How Others Compromise Your Location Privacy: The Case of Shared Public IPs at Hotspots

Détails

Ressource 1Télécharger: Vratonjic13PETS.pdf (621.87 [Ko])
Etat: Public
Version: de l'auteur⸱e
ID Serval
serval:BIB_F7B0E160A214
Type
Actes de conférence (partie): contribution originale à la littérature scientifique, publiée à l'occasion de conférences scientifiques, dans un ouvrage de compte-rendu (proceedings), ou dans l'édition spéciale d'un journal reconnu (conference proceedings).
Collection
Publications
Titre
How Others Compromise Your Location Privacy: The Case of Shared Public IPs at Hotspots
Titre de la conférence
Proceedings of the 13th Privacy Enhancing Technologies Symposium (PETS)
Auteur⸱e⸱s
Vratonjic N., Huguenin K., Bindschaedler V., Hubaux J.-P.
Editeur
Springer
ISBN
978-3-642-39076-0
978-3-642-39077-7
ISSN
0302-9743
1611-3349
Statut éditorial
Publié
Date de publication
2013
Peer-reviewed
Oui
Série
Lecture Notes in Computer Science
Pages
123-142
Langue
anglais
Résumé
Location privacy has been extensively studied over the last few years, especially in the context of location-based services where users purposely disclose their location to benefit from convenient context-aware services. To date, however, little attention has been devoted to the case of users’ location being unintentionally compromised by others.
In this paper, we study a concrete and widespread example of such situations, specifically the location-privacy threat created by access points (e.g., public hotspots) using network address translation (NAT). Indeed, because users connected to the same hotspot share a unique public IP, a single user making a location-based request is enough to enable a service provider to map the IP of the hotspot to its geographic coordinates, thus compromising the location privacy of all the other connected users. When successful, the service provider can locate users within a few hundreds of meters, thus improving over existing IP-location databases. Even in the case where IPs change periodically (e.g., by using DHCP), the service provider is still able to update a previous (IP, Location) mapping by inferring IP changes from authenticated communications (e.g., cookies).
The contribution of this paper is three-fold: (i) We identify a novel threat to users’ location privacy caused by the use of shared public IPs. (ii) We formalize and analyze theoretically the threat. The resulting framework can be applied to any access-point to quantify the privacy threat. (iii) We experimentally assess the state in practice by using real traces of users accessing Google services, collected from deployed hotspots. Also, we discuss how existing countermeasures can thwart the threat.
Création de la notice
30/11/2016 17:06
Dernière modification de la notice
20/08/2019 16:23
Données d'usage