I know where you are and what you are sharing: exploiting P2P communications to invade users' privacy

Authors:
Stevens Le Blond;Chao Zhang;Arnaud Legout;Keith Ross;Walid Dabbous
Affiliations:
Max Planck Institute for Software Systems, Kaiserslautern, Germany;Polytechnic Institute of NYU, New York, USA;INRIA, Sophia Antipolis, France;Polytechnic Institute of NYU, New York, USA;INRIA, Sophia Antipolis, France
Venue:
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Year:
2011

Citing 16
Cited 0

A technique for counting natted hosts

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Remote Physical Device Fingerprinting

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Tor: the second-generation onion router

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Why and How to Perform Fraud Experiments

IEEE Security and Privacy
Challenges and directions for monitoring P2P file sharing networks-or: why my printer received a DMCA takedown notice

HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Monitoring the Bittorrent Monitors: A Bird's Eye View

PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
Where's that phone?: geolocating IP addresses on 3G networks

Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Identity trail: covert surveillance using DNS

PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
A Practical Attack to De-anonymize Social Network Users

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Privacy-preserving P2P data sharing with OneSwarm

Proceedings of the ACM SIGCOMM 2010 conference
Spying the world from your laptop: identifying and profiling content providers and big downloaders in BitTorrent

LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Crawling BitTorrent DHTs for fun and profit

WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
One bad apple spoils the bunch: exploiting P2P applications to trace and profile Tor users

LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
Towards street-level client-independent IP geolocation

Proceedings of the 8th USENIX conference on Networked systems design and implementation
Unraveling the BitTorrent Ecosystem

IEEE Transactions on Parallel and Distributed Systems
What's in a name: a study of names, gender inference, and gender behavior in facebook

DASFAA'11 Proceedings of the 16th international conference on Database systems for advanced applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we show how to exploit real-time communication applications to determine the IP address of a targeted user. We focus our study on Skype, although other real-time communication applications may have similar privacy issues. We first design a scheme that calls an identified-targeted user inconspicuously to find his IP address, which can be done even if he is behind a NAT. By calling the user periodically, we can then observe the mobility of the user. We show how to scale the scheme to observe the mobility patterns of tens of thousands of users. We also consider the linkability threat, in which the identified user is linked to his Internet usage. We illustrate this threat by combining Skype and BitTorrent to show that it is possible to determine the filesharing usage of identified users. We devise a scheme based on the identification field of the IP datagrams to verify with high accuracy whether the identified user is participating in specific torrents. We conclude that any Internet user can leverage Skype, and potentially other real-time communication systems, to observe the mobility and filesharing usage of tens of millions of identified users.