492 research outputs found
HLOC: Hints-Based Geolocation Leveraging Multiple Measurement Frameworks
Geographically locating an IP address is of interest for many purposes. There
are two major ways to obtain the location of an IP address: querying commercial
databases or conducting latency measurements. For structural Internet nodes,
such as routers, commercial databases are limited by low accuracy, while
current measurement-based approaches overwhelm users with setup overhead and
scalability issues. In this work we present our system HLOC, aiming to combine
the ease of database use with the accuracy of latency measurements. We evaluate
HLOC on a comprehensive router data set of 1.4M IPv4 and 183k IPv6 routers.
HLOC first extracts location hints from rDNS names, and then conducts
multi-tier latency measurements. Configuration complexity is minimized by using
publicly available large-scale measurement frameworks such as RIPE Atlas. Using
this measurement, we can confirm or disprove the location hints found in domain
names. We publicly release HLOC's ready-to-use source code, enabling
researchers to easily increase geolocation accuracy with minimum overhead.Comment: As published in TMA'17 conference:
http://tma.ifip.org/main-conference
Passport: Enabling Accurate Country-Level Router Geolocation using Inaccurate Sources
When does Internet traffic cross international borders? This question has
major geopolitical, legal and social implications and is surprisingly difficult
to answer. A critical stumbling block is a dearth of tools that accurately map
routers traversed by Internet traffic to the countries in which they are
located. This paper presents Passport: a new approach for efficient, accurate
country-level router geolocation and a system that implements it. Passport
provides location predictions with limited active measurements, using machine
learning to combine information from IP geolocation databases, router
hostnames, whois records, and ping measurements. We show that Passport
substantially outperforms existing techniques, and identify cases where paths
traverse countries with implications for security, privacy, and performance
Passport: enabling accurate country-level router geolocation using inaccurate sources
When does Internet traffic cross international borders? This question has major geopolitical, legal and social implications and is surprisingly difficult to answer. A critical stumbling block is a dearth of tools that accurately map routers traversed by Internet traffic to the countries in which they are located. This paper presents Passport: a new approach for efficient, accurate country-level router geolocation and a system that implements it. Passport provides location predictions with limited active measurements, using machine learning to combine information from IP geolocation databases, router hostnames, whois records, and ping measurements. We show that Passport substantially outperforms existing techniques, and identify cases where paths traverse countries with implications for security, privacy, and performance.First author draf
Longitudinal Study of an IP Geolocation Database
IP geolocation - the process of mapping network identifiers to physical
locations - has myriad applications. We examine a large collection of snapshots
from a popular geolocation database and take a first look at its longitudinal
properties. We define metrics of IP geo-persistence, prevalence, coverage, and
movement, and analyse 10 years of geolocation data at different location
granularities. Across different classes of IP addresses, we find that
significant location differences can exist even between successive instances of
the database - a previously underappreciated source of potential error when
using geolocation data: 47% of end users IP addresses move by more than 40 km
in 2019. To assess the sensitivity of research results to the instance of the
geo database, we reproduce prior research that depended on geolocation lookups.
In this case study, which analyses geolocation database performance on routers,
we demonstrate impact of these temporal effects: median distance from ground
truth shifted from 167 km to 40 km when using a two months apart snapshot.
Based on our findings, we make recommendations for best practices when using
geolocation databases in order to best encourage reproducibility and sound
measurement.Comment: Technical Report related to a paper appeared in Network Traffic
Measurement and Analysis Conference (TMA 2021
Systems for characterizing Internet routing
2018 Spring.Includes bibliographical references.Today the Internet plays a critical role in our lives; we rely on it for communication, business, and more recently, smart home operations. Users expect high performance and availability of the Internet. To meet such high demands, all Internet components including routing must operate at peak efficiency. However, events that hamper the routing system over the Internet are very common, causing millions of dollars of financial loss, traffic exposed to attacks, or even loss of national connectivity. Moreover, there is sparse real-time detection and reporting of such events for the public. A key challenge in addressing such issues is lack of methodology to study, evaluate and characterize Internet connectivity. While many networks operating autonomously have made the Internet robust, the complexity in understanding how users interconnect, interact and retrieve content has also increased. Characterizing how data is routed, measuring dependency on external networks, and fast outage detection has become very necessary using public measurement infrastructures and data sources. From a regulatory standpoint, there is an immediate need for systems to detect and report routing events where a content provider's routing policies may run afoul of state policies. In this dissertation, we design, build and evaluate systems that leverage existing infrastructure and report routing events in near-real time. In particular, we focus on geographic routing anomalies i.e., detours, routing failure i.e., outages, and measuring structural changes in routing policies
Internet Localization of Multi-Party Relay Users: Inherent Friction Between Internet Services and User Privacy
Internet privacy is increasingly important on the modern Internet. Users are
looking to control the trail of data that they leave behind on the systems that
they interact with. Multi-Party Relay (MPR) architectures lower the traditional
barriers to adoption of privacy enhancing technologies on the Internet. MPRs
are unique from legacy architectures in that they are able to offer privacy
guarantees without paying significant performance penalties. Apple's iCloud
Private Relay is a recently deployed MPR service, creating the potential for
widespread consumer adoption of the architecture. However, many current
Internet-scale systems are designed based on assumptions that may no longer
hold for users of privacy enhancing systems like Private Relay. There are
inherent tensions between systems that rely on data about users -- estimated
location of a user based on their IP address, for example -- and the trend
towards a more private Internet.
This work studies a core function that is widely used to control network and
application behavior, IP geolocation, in the context of iCloud Private Relay
usage. We study the location accuracy of popular IP geolocation services
compared against the published location dataset that Apple publicly releases to
explicitly aid in geolocating PR users. We characterize geolocation service
performance across a number of dimensions, including different countries, IP
version, infrastructure provider, and time. Our findings lead us to conclude
that existing approaches to IP geolocation (e.g., frequently updated databases)
perform inadequately for users of the MPR architecture. For example, we find
median location errors >1,000 miles in some countries for IPv4 addresses using
IP2Location. Our findings lead us to conclude that new, privacy-focused,
techniques for inferring user location may be required as privacy becomes a
default user expectation on the Internet
Internet Protocol Geolocation: Development of a Delay-Based Hybrid Methodology for Locating the Geographic Location of a Network Node
Internet Protocol Geolocation (IP Geolocation), the process of determining the approximate geographic location of an IP addressable node, has proven useful in a wide variety of commercial applications. Commercial applications of IP Geolocation include market research, redirection for performance enhancement, restricting content, and combating fraud. The potential for military applications include securing remote access via geographic authentication, intelligence collection, and cyber attack attribution. IP Geolocation methods can be divided into three basic categories based upon what information is used to determine the geographic location of the given IP address: 1) Information contained in databases, 2) information that is leaked during connections with the IP of interest, and 3) network-based routing and timing information. This thesis focuses upon an analysis in the third category: delay-based methods. Specifically, a comparative analysis of the three existing delay-based IP Geolocation methods: Upperbound Multilateration (UBM), Constraint Based Geolocation (CBG), and Time to Location Heuristic (TTLH) is conducted. Based upon analysis of the results, a new hybrid methodology is proposed that combines the three existing methods to improve the accuracy when conducting IP Geolocation. Simulations results showed that the new hybrid methodology TTLH method improved the success rate from 80.15% to 91.66% when compared to the shotgun TTLH method
- …