I Know Where You are and What You are Sharing: Exploiting P2P Communications to Invade Users' Privacy

Abstract : In this paper, we show how to exploit real-time communication applications to determine the IP address of a targeted user. We focus our study on Skype, although other real-time communication applications may have similar privacy issues. We first design a scheme that calls an identified-targeted user inconspicuously to find his IP address, which can be done even if he is behind a NAT. By calling the user periodically, we can then observe the mobility of the user. We show how to scale the scheme to observe the mobility patterns of tens of thousands of users. We also consider the linkability threat, in which the identified user is linked to his Internet usage. We illustrate this threat by combining Skype and BitTorrent to show that it is possible to determine the filesharing usage of identified users. We devise a scheme based on the identification field of the IP datagrams to verify with high accuracy whether the identified user is participating in specific torrents. We conclude that any Internet user can leverage Skype, and potentially other real-time communication systems, to observe the mobility and filesharing usage of tens of millions of identified users.
Type de document :
Communication dans un congrès
IMC’2011, Nov 2011, Berlin, Germany. 2011


https://hal.inria.fr/inria-00632780
Contributeur : Stevens Le Blond <>
Soumis le : samedi 15 octobre 2011 - 16:04:38
Dernière modification le : mercredi 24 février 2016 - 01:04:33
Document(s) archivé(s) le : lundi 16 janvier 2012 - 02:20:51

Fichiers

skype.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

  • HAL Id : inria-00632780, version 1

Collections

Citation

Stevens Le Blond, Chao Zhang, Arnaud Legout, Keith Ross, Walid Dabbous. I Know Where You are and What You are Sharing: Exploiting P2P Communications to Invade Users' Privacy. IMC’2011, Nov 2011, Berlin, Germany. 2011. <inria-00632780>

Exporter

Partager

Métriques

Consultations de
la notice

2613

Téléchargements du document

1248