A Location-Privacy Threat Stemming from the Use of Shared Public IP
Details
Download: BIB_933C5DE362B5.P001.pdf (767.83 [Ko])
State: Public
Version: author
State: Public
Version: author
Serval ID
serval:BIB_933C5DE362B5
Type
Article: article from journal or magazin.
Collection
Publications
Institution
Title
A Location-Privacy Threat Stemming from the Use of Shared Public IP
Journal
IEEE Transactions on Mobile Computing
ISSN
1536-1233
Publication state
Published
Issued date
11/2014
Peer-reviewed
Oui
Volume
13
Number
11
Pages
2445-2457
Language
english
Abstract
This paper presents a concrete and widespread example of situation where a user's location privacy is unintentionally compromised by others, specifically the location-privacy threat that exists at access points (public hotspots, FON, home routers, etc.) that have a single public IP and make use of network address translation (NAT). As users connected to the same hotspot share a unique public IP address, a single user's making a location-based request is enough to enable a service provider to map the IP address of the hotspot to its geographic coordinates, thus compromising the location privacy of all the other connected users. When successful, the service provider can locate users within a few hundreds of meters, thus improving over existing IP-location databases. Even in the case where IPs change periodically (e.g., by using DHCP), the service provider is still able to update a previous (IP, Location) mapping by inferring IP changes from authenticated communications (e.g., cookies). The contribution of this paper is three-fold: (i) We identify a novel location-privacy threat caused by shared public IPs in combination with NAT. (ii) We formalize and analyze the threat theoretically. In particular we derive and provide expressions of the probability that the service provider will learn the mapping and of the expected proportion of victims. (iii) We experimentally assess the state in practice by using real traces (collected from deployed hotspots over a period of 23 days) of users who accessed Google services. We also discuss how existing countermeasures can thwart the threat.
Keywords
Location privacy, Network address translation (NAT), IP-geolocation
Web of science
Publisher's website
Create date
03/11/2016 13:25
Last modification date
20/08/2019 14:56