving around 7AM Theoretical T Comp = 7:42 AM Experimental T Comp = 8:25 AM Compromised location privacy of 90% of Google users

13 Probability of Inferring the IP Change 13

14 Countermeasures (Oh boy what can I do?!) Hiding users’ actual IPs from the destination Relay-based communication (e.g., Tor, mix networks, proxies) Virtual Private Networks (VPNs) ISPs implementing country-wide NAT or IP Mixing Decreasing the knowledge of the adversary Reducing accuracy of the reported location (e.g., spatial cloaking, adding noise) Increase adversary’s uncertainty (e.g., inject dummy requests) Adjust the system parameters Reduce the DHCP lease, always allocate a new IP, IP change when the traffic is low Do-not-geolocalize initiative Opt-out of being localized 14

15 Conclusions Location privacy at hotspots can be compromised by other users Consequence of network operational mode i.e., APs with NATs Scale of the threat is immense New business opportunities for service providers Users’ lack of incentives to coordinate and their lack of know-how impede the wide deployment of the countermeasures 15

Download ppt "How Others Compromise Your Location Privacy: The Case of Shared Public IPs at Hotspots N. Vratonjic, K. Huguenin, V. Bindschaedler, and J.-P. Hubaux PETS."

Similar presentations

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
CSE 222a Final Project - UCSD Spring 2007 p2p DNS addressing Presented By- Anup Tapadia Alexander Loukissas Justin Wu.

CSE 222a Final Project - UCSD Spring 2007 p2p DNS addressing Presented By- Anup Tapadia Alexander Loukissas Justin Wu.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Green Computing Energy in Location-Based Mobile Value-Added Services Maziar Goudarzi.

Green Computing Energy in Location-Based Mobile Value-Added Services Maziar Goudarzi.
Quantifying Location Privacy: The Case of Sporadic Location Exposure Reza Shokri George Theodorakopoulos George Danezis Jean-Pierre Hubaux Jean-Yves Le.

Quantifying Location Privacy: The Case of Sporadic Location Exposure Reza Shokri George Theodorakopoulos George Danezis Jean-Pierre Hubaux Jean-Yves Le.
Mohamed F. Mokbel University of Minnesota

Mohamed F. Mokbel University of Minnesota
1 Content Delivery Networks iBAND2 May 24, 1999 Dave Farber CTO Sandpiper Networks, Inc.

1 Content Delivery Networks iBAND2 May 24, 1999 Dave Farber CTO Sandpiper Networks, Inc.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
System Configuration: DHCP and Autoconfiguration Chapter 6.

System Configuration: DHCP and Autoconfiguration Chapter 6.
A reactive location-based service for geo-referenced individual data collection and analysis Xiujun Ma Department of Machine Intelligence, Peking University.

A reactive location-based service for geo-referenced individual data collection and analysis Xiujun Ma Department of Machine Intelligence, Peking University.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.

CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
11 Introduction Dr. Miguel A. Labrador Department of Computer Science & Engineering

11 Introduction Dr. Miguel A. Labrador Department of Computer Science & Engineering
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Security Games in Online Advertising: Can Ads Help Secure the Web? Nevena Vratonjic Maxim Raya Jean-Pierre Hubaux June 2010, WEIS’10 David C. Parkes.

Security Games in Online Advertising: Can Ads Help Secure the Web? Nevena Vratonjic Maxim Raya Jean-Pierre Hubaux June 2010, WEIS’10 David C. Parkes.
A Model of IPv6 Internet Access Service via L2TPv2 Shin Miyakawa NTT Communications 2006/7/10 IETF66th.

A Model of IPv6 Internet Access Service via L2TPv2 Shin Miyakawa NTT Communications 2006/7/10 IETF66th.

Similar presentations

Ads by Google