[ZISC Lunch Seminar] Towards Securely Verifying Location Claims on the Internet

Wed 05Jul2017

AbdelRahman Abdou, Carleton University

From 12.00 until 13.30

At CNB/F/110 (Lunch) + CNB/F/100.9 (Seminar), ETH Zurich

Universitätstrasse 6, 8092 Zurich

Abstract:

The number of security-sensitive location-aware services over the Internet continues to grow, such as location-aware authentication, location-aware access policies, fraud prevention, complying with media licensing, and regulating online gambling/voting. An adversary can evade existing Internet geolocation techniques, e.g., by faking GPS coordinates or employing a non-local IP address through proxy servers and virtual private networks. I will present Client Presence Verification (CPV), which is a measurement-based technique designed to verify an assertion about a device's presence inside a prescribed geographic region. CPV does not identify devices by their IP addresses. Rather, the device's location is corroborated in a novel way by leveraging geometric properties of triangles, which prevents an adversary from manipulating network delays to its favor. To achieve high accuracy, CPV mitigates Internet path asymmetry using a novel method to deduce one-way application-layer delays to/from the client's participating device, and mines these delays for evidence supporting/refuting the asserted location. I will present CPV's evaluation results, including the granularity of the verified location and the verification time, and summarize some lessons we learned throughout the process.

Download Event to Calendar