I Know Where You are and What You are Sharing: Exploiting P2P Communications to Invade Users' Privacy

Abstract : In this paper, we show how to exploit real-time communication applications to determine the IP address of a targeted user. We focus our study on Skype, although other real-time communication applications may have similar privacy issues. We first design a scheme that calls an identified-targeted user inconspicuously to find his IP address, which can be done even if he is behind a NAT. By calling the user periodically, we can then observe the mobility of the user. We show how to scale the scheme to observe the mobility patterns of tens of thousands of users. We also consider the linkability threat, in which the identified user is linked to his Internet usage. We illustrate this threat by combining Skype and BitTorrent to show that it is possible to determine the filesharing usage of identified users. We devise a scheme based on the identification field of the IP datagrams to verify with high accuracy whether the identified user is participating in specific torrents. We conclude that any Internet user can leverage Skype, and potentially other real-time communication systems, to observe the mobility and filesharing usage of tens of millions of identified users.
Document type :
Conference papers
IMC’2011, Nov 2011, Berlin, Germany. 2011


https://hal.inria.fr/inria-00632780
Contributor : Stevens Le Blond <>
Submitted on : Saturday, October 15, 2011 - 4:04:38 PM
Last modification on : Wednesday, February 24, 2016 - 1:04:33 AM
Document(s) archivé(s) le : Monday, January 16, 2012 - 2:20:51 AM

Files

skype.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

  • HAL Id : inria-00632780, version 1

Collections

Citation

Stevens Le Blond, Chao Zhang, Arnaud Legout, Keith Ross, Walid Dabbous. I Know Where You are and What You are Sharing: Exploiting P2P Communications to Invade Users' Privacy. IMC’2011, Nov 2011, Berlin, Germany. 2011. <inria-00632780>

Export

Share

Metrics

Record views

2435

Document downloads

1031