HLOC: Hints-based geolocation leveraging multiple measurement frameworks

Scheitle, Quirin; Gasser, Oliver; Sattler, Patrick; Carle, Georg

doi:10.23919/tma.2017.8002903

Cited by 32 publications

(22 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We aim to make not only this publication, but our entire study reproducible. Our group is committed to reproducible research [2,60,62], which we aim to continue with this study. We structure this section along repeatability (can the same team obtain the same result when running the same measurement?…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

A First Look at Certification Authority Authorization (CAA)

Scheitle

Chung

Hiller

et al. 2018

SIGCOMM Comput. Commun. Rev.

Self Cite

View full text Add to dashboard Cite

Shaken by severe compromises, the Web's Public Key Infrastructure has seen the addition of several security mechanisms over recent years. One such mechanism is the Certification Authority Authorization (CAA) DNS record, that gives domain name holders control over which Certification Authorities (CAs) may issue certificates for their domain. First defined in RFC 6844, adoption by the CA/B forum mandates that CAs validate CAA records as of September 8, 2017. The success of CAA hinges on the behavior of three actors: CAs, domain name holders, and DNS operators. We empirically study their behavior, and observe that CAs exhibit patchy adherence in issuance experiments, domain name holders configure CAA records in encouraging but error-prone ways, and only six of the 31 largest DNS operators enable customers to add CAA records. Furthermore, using historic CAA data, we uncover anomalies for already-issued certificates. We disseminated our results in the community. This has already led to specific improvements at several CAs and revocation of mis-issued certificates. Furthermore, in this work, we suggest ways to improve the security impact of CAA. To foster further improvements and to practice reproducible research, we share raw data and analysis tools.

show abstract

Section: Resultsmentioning

confidence: 99%

“…Reproducible Research is one of our commitments [2,[60][61][62]74], and we publish all code and data under https://mediatum.ub.tum.de/1403132 Long-term integrity and availability is provided by the University Library of the Technical University of Munich.…”

mentioning

confidence: 99%

A First Look at Certification Authority Authorization (CAA)

Scheitle

Chung

Hiller

et al. 2018

SIGCOMM Comput. Commun. Rev.

Self Cite

View full text Add to dashboard Cite

show abstract

“…In particular, the use of traceroute-based measurements has been considered to include the number of intermediate hops in the geolocation process [20], [23]- [26]. Combinations and improvements of the above methods can be found in [11], [27], [28]. Some other works also considered the possibility of introducing nodes with known location as passive landmarks (e.g.…”

Section: Related Workmentioning

confidence: 99%

“…Among the above mentioned works, only [24], [28], [40], [41] focus on the geolocation of IP infrastructure instead of end-users. In particular, the approaches described in [40] and [41] use the information obtained by reverse DNS queries for the geolocation of routers, as location codes are sometimes used to generate parts of their names.…”

Section: Related Workmentioning

confidence: 99%

Using RIPE Atlas for Geolocating IP Infrastructure

Candela¹,

Gregori

Luconi

et al. 2019

IEEE Access

View full text Add to dashboard Cite

The vast majority of studies on IP geolocation focuses on localizing the end-users, and little attention has been devoted to localizing the elements of the Internet infrastructure, i.e., the routers and servers that make the Internet work. In this paper, we study the maximum theoretical accuracy that can be achieved by a geolocation approach aimed at geolocating the Internet infrastructure. In particular, we study the effects on localization accuracy produced by the position of landmarks and by the strategy followed for their enrollment. We compare two main approaches: the first is more centralized and controlled, and uses well-connected machines belonging to the infrastructure as landmarks; the second is more distributed and scalable and is based on landmarks positioned at the edge of the network. The study is based on an extensive set of measurements collected using the RIPE Atlas platform. The results show that the uniform and widespread diffusion of landmarks can be as important as their measurement accuracy. The study is carried out at both the worldwide and regional scale, including regions that were scarcely observed in the past. The results highlight that the geographical characteristics of the Internet paths are dependent on the considered region, thus suggesting the use of specifically calibrated models. Finally, the study shows that geolocating IP infrastructure with active measurements is feasible in terms of precision and scalability of the overall system.INDEX TERMS Internet, IP geolocation, network topology, wide area networks.

show abstract

“…The mapping of an IP to UAs reveals the sharing condition of an IP address. This can complement existing IP intelligence datasets, helping to further contextualize the data provided by IP blacklists, WHOIS records, and geo-IP services [38].…”

Section: Use Casesmentioning

confidence: 99%

Opportunities and Challenges of Ad-based Measurements from the Edge of the Network

Callejo

Kelton

Vallina-Rodriguez

et al. 2017

Proceedings of the 16th ACM Workshop on Hot Topics in Networks

Self Cite

View full text Add to dashboard Cite

For many years, the research community, practitioners, and regulators have used myriad methods and tools to understand the complex structure and behavior of ISPs from the edge of the network. Unfortunately, the nature of these techniques forces the researcher to find a balance between ISP-coverage, user scale, and accuracy. In this paper we present AdTag, a network measurement paradigm that leverages the opportunistic nature of online targeted advertising to measure the Internet from the edge of the network. We discuss and formalize AdTag's design space-including technical, ethical, deployability and economic factors-and its potential to analyze a wide spectrum of Internet connectivity aspects from the browser. We run several experiments to demonstrate that AdTag can be tailored towards geographic and devicebased user groups, finding also several challenges to be faced in order to maximize the number of samples. In a 7-day campaign, AdTag could access more than 20K ISPs at a global scale (185 countries) using millions of edge nodes.

show abstract

HLOC: Hints-based geolocation leveraging multiple measurement frameworks

Cited by 32 publications

References 25 publications

A First Look at Certification Authority Authorization (CAA)

A First Look at Certification Authority Authorization (CAA)

Using RIPE Atlas for Geolocating IP Infrastructure

Opportunities and Challenges of Ad-based Measurements from the Edge of the Network

Contact Info

Product

Resources

About