I Know Where You are and What You are Sharing

Transcription

1 I Know Where You are and What You are Sharing Exploiting P2P Communications to Invade Users Privacy Stevens Le Blond, Chao Zhang, Arnaud Legout, Keith Ross, Walid Babbous CS558 Presentation Natasa Ntagianta dagianta

2 Introduction Large web sites see our source IP and cookies and can track our whereabouts to some extend - major privacy infringement Major Internet application providers will not disclose this information Can small, less-trustworthy entities periodically track our whereabouts? CS558: Internet Systems and Technologies - Spring

3 Introduction Real-time communication is done peer-to-peer (P2P) P2P nature exposes the IP addresses of all the participants in a conversation to each other VoIP can potentially be used to collect a targeted user s location VoIP can also potentially be combined with P2P file sharing to determine what a user is uploading/downloading CS558: Internet Systems and Technologies - Spring

4 Introduction Technical challenges Alice as attacker Bob as victim For a specific individual can Alice determine with certainty his VoIP ID? Can Alice determine which packets come from Bob, call him inconspicuously and obtain his IP even if Bob blocks her? Is it possible to verify Bob is uploading/downloading specific files, given NATs wide deployment? CS558: Internet Systems and Technologies - Spring

5 Introduction In this paper using a Skype-based developed scheme Find a person s Skype ID and inconspicuously call to find IP, even behind NAT Used periodically to observe the mobility of Skype users Introduce a linkability threat a person s identity can be associated to his Internet usage - using BitTorrent challenge: users are often NATed CS558: Internet Systems and Technologies - Spring

6 Introduction Solution Design the VoIP system so that the callee s IP is not revealed until the user accepts the call Use blacklist to block strangers from calling Anyone in targeted user s contact list can still obtain his IP CS558: Internet Systems and Technologies - Spring

7 Legal and Ethical Considerations Motivation for Running Privacy Measurements Personal information can be correlated in many ways Volunteers One set of 14 research faculty one set of 20 individuals in the world Second set is used to - determine Skype packet patterns - develop and test inconspicuous calling - evaluate accuracy of mobility measurements Anonymized users CS558: Internet Systems and Technologies - Spring

8 Mapping a Person to an IP Address Finding a Person s ID Obvious step input into the directory s search service the person s or birth name Skype provides additional side information along with the results containing the IDs CS558: Internet Systems and Technologies - Spring

9 Mapping a Person to an IP Address Finding a Person s IP Address Given the person s ID it is possible to find the IP address of the machine the person is currently active from Call the Skype ID and sniff the packets received The callee s IP address can be extracted from the source and destination fields of IP datagrams Complication: the call triggers communication with many IPs CS558: Internet Systems and Technologies - Spring

10 Mapping a Person to an IP Address Observation of three identifiable patterns of communication (i) Callee is online and public; (ii) Callee online and behind a NAT; (iii) Callee is offline CS558: Internet Systems and Technologies - Spring

11 Mapping a Person to an IP Address Inconspicuous calling The need to design a scheme so the tracking client exchanges packets directly with the callee arises without notifying the callee of the call If the TCP connections are prevented from being established with the calle, the callee is not notified about the call CS558: Internet Systems and Technologies - Spring

12 Mapping a Person to an IP Address Skype privacy settings White list allows call from people in person s contact list only Black list blocks everyone whose Skype ID is in that list Scheme was tested and in both cases it was possible to retrieve the IP address of the callee Skype privacy setting failed to protect the callee CS558: Internet Systems and Technologies - Spring

13 Mobility of Skype Users MaxMind was used Given an IP address it provides a city, country and AS with high accuracy Obtaining Millions of Skype IDs The Skype API has a search users command that takes a string as parameter and returns a list of users whose information match the string Facebook was used for a list of birth names to obtained to build the search string CS558: Internet Systems and Technologies - Spring

14 Mobility of Skype Users Parallel Calling Several tracking clients were deployed in parallel each calling a subset of randomly picked Skype IDs on an hourly basis - the time s between two successive calls for a given client should be short Simple approach: wait long enough so the complete packet pattern elapses - once a pattern starts, it completes even if the call is terminated - all patterns begin within 3 seconds after making the call CS558: Internet Systems and Technologies - Spring

15 Mobility of Skype Users Cost of the Scaling The number of called users would be increased by one order of magnitude with visualization Running several tracking clients on a machine makes it hard to isolate packets from each one - Solution: run several tracking clients per physical machine, each one in a different virtual machine CS558: Internet Systems and Technologies - Spring

16 Mobility of Skype Users Measurement Results CS558: Internet Systems and Technologies - Spring

17 File-Sharing Usage of Skype Users Basic challenge: many file-sharing users are NATed Exploiting the identification field in the IP datagrams can check whether two different applications run on the same machine Scheme Methodology The Skype Tracker The Infohash Crawler The BitTorrent Crawler CS558: Internet Systems and Technologies - Spring

18 File-Sharing Usage of Skype Users The Skype Tracker To daily call users uses ten tracking clients Analyze packet patterns to determine the latest IP address of these users and temporarily save them to a shared storage IP addresses then loaded from shared storage by the BitTorrent crawler to determine which files are distributed from these IP addresses CS558: Internet Systems and Technologies - Spring

19 File-Sharing Usage of Skype Users The Infohash Crawler Collects file identifiers (infohashes) from the PublicBitTorrent tracker PublicBitTorrent tracker publishes a file with the infohashes it tracks on its website this file is the dump of a scrape-all request This request returns all infohashes of files it is tracking and the number of leechers and seeders CS558: Internet Systems and Technologies - Spring

20 File-Sharing Usage of Skype Users The BitTorrent Crawler Used to obtain the IP addresses participating in the most popular torrent PublicBitTorrent supports an announce started request returning a list of peers participating in a torrent identified by an infohash - limited number of requests per peer Solution: used a decentralized tracker to collect IP addresses - DHT nodes do not implement blacklisting strategies CS558: Internet Systems and Technologies - Spring

21 The NAT Problem Several users can share the same IP address All BitTorrent clients multiplex torrents on a single port picked at random at the client installation and remains the same in subsequent utilizations - it is possible to associate each IP/port pair to a single BitTorrent user A significant fraction of the tested users are behind a NAT and may be not the ones using BitTorrent CS558: Internet Systems and Technologies - Spring

22 The Verifier A tool responsible for definitively establishing whether Skype and BitTorrent are run on the same machine To detect false positives, the predictability of the identification field in the IP datagrams originating from the same machine was leveraged If the distance between the IP-IDs generated by Skype and BitTorrent is small, then it is the same machine, otherwise there is a false positive CS558: Internet Systems and Technologies - Spring

23 The Verifier Limitations Communication can only be initiate to public or NATed peers that accept incoming communications It is assumed that IP-IDs originating from the same machine are predictable, which depends on two conditions - IP-IDs originating from the same machine should be predictable - NATs do not modify the IP-IDs as attributed by the TCP stack of the machine CS558: Internet Systems and Technologies - Spring

24 Experimental Results For each of the top 10 verified users, table shows the number of files shared by that user and whether the user provides a first name, last name, city or country in his Skype profile CS558: Internet Systems and Technologies - Spring

25 Defenses The callee s IP is not revealed to the caller until the callee accepts the call - no longer possible to make inconspicuous calls to a target - if there is a blacklist, no stranger will be able to determine target s IP address and observe its mobility Defense against attacks from contacts is to have calls pass through relays CS558: Internet Systems and Technologies - Spring

26 Defenses Main problem with the relay solution is it detracts from the efficiencies of P2P communications, because - relays must made available to support huge bandwidth demands - access ISPs will see increase of upstream/downstream relay traffic The system can be designed so that the callee can specify for which of his contacts the calls are to be routed through relays CS558: Internet Systems and Technologies - Spring

27 Conclusion It is possible for an attacker, with modest resources to determine the current IP address of identified and targeted Skype user Such an attack could be used for many malicious purposes such as monitoring the mobility and Internet usage of the target This scheme can be easily scaled to not just one user but tens of thousands users simultaneously CS558: Internet Systems and Technologies - Spring