I Know Where You are and What You are Sharing: Exploiting P2P Communications to Invade Users' Privacy

Abstract : In this paper, we show how to exploit real-time communication applications to determine the IP address of a targeted user. We focus our study on Skype, although other real-time communication applications may have similar privacy issues. We first design a scheme that calls an identified-targeted user inconspicuously to find his IP address, which can be done even if he is behind a NAT. By calling the user periodically, we can then observe the mobility of the user. We show how to scale the scheme to observe the mobility patterns of tens of thousands of users. We also consider the linkability threat, in which the identified user is linked to his Internet usage. We illustrate this threat by combining Skype and BitTorrent to show that it is possible to determine the filesharing usage of identified users. We devise a scheme based on the identification field of the IP datagrams to verify with high accuracy whether the identified user is participating in specific torrents. We conclude that any Internet user can leverage Skype, and potentially other real-time communication systems, to observe the mobility and filesharing usage of tens of millions of identified users.
Document type :
Journal articles
Internet Measurement Conference (ACM/USENIX IMC), ACM/USENIX, 2011

Contributor : Stevens Le Blond <>
Submitted on : Saturday, October 15, 2011 - 4:04:38 PM
Last modification on : Friday, January 6, 2012 - 11:53:45 AM
Document(s) archivé(s) le : Monday, January 16, 2012 - 2:20:51 AM




  • HAL Id : inria-00632780, version 1



Stevens Le Blond, Chao Zhang, Arnaud Legout, Keith Ross, Walid Dabbous. I Know Where You are and What You are Sharing: Exploiting P2P Communications to Invade Users' Privacy. Internet Measurement Conference (ACM/USENIX IMC), ACM/USENIX, 2011. <inria-00632780>




Notice views


Document downloads