Abstract
In nowadays’ Internet, websites rely more and more on obtaining users’ geolocation to provide customized services. However, besides Internet giants such as Google, who retains a large amount of detailed user information, most websites still rely on IP addresses for user geolocation, which is proven inaccurate and misleading by existing studies. In this paper, we propose a novel approach, namely CacheLoc, for coarse-grained user geolocation leveraging widely-deployed content delivery networks (CDNs). This work is motivated by the fact that CDN providers deploy a number of edge servers that are geographically distributed across the world. Many of these edge servers are assigned with unique identifiers that are tied to their location, which can be easily retrieved by inspecting HTTP responses headers served by these edge servers. As a result, a website can infer coarse-grained user location by asking a user to send an HTTP request to an arbitrary domain that is known being served by a CDN, and inspecting the corresponding responses. To evaluate the usability and accuracy of the cache-based user geolocation, we conducted practical experiments based on a commercial VPN with over 160 endpoints distributed in 94 countries. Our experiments demonstrate that cache-based geolocation can achieve at least accurate country-level granularity in the regions where CDN edge servers are densely deployed. Our work sheds light on a novel light-weight and self-contained user geolocation solution.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
IP2Location: Ip2location (2020). https://www.ip2location.com/
Whois: Whois (2020). https://www.whois.net/
Schwartz, M.J.: Google wardriving: how engineering trumped privacy (2020). https://www.darkreading.com/risk-management/google-wardriving-how-engineering-trumped-privacy/d/d-id/1104126
Li, M., Luo, X., Shi, W., Chai, L.: City-level IP geolocation based on network topology community detection. In: 2017 International Conference on Information Networking (ICOIN), pp. 578–583. IEEE (2017)
Google: Geolocation API developer guide (2020). https://developers.google.com/maps/documentation/geolocation/intro
Taylor, J., Devlin, J., Curran, K.: Bringing location to IP addresses withIP geolocation. J. Emerg. Technol. Web Intell. 4, 273–277 (2012)
Poese, I., Uhlig, S., Kaafar, M.A., Donnet, B., Gueye, B.: IP geolocation databases: unreliable? ACM SIGCOMM Comput. Commun. Rev. 41(2), 53–56 (2011)
Shavitt, Y., Zilberman, N.: A geolocation databases study. IEEE J. Sel. Areas Commun. (JSAC) 29, 2044–2056 (2011)
MaxMind: Maxmind (2020). https://www.maxmind.com/en/home
Ipinfodb: Ipinfodb (2020). https://ipinfodb.com/
Google maps platform. https://developers.google.com/maps/documentation/javascript/geolocation
Bizety: CDN market size in 2015 and 2019 (2020). https://www.bizety.com/2015/08/15/cdn-market-size-in-2015-and-2019-2/
Loulloudes, N., Pallis, G., Dikaiakos, M.D.: Information dissemination in mobile CDNs. In: Buyya, R., Pathan, M., Vakali, A. (eds.) Content Delivery Networks. LNEE, vol. 9, pp. 343–366. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-77887-5_14
Amazon: Amazon cloudfront (2020). https://www.godaddy.com/
How fastly builds pops
Same origin policy
MDN web docs: Cross-origin resource sharing (CORS) (2020). https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
MDN web docs: Access-control-expose-headers (2020). https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
The majestic million. https://majestic.com/reports/majestic-million
United states CDN. https://www.cdnplanet.com/geo/united-states-cdn/
The cloudflare global anycast network. https://www.cloudflare.com/network/
Cloudflare: Cloudflare (2020). https://www.cloudflare.com/
Fastly: Fastly (2020). https://www.fastly.com/
Accessing Fastly’s IP ranges. https://docs.fastly.com/en/guides/accessing-fastlys-ip-ranges
Locations and IP address ranges of CloudFront edge servers. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html
Cloudflare IP ranges. https://www.cloudflare.com/ips/
Holowczak, J., Houmansadr, A.: Cachebrowser: bypassing chinese censorship without proxies using cached content. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 70–83 (2015)
What is anycast? How does anycast work? https://www.cloudflare.com/learning/cdn/glossary/anycast-network/
A new architecture for the modern internet. https://www.fastly.com/network-map
Amazon CloudFront key features. https://aws.amazon.com/cloudfront/features/
Alibaba: Alibaba cloud’s global infrastructure (2020). https://www.alibabacloud.com/global-locations
Planet Lab: Planet lab (2020). https://www.planet-lab.org/
Express VPN: Express VPN (2020). https://www.expressvpn.com/vpn-server
4n6.com: Cell phone triangulation (2020). https://4n6.com/cell-phone-triangulation/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Appendix
A Appendix
Rights and permissions
Copyright information
© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Wei, M., Rabieh, K., Kaleem, F. (2020). CacheLoc: Leveraging CDN Edge Servers for User Geolocation. In: Park, N., Sun, K., Foresti, S., Butler, K., Saxena, N. (eds) Security and Privacy in Communication Networks. SecureComm 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 336. Springer, Cham. https://doi.org/10.1007/978-3-030-63095-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-63095-9_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63094-2
Online ISBN: 978-3-030-63095-9
eBook Packages: Computer ScienceComputer Science (R0)