The right place at the right time

Goodell, Geoffrey; Syverson, Paul

doi:10.1145/1230819.1241689

Cited by 8 publications

(7 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Instead, they can do so through aggregation. 3. Note that mobile phones are less susceptible to the threat presented in this paper as they often access the Internet over cellular networks (e.g., 3G/4G) instead of Wi-Fi access points.…”

Section: Adversary and Threat Modelsmentioning

confidence: 97%

“…As such, Google receives requests of the three types and consolidates all the information obtained [15]. The extent to which these services are used is exacerbated by their deep integration in the widely spread Android operating system, which frequently sends the devices' locations to Google services 3 . In addition, Google has an advertising network and thus has a strong incentive to obtain and monetize information about users' locations.…”

Section: Adversary and Threat Modelsmentioning

confidence: 99%

“…Although very convenient, the usage of LBS raises serious privacy issues, because much sensitive information can be inferred from users' locations, including users' movements and associated activities. On the other hand, location information has become essential for many online service providers [3], especially for those whose business models revolve around personalized services. A prominent example is (mobile) online advertising, an ever-increasing business whose worldwide annual revenue is in the tens of billions of US Dollars [4], as location-specific ads have become significantly more appealing to users [5].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Location-Privacy Threat Stemming from the Use of Shared Public IP Addresses

Vratonjic

Huguenin

Bindschaedler

et al. 2014

IEEE Trans. on Mobile Comput.

View full text Add to dashboard Cite

Abstract-This paper presents a concrete and widespread example of situation where a user's location privacy is unintentionally compromised by others, specifically the location-privacy threat that exists at access points (public hotspots, FON, home routers, etc.) that have a single public IP and make use of network address translation (NAT). As users connected to the same hotspot share a unique public IP address, a single user's making a location-based request is enough to enable a service provider to map the IP address of the hotspot to its geographic coordinates, thus compromising the location privacy of all the other connected users. When successful, the service provider can locate users within a few hundreds of meters, thus improving over existing IP-location databases. Even in the case where IPs change periodically (e.g., by using DHCP), the service provider is still able to update a previous (IP, Location) mapping by inferring IP changes from authenticated communications (e.g., cookies). The contribution of this paper is three-fold: (i) We identify a novel location-privacy threat caused by shared public IPs in combination with NAT. (ii) We formalize and analyze the threat theoretically. In particular we derive and provide expressions of the probability that the service provider will learn the mapping and of the expected proportion of victims. (iii) We experimentally assess the state in practice by using real traces (collected from deployed hotspots over a period of 23 days) of users who accessed Google services. We also discuss how existing countermeasures can thwart the threat.

show abstract

Section: Adversary and Threat Modelsmentioning

confidence: 97%

Section: Adversary and Threat Modelsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Location-Privacy Threat Stemming from the Use of Shared Public IP Addresses

Vratonjic

Huguenin

Bindschaedler

et al. 2014

IEEE Trans. on Mobile Comput.

View full text Add to dashboard Cite

show abstract

“…Location privacy is a particularly acute problem as location information is valuable to many parties, because much of information can be inferred from users' locations (e.g., users' interests and activities). Location information is essential for many online service providers [13], especially for those whose business models revolve around personalized services. A prominent example is online advertising, an ever-increasing business with large revenues (e.g., $22.4 billion in the US in 2011 [28]), as so-called location-specific ads based on the location information are significantly more appealing to users [20].…”

Section: Introductionmentioning

confidence: 99%

How Others Compromise Your Location Privacy: The Case of Shared Public IPs at Hotspots

Vratonjic

Huguenin

Bindschaedler

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Location privacy has been extensively studied over the last few years, especially in the context of location-based services where users purposely disclose their location to benefit from convenient contextaware services. To date, however, little attention has been devoted to the case of users' location being unintentionally compromised by others. In this paper, we study a concrete and widespread example of such situations, specifically the location-privacy threat created by access points (e.g., public hotspots) using network address translation (NAT). Indeed, because users connected to the same hotspot share a unique public IP, a single user making a location-based request is enough to enable a service provider to map the IP of the hotspot to its geographic coordinates, thus compromising the location privacy of all the other connected users. When successful, the service provider can locate users within a few hundreds of meters, thus improving over existing IP-location databases. Even in the case where IPs change periodically (e.g., by using DHCP), the service provider is still able to update a previous (IP, Location) mapping by inferring IP changes from authenticated communications (e.g., cookies). The contribution of this paper is three-fold: (i) We identify a novel threat to users' location privacy caused by the use of shared public IPs. (ii) We formalize and analyze theoretically the threat. The resulting framework can be applied to any access-point to quantify the privacy threat. (iii) We experimentally assess the state in practice by using real traces of users accessing Google services, collected from deployed hotspots. Also, we discuss how existing countermeasures can thwart the threat.

show abstract

“…Many previous papers have discussed the usage of geolocation information in day-to-day applications. They vary in fields from law [22,43,44] through information security and fraud prevention [27,11] to various economic aspects [23,25]. However, not many works have focused on the accuracy of geolocation databases.…”

Section: Introductionmentioning

confidence: 99%

A Geolocation Databases Study

Shavitt

Zilberman

2011

IEEE J. Select. Areas Commun.

145

View full text Add to dashboard Cite

Abstract-The geographical location of Internet IP addresses is important for academic research, commercial and homeland security applications. Thus, both commercial and academic databases and tools are available for mapping IP addresses to geographic locations. Evaluating the accuracy of these mapping services is complex since obtaining diverse large scale ground truth is very hard. In this work we evaluate mapping services using an algorithm that groups IP addresses to PoPs, based on structure and delay. This way we are able to group close to 100,000 IP addresses world wide into groups that are known to share a geo-location with high confidence. We provide insight into the strength and weaknesses of IP geolocation databases, and discuss their accuracy and encountered anomalies.

show abstract

The right place at the right time

Abstract: Examining the use of network location in authentication and abuse prevention.

Cited by 8 publications

References 6 publications

A Location-Privacy Threat Stemming from the Use of Shared Public IP Addresses

A Location-Privacy Threat Stemming from the Use of Shared Public IP Addresses

How Others Compromise Your Location Privacy: The Case of Shared Public IPs at Hotspots

A Geolocation Databases Study

Contact Info

Product

Resources

About