Skip to main content

Agenda IETF117: maprg
agenda-117-maprg-00

The information below is for an old version of the document.
Meeting Agenda Measurement and Analysis for Protocols (maprg) RG Snapshot
Date and time 2023-07-28 16:30
Title Agenda IETF117: maprg
State Active
Other versions markdown
Last updated 2023-07-13

agenda-117-maprg-00

IRTF maprg agenda for IETF-116 (San Francisco)

Date: Friday, 28 July 2023, Session I 0930-1130

Full client with Video: https://meetecho.ietf.org/conference/?group=maprg&short=maprg&item=1

Room: Continetal 6

IRTF Note Well: https://irtf.org/policies/irtf-note-well-2019-11.pdf

Overview and Status - Mirja/Dave (5 min)

IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level Geolocation - Robert Beverly (15 mins)

Web Privacy By Design: Evaluating Cross-layer Interactions of QUIC, DNS and H/3 - Jayasree Sengupta (15 mins)

Exploring the Cookieverse: A Multi-Perspective Analysis of Web

Cookies - Ali Rasaii (remote) (15 mins)

Internet Scale Reverse Traceroute - Kevin Vermeulen (remote) (15 mins)

Abstracts

IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level Geolocation

Authors:

Erik C. Rye and Robert Beverly

Abstract:

We present IPvSeeYou, a privacy attack that permits a remote and unprivileged adversary to physically geolocate many residential IPv6 hosts and networks with street-level precision. The crux of our method involves: 1) remotely discovering wide area (WAN) hardware MAC addresses from home routers; 2) correlating these MAC addresses with their WiFi BSSID counterparts of known location; and 3) extending coverage by associating devices connected to a common penultimate provider router.

We first obtain a large corpus of MACs embedded in IPv6 addresses via high-speed network probing. These MAC addresses are effectively leaked up the protocol stack and largely represent WAN interfaces of residential routers, many of which are all-in-one devices that also provide WiFi. We develop a technique to statistically infer the mapping between a router's WAN and WiFi MAC addresses across manufacturers and devices, and mount a large-scale data fusion attack that correlates WAN MACs with WiFi BSSIDs available in wardriving (geolocation) databases. Using these correlations, we geolocate the IPv6 prefixes of >12M routers in the wild across 146 countries and territories. Selected validation confirms a median geolocation error of 39 meters. We then exploit technology and deployment constraints to extend the attack to a larger set of IPv6 residential routers by clustering and associating devices with a common penultimate provider router. While we responsibly disclosed our results to several manufacturers and providers, the ossified ecosystem of deployed residential cable and DSL routers suggests that our attack will remain a privacy threat into the foreseeable future.

Publication:

Proceedings of IEEE Symposium on Security and Privacy (IEEE S&P),
San Francisco, CA, May 2023 (to appear).

Web Privacy By Design: Evaluating Cross-layer Interactions of QUIC, DNS and H/3

Authors:

Jayasree Sengupta, Mike Kosek, Justus Fries, Pratyush Dikshit, and Vaibhav Bajpai

Abstract:

Every Web session involves a DNS resolution. While, in the last decade, we witnessed a promising trend towards an encrypted Web in general, DNS encryption has only recently gained traction with the standardisation of DNS over TLS (DoT) and DNS over HTTPS (DoH). Meanwhile, the rapid rise of QUIC deployment has now opened up an exciting opportunity to utilise the same protocol to not only encrypt Web communications, but also DNS. In this paper, we evaluate this benefit of using QUIC to coalesce name resolution via DNS over QUIC (DoQ), and Web content delivery via HTTP/3 (H3) with 0-RTT. We compare this scenario using several possible combinations where H3 is used in conjunction with DoH and DoQ, as well as the unencrypted DNS over UDP (DoUDP). We observe, that when using H3 1-RTT, page load times with DoH can get inflated by >30% over fixed-line and by >50% over mobile when compared to unencrypted DNS with DoUDP. However, this cost of encryption can be drastically reduced when encrypted connections are coalesced (DoQ + H3 0-RTT), thereby reducing the page load times by 1/3 over fixed- line and 1/2 over mobile, overall making connection coalescing with QUIC the best option for encrypted communication on the Internet.

Publication:

Exploring the Cookieverse: A Multi-Perspective Analysis of Web

Cookies

Authors:

Ali Rasaii, Shivani Singh, Devashish Gosain, and Oliver Gasser

Abstract:

This paper presents a global study on web cookies and their impact on
user privacy. We analyze cookie banners prevalence, privacy law
effectiveness in particular GDPR, cookie behavior across geographic
locations, website consistency, and other factors that might impact
cookies distribution. The main contributions are as follows:
- Automated Interaction with Cookie Banners: We develop BannerClick, an
automated tool using Selenium browser automation and built on OpenWPM,
to detect and interact with cookie banners. BannerClick achieves a 99%
accuracy rate in detecting banners embedded on main pages, iFrames, and
ShadowDOM. It can effectively interact with banners for both acceptance
and rejection, with accuracy rates of 97% and 87% respectively.
- Analysis of Cookies and Cookie Banners Distribution: Our study reveals
that around half of the top 10k websites listed on Tranco display cookie
banners when accessed from EU countries, almost double the rate in
non-EU countries. We compare observed cookies, particularly third-party
and tracking cookies, between EU and non-EU locations, finding that
tracking cookies are more prevalent in non-EU countries.
- Consistency of Websites: Statistical tests are conducted to assess
cookie consistency within and between different locations. We identify
greater cookie consistency within the EU and significant differences
between EU and non-EU countries.
- Other Factors Impacting Cookie Differences: We investigate variations
in cookies between landing and inner pages of websites, as well as
discrepancies between desktop and mobile platforms. These differences
are emphasized as important considerations for future research and
analysis.
- CCPA Efficacy: Additionally, we analyze the impact of privacy laws
such as CCPA on web cookies, challenging assumptions about their direct
positive impact.
The source code for BannerClick and analysis scripts are publicly
available at https://github.com/bannerclick/bannerclick

Publication:

Proceedings of the 2023 Passive and Active Measurement: 24th
International Conference, PAM 2023

Internet Scale Reverse Traceroute

Authors:

K. Vermeulen, E. Gurmericliler, I. Cunha, D. Choffnes, E. Katz-Bassett.

Abstract:

Knowledge of Internet paths allows operators and researchers to better understand the Internet and troubleshoot problems. Paths are often asymmetric, so measuring just the forward path only gives partial visibility. Despite the existence of Reverse Traceroute, a technique that captures reverse paths (the sequence of routers traversed by traffic from an arbitrary, uncontrolled destination to a given source), this technique did not fulfill the needs of operators and the research community, as it had limited coverage, low throughput, and inconsistent accuracy. In this paper we design, implement and evaluate revtr 2.0, an Internet-scale Reverse Traceroute system that combines novel measurement approaches and studies with a large-scale deployment to improve throughput, accuracy, and coverage, enabling the first exploration of reverse paths at Internet scale. revtr 2.0 can run 15M reverse traceroutes in one day. This scale allows us to open the system to external sources and users, and supports tasks such as traffic engineering and troubleshooting.

Publication: