I Know Where You are and What You are Sharing: Exploiting P2P Communications to Invade Users' Privacy

Abstract : In this paper, we show how to exploit real-time communication applications to determine the IP address of a targeted user. We focus our study on Skype, although other real-time communication applications may have similar privacy issues. We first design a scheme that calls an identified-targeted user inconspicuously to find his IP address, which can be done even if he is behind a NAT. By calling the user periodically, we can then observe the mobility of the user. We show how to scale the scheme to observe the mobility patterns of tens of thousands of users. We also consider the linkability threat, in which the identified user is linked to his Internet usage. We illustrate this threat by combining Skype and BitTorrent to show that it is possible to determine the filesharing usage of identified users. We devise a scheme based on the identification field of the IP datagrams to verify with high accuracy whether the identified user is participating in specific torrents. We conclude that any Internet user can leverage Skype, and potentially other real-time communication systems, to observe the mobility and filesharing usage of tens of millions of identified users.
Document type :
Journal articles
Internet Measurement Conference (ACM/USENIX IMC), ACM/USENIX, 2011


https://hal.inria.fr/inria-00632780
Contributor : Stevens Le Blond <>
Submitted on : Saturday, October 15, 2011 - 4:04:38 PM
Last modification on : Friday, January 6, 2012 - 11:53:45 AM

Files

skype.pdf
fileSource_public_author

Identifiers

  • HAL Id : inria-00632780, version 1

Collections

Citation

Stevens Le Blond, Chao Zhang, Arnaud Legout, Keith Ross, Walid Dabbous. I Know Where You are and What You are Sharing: Exploiting P2P Communications to Invade Users' Privacy. Internet Measurement Conference (ACM/USENIX IMC), ACM/USENIX, 2011. <inria-00632780>

Export

Share

Metrics

Consultation de
la notice

1852

Téléchargement du document

487