Delay-based Internet geolocation techniques are repeatedly positioned as well suited for security-sensitive applications, e.g., location-based access control, and credit-card verification. We present new strategies enabling adversaries to accurately control the forged location. Evaluation showed that using the new strategies, adversaries could misrepre- sent their true locations by over 15000km, and in some cases within 100km of an intended geographic location. This work significantly improves the adversary's control in misrepre- senting its location, directly refuting the appropriateness of current techniques for security-sensitive applications. Wefinally discuss countermeasures to mitigate such strategies.

Additional Metadata
Keywords Geolocation, Internet measurements, Location verification, Location-aware authentication, Location-based services
Persistent URL dx.doi.org/10.1145/3052973.3052993
Conference 2017 ACM Asia Conference on Computer and Communications Security, ASIA CCS 2017
Citation
Abdou, A.R. (Abdel Rahman), Matrawy, A, & Van Oorschot, P. (2017). Accurate manipulation of delay-based internet geolocation. In ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security (pp. 887–898). doi:10.1145/3052973.3052993