Upload
joelle-whitler
View
215
Download
2
Tags:
Embed Size (px)
Citation preview
Dude, Where’s that IPCircumventing measurement-based IP geolocation
Phillipa Gill, Yashar GanijaliDept. of CS University of Toronto
Bernard WongDept. of CS Cornell University
David LieDept. of Electrical and Computer Engineering University of Toronto
USENIX SECURITY SYMPOSIUM, August, 2010
A Presentation at Advanced Defense Lab
Advanced Defense Lab 2
OutlineIntroductionGeolocation BackgroundSecurity ModelDelay-based geolocationTopology-aware geolocationConclusion
3
IntroductionAre current geolocation algorithms accurate enough to
locate an IP within a certain country or jurisdiction?
How can adversaries attack a geolocation system?
How effective are such attacks?
Advanced Defense Lab
Advanced Defense Lab 4
OutlineIntroductionGeolocation BackgroundSecurity ModelDelay-based geolocationTopology-aware geolocationConclusion
Advanced Defense Lab 6
OutlineIntroductionGeolocation BackgroundSecurity ModelDelay-based geolocationTopology-aware geolocationConclusion
7
Security ModelThe user want to known the geolocation of an IP.The IP owner want to mislead that user to a forged
target.Additive noise introduced by the Internet.Two Assumptions:
The adversary can’t compromise the landmarks or run code on them, but modify the properties of traffic traveling on network links directly connected to a machine under its control.
The network measurements made by landmarks actually reach the target.
Advanced Defense Lab
Advanced Defense Lab 8
OutlineIntroductionGeolocation BackgroundSecurity ModelDelay-based geolocationTopology-aware geolocationConclusion
9
Delay-based geolocationUsing measurements of end-to-end network delays to
geolocate the target IP.The landmarks (Li) have known geographic locations (Gi)
(Gij,Dij) a distance-to-delay function
Advanced Defense Lab
10
Delay-based geolocationAttack the CBG systemPlanetLab
Advanced Defense Lab
11
Delay-based geolocationAttack the CBG system50 nodes from PlanetLab, take turns (2,500 results).
Advanced Defense Lab
40 nodes in the US
10 nodes outside the US
12
Delay-based geolocationAttack the CBG systemAn adversary can’t move a target that is not within the
same region as the landmarks into that region.
Advanced Defense Lab
Advanced Defense Lab 18
OutlineIntroductionGeolocation BackgroundSecurity ModelDelay-based geolocationTopology-aware geolocationConclusion
19
Topology-aware geolocationAccount all intermediate routers in addition to the target
node.TBG: Towards IP Geolocation Using Delay and Topology
Measurements.Octant: A Comprehensive Framework for the
Geolocalization of Internet Hosts.The target is localized to a feasibility region generated
based on latencies from the last hop(s) before the target, and the centroid of the region is returned.
Advanced Defense Lab
20
Topology-aware geolocationIf the network paths from the landmarks to the target
converge to a single common gateway router; increasing the end-to-end delays between the landmarks and the target can be detected and mitigated by topology-aware geolocation systems.
Advanced Defense Lab
21
Topology-aware geolocationIncreasing the delay between each gateway and the
target can only be as effective against topology-based geolocation as increasing end-to-end delays against delay-based geolocation with a reduced set of landmarks.
Advanced Defense Lab
22
Topology-aware geolocationAttack themER = {er0,er1,…,erm}
Externally visible nodes in an adversary’s network consist of gateway routers.
F = {f0,f1,…,fn}Internal routers, and can be fictitious.
T = {T0,T1,…,Ts}End-points.
G = (V,E)V = F U ER U T, represents routers.E = {e0,e1,…,ek} with weights w(ei), is the set of links connecting
the routers with weights representing network delays.
Advanced Defense Lab
23
Topology-aware geolocationAttack themAn adversary with control over three or more
geographically distributed gateway routers to its network can move the target to an arbitrary location.Topology-based attacks can assign arbitrary latencies from
the ingress points to the target.Naming attack extension
Topology-based geolocation systems [TBG,Octant] rely on undns tool witch can extract approximate city locations from the domain names of routers.
Advanced Defense Lab
24
Topology-aware geolocationAttack them Red: 14 non-existent internal routers (F)
White: 11 forged locations (T)Black: 4 External routers (ER)
Advanced Defense Lab
25
Topology-aware geolocationAttack themUsing the same set of 50 PlanetLab nodes used in
evaluating the delay-adding attack, with an additional 30 European PlanetLab nodes that act only as targets attempting to move into North America.
Each of the 80 PlanetLab nodes takes a turn being the target with the remaining US PlanetLab nodes used as landmarks.Total of 880 attacks.
Advanced Defense Lab
27
Topology-aware geolocationAttack themWithout undns ext. NA target within 680 km, 50% of the time.Moving a target from EU to NA within 929 km.
Advanced Defense Lab
Advanced Defense Lab 30
OutlineIntroductionGeolocation BackgroundSecurity ModelDelay-based geolocationTopology-aware geolocationConclusion
31
ConclusionDeveloped and evaluated two attacks against delay-based
and topology-aware geolocation.
The most surprising findings is that the more advanced and accurate topology-aware geolocation techniques are more susceptible to covert tampering than the simpler leverage delay.
Topology-aware geolocation fares no better against a simple adversary and worse against a sophisticated one.
Advanced Defense Lab