This post is the second in a three-part series summarizing recent efforts towards protecting Internet geolocation services from manipulation.
In the previous article, we introduced different methods of inferring the location of an Internet-connected device. Internet hosts may be located using techniques such as GPS, Wi-Fi Positioning System (WPS), IP-address-based location lookup, cell-tower triangulation, or network (latency) measurements. We also discovered that the accuracy of some common geolocation techniques can be affected by forgery or network manipulation.
So why is secure client geolocation important?
Internet geolocation of clients is increasingly being used as a reinforcement to authentication and transaction validation mechanisms, and as an element in content delivery systems. Current uses include:
- Authentication: confirming client identity and preventing impersonation and identity theft. Preventing impersonation not only protects the end user from fraud but preserves the integrity of the system they are authenticating with, for example, an online voting system.
- Regulation: content providers and online retailers use Internet geolocation to comply with region-based legal restrictions such as copyright, censorship, and trade agreements.
- Customization: online services can tailor the content they provide to users based on location.
Client Presence Verification (CPV)
CPV is a measurement-based technique designed to verify the geographic locations of web users (clients) over the Internet. It assumes that the client is motivated to misrepresent its location for reasons including gaining location-dependent benefits, bypassing authentication, or avoiding accountability.
CPV’s design considers location-forging tactics like delay manipulation, VPNs and anonymizers. It does not fundamentally rely on clients’ IP addresses, nor does it determine geographic locations. Rather, it verifies an asserted (unverified) location, typically reported by the client.
The client’s location could be asserted by using the client’s GPS coordinates, IP address, or even by asking the end user to explicitly report their street address in a form during login.
To verify asserted locations, CPV relies on a network of geographically scattered verifiers. When a client reports (asserts) its location, three verifiers surrounding the location measure network delays between themselves and the client’s browser. These measurements are then compared with measurements between the verifiers themselves (repeated a number of times to account for network irregularities) to determine whether the client is somewhere within the triangular area covered by the three verifiers.
CPV verifiers measure network delays based on the smaller of the forward and reverse one-way delay (OWD) measurements, using the Minimum Pairs (MP) protocol. MP ensures operational integrity by requiring both clock synchronization and the distribution of pre-shared keys between the three verifiers.
CPV also guards against attempts to use a middlebox masquerading as the client by generating a cryptographic client puzzle with each timestamp message, which the client’s browser must solve before forwarding the message (timestamp and puzzle solution) to the verifiers.
It is in a middlebox’s interest to solve these puzzles on behalf of their clients, since forwarding the puzzle would reveal the client’s true location. The more clients a middlebox acts for, the higher the queuing delay, eventually causing CPV to reject the location assertions of all middlebox-connected clients.
In testing on PlanetLab, a distributed testbed for Internet measurement research and network experiments, CPV reached a false accept rate of 1% and false reject rate of 2%. Performance suffered slightly on a Wi-Fi access network due to higher delays, but could be improved with a greater number of iterations.
A live demo of CPV is currently running on: http://cpv.ccsl.carleton.ca.
This post was adapted from an article that featured in ;login: titled “Secure client and server geolocation over the Internet”.
AbdelRahman Abdou is a Postdoctoral Researcher in the Department of Computer Science at ETH Zurich, Switzerland.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.