I Know Where You are and What You are Sharing

[Nytro]

I Know Where You are and What You are Sharing

Exploiting P2P Communications to Invade Users’ Privacy

Stevens Le Blond Chao Zhang Arnaud Legout Keith Ross Walid Dabbous

MPI-SWS, Germany NYU-Poly, USA INRIA, France

ABSTRACT

In this paper, we show how to exploit real-time communication

applications to determine the IP address of a targeted

user. We focus our study on Skype, although other realtime

communication applications may have similar privacy

issues. We first design a scheme that calls an identifiedtargeted

user inconspicuously to find his IP address, which

can be done even if he is behind a NAT. By calling the user

periodically, we can then observe the mobility of the user.

We show how to scale the scheme to observe the mobility

patterns of tens of thousands of users. We also consider the

linkability threat, in which the identified user is linked to his

Internet usage. We illustrate this threat by combining Skype

and BitTorrent to show that it is possible to determine the

filesharing usage of identified users. We devise a scheme

based on the identification field of the IP datagrams to verify

with high accuracy whether the identified user is participating

in specific torrents. We conclude that any Internet user

can leverage Skype, and potentially other real-time communication

systems, to observe the mobility and filesharing usage

of tens of millions of identified users.

Download:

http://cis.poly.edu/~ross/papers/skypeIMC2011.pdf