Abstract
Location privacy has been extensively studied over the last few years, especially in the context of location-based services where users purposely disclose their location to benefit from convenient context-aware services. To date, however, little attention has been devoted to the case of users’ location being unintentionally compromised by others.
In this paper, we study a concrete and widespread example of such situations, specifically the location-privacy threat created by access points (e.g., public hotspots) using network address translation (NAT). Indeed, because users connected to the same hotspot share a unique public IP, a single user making a location-based request is enough to enable a service provider to map the IP of the hotspot to its geographic coordinates, thus compromising the location privacy of all the other connected users. When successful, the service provider can locate users within a few hundreds of meters, thus improving over existing IP-location databases. Even in the case where IPs change periodically (e.g., by using DHCP), the service provider is still able to update a previous (IP, Location) mapping by inferring IP changes from authenticated communications (e.g., cookies).
The contribution of this paper is three-fold: (i) We identify a novel threat to users’ location privacy caused by the use of shared public IPs. (ii) We formalize and analyze theoretically the threat. The resulting framework can be applied to any access-point to quantify the privacy threat. (iii) We experimentally assess the state in practice by using real traces of users accessing Google services, collected from deployed hotspots. Also, we discuss how existing countermeasures can thwart the threat.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Agrawal, R., Srikant, R.: Privacy-Preserving Data Mining. In: SIGMOD (2000)
Ardagna, C.A., Cremonini, M., De Capitani di Vimercati, S., Samarati, P.: An Obfuscation-Based Approach for Protecting Location Privacy. IEEE Transactions on Dependable Secure Computing 8(1), 13–27 (2011)
Beresford, A., Stajano, F.: Location Privacy in Pervasive Computing. IEEE Perv. Comp. 2, 46–55 (2003)
Casado, M., Freedman, M.J.: Peering Through the Shroud: The Effect of Edge Opacity on IP-Based Client Identification. In: NSDI (2007)
Chaum, D.L.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communications of the ACM 24(2), 84–90 (1981)
CNN: Your Phone Company is Selling Your Personal Data (2011), http://money.cnn.com/2011/11/01/technology/verizon_att_sprint_tmobile_privacy
Danezis, G., Dingledine, R., Hopwood, D., Mathewson, N.: Mixminion: Design of a Type III Anonymous Remailer Protocol. In: S&P, pp. 2–15 (2003)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-generation Onion Router. In: USENIX Security (2004)
Federal Trade Commission: Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers. Report (2010)
Freedman, M.J., Vutukuru, M., Feamster, N., Balakrishnan, H.: Geographic Locality of IP Prefixes. In: IMC (2005)
Ghosh, A., Jana, R., Ramaswami, V., Rowland, J., Shankaranarayanan, N.: Modeling and Characterization of Large-Scale Wi-Fi Traffic in Public Hot-Spots. In: INFOCOM (2011)
Golle, P., Partridge, K.: On the Anonymity of Home/Work Location Pairs. In: Tokuda, H., Beigl, M., Friday, A., Brush, A.J.B., Tobe, Y. (eds.) Pervasive 2009. LNCS, vol. 5538, pp. 390–397. Springer, Heidelberg (2009)
Goodell, G., Syverson, P.: The right place at the right time. Communications of the ACM 50(5), 113–117 (2007)
Google Engineering Center Zurich: Technology and Innovation for Web Search. Private communication (October 2012)
Google Privacy Policy (2012), http://www.google.com/intl/en/policies/privacy/
Gruteser, M., Grunwald, D.: Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking. In: MobiSys (2003)
Guo, C., Liu, Y., Shen, W., Wang, H., Yu, Q., Zhang, Y.: Mining the Web and the Internet for Accurate IP Address Geolocations. In: INFOCOM (2009)
Hoh, B., Gruteser, M., Xiong, H., Alrabady, A.: Enhancing Security and Privacy in Traffic-Monitoring Systems. IEEE Perv. Comp. 5, 38–46 (2006)
HostIP: My IP Address Lookup and Geotargeting Community Geotarget IP Project, http://www.hostip.info/
Targeting Local Markets: An IAB Interactive Advertising Guide. Interactive Advertising Bureau (2010)
Katz-Bassett, E., John, J.P., Krishnamurthy, A., Wetherall, D., Anderson, T., Chawathe, Y.: Towards IP Geolocation Using Delay and Topology Measurements. In: IMC (2006)
Kido, H., Yanagisawa, Y., Satoh, T.: An Anonymous Communication Technique using Dummies for Location-Based Services. In: ICPS, pp. 88–97 (2005)
Krumm, J.: Inference Attacks on Location Tracks. In: LaMarca, A., Langheinrich, M., Truong, K.N. (eds.) Pervasive 2007. LNCS, vol. 4480, pp. 127–143. Springer, Heidelberg (2007)
Geolocation and online fraud prevention by MaxMind, http://www.maxmind.com/
Muir, J.A., Oorschot, P.C.V.: Internet Geolocation: Evasion and Counterevasion. ACM Computing Survey 42, 4:1–4:23 (2009)
Patil, S., Norcie, G., Kapadia, A., Lee, A.: “Check Out Where I Am!”: Location-Sharing Motivations, Preferences, and Practices. In: CHI (2012)
Poese, I., Uhlig, S., Kaafar, M.A., Donnet, B., Gueye, B.: IP Geolocation Databases: Unreliable? ACM SIGCOMM CCR 41, 53–56 (2011)
PricewaterhouseCoopers: Internet Advertising Revenue Report (2011)
Raghavan, B., Kohno, T., Snoeren, A.C., Wetherall, D.: Enlisting ISPs to Improve Online Privacy: IP Address Mixing by Default. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 143–163. Springer, Heidelberg (2009)
Ross, S.M.: Stochastic Processes. Wiley (1995)
Shokri, R., Theodorakopoulos, G., Le Boudec, J.Y., Hubaux, J.P.: Quantifying Location Privacy. In: S&P (2011)
Skyhook Location Perf, http://www.skyhookwireless.com/location-technology
Telefonica implement NAT for DSL users (2012), http://bandaancha.eu/articulo/7844/usuarios-adsl-movistar/compartiran-misma-ip-mediante-nat-escasear-ipv4
Tor Metrics Portal, https://metrics.torproject.org
USA Department of Defenses: Global Positioning System: Standard Positioning Service Performance Standard (2008)
Vratonjic, N., Huguenin, K., Bindschaedler, V., Dubovitskaya, A., Hubaux, J.P.: Location Privacy Threats at Public Hotspots. Tech. rep., EPFL (2013)
Wang, Y., Burgener, D., Flores, M., Kuzmanovic, A., Huang, C.: Towards Street-Level Client-Independent IP Geolocation. In: NSDI (2011)
Xie, Y., Yu, F., Achan, K., Gillum, E., Goldszmidt, M., Wobber, T.: How Dynamic are IP Addresses? In: SIGCOMM (2007)
Yen, T.F., Xie, Y., Yu, F., Yu, R.P., Abadi, M.: Host Fingerprinting and Tracking on the Web: Privacy and Security Implications. In: NDSS (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vratonjic, N., Huguenin, K., Bindschaedler, V., Hubaux, JP. (2013). How Others Compromise Your Location Privacy: The Case of Shared Public IPs at Hotspots. In: De Cristofaro, E., Wright, M. (eds) Privacy Enhancing Technologies. PETS 2013. Lecture Notes in Computer Science, vol 7981. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39077-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-39077-7_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39076-0
Online ISBN: 978-3-642-39077-7
eBook Packages: Computer ScienceComputer Science (R0)