logo 1 tulip trilateration utility for locating ip addresses presented by faran javed bit-5
TRANSCRIPT
1
LOGO TULIPTrilateration Utility for Locating IP addresses
Presented By
Faran JavedBIT-5
2
TULIP
Project Committee
Advisor: Prof. Dr. Arshad Ali1
Co-Advisor: Mr. Umar Kalim2
Member: Mr. Azhar Maqsood3
Member: Mr. Imran Daud4
External Advisor: Dr R. Les Cottrell5
3
TULIP
MotivationDynamic Geolocation solely based on delay
measurements.
Help identify hosts that have proxies
To help determine from where to get a replicated service
Useful for security to pin-point the location of a suspicious host
Identify anomalies in the PingER database
4
TULIP
PingER
PingER – Ping end-to-End ReportingName given to IEPM projectUsed to monitor end-to-end performance of
Internet links
pingER historical graphs
5
TULIP
PingER Architecture
6
TULIP
Aim/Problem Statement
To geolocate a specified target host (identified by domain name or public IP address) using only ping RTT delay measurements to the target from reference landmark hosts whose positions are well known.
7
LOGO
8
TULIP
Geo IP
Mainly realize on end users input.
Data acquired from various websites that offer end users membership.
Further applies various techniques including triangulation.
Conflicts are resolved manually.
9
TULIP
Literature Review 1/3
CBG – Constraint Based Geolocation [bamba] Works only within US Uses 90 reference landmarks Marks a possible region where the host may be
located Currently not available
NetGeo Stores location of each AS in a plain text file Database based approach. Prone to get outdated Needs updating every Saturday
10
TULIP
Literature Review 2/3
Octant Efficient within US only Similar to CBG
DNS LOC Rarely available Info provided by the network administrators
themselves
11
TULIP
Literature Review 3/3
Whois Gets outdated Database needs to be updated regularly
12
TULIP
Proposed Solution
Final (Lat , Lon)Final (Lat , Lon)Iterative
Correction
Apply Trilateration
Delay to Distance
Conversion
Take Min RTT
13
LOGO
14
TULIP
Adjusted Alpha values
Methodology Plotted a scatter plot between distance in km
& minRTT (ms)
The data set were the landmarks
Drew the tightest upper bound on distances
15
TULIP
Adjusting Alpha
16
TULIP
Equation for the line representing the tightest upper bound
Two points on the line are i- origin & ii- the point with highest value of ratio Dist / minRTT
Line is represented by the equation Y = mx + b Y intercept is zero hence b = 0 M = y2-y1 / x2-x1; y1 = 0 & x1 = 0 [origin] M = y2 / x2; y2=Distance(km);x2=minRTT(ms)
Y = m*x ; Distance = m * minRTTDistance = alpha * minRTTM = suggested alpha
17
TULIP
18
LOGO
19
TULIP
Iterative correction of the location
minRTT = propagation delay + extra delay (due to extra circular routes)
∆T measured= ∆t + ∆t0(Pseudo -distance)PD = ∆Tmeasured.α(Actual distance)D = ∆T.αPD = (∆T+∆T0).αPD = D+∆T0. α …. (1)
20
TULIP
Iterative correction
D = actual distance from the landmark.C = speed of lighta = X(c) i.e. Speed of digital info in fiber optic
cableX = factor of c with which digital info travels in
fiber optic cable.∆T = actual propagation delay along the greater
circle router/paths.∆T0 = the extra delay causing overestimation.PD = pseudo distance
21
TULIP
Graphically:
22
TULIP
Landmarks
H: hostL1: Landmark 1L2: landmark 2L3: landmark 3D1=√ (XL1-Xh) 2 + (YL1-Yh) 2 ….. (2)FROM (1) & (2)PD1=√ (XL1-Xh) 2 + (YL1-Yh) 2 + α.∆t0….. (A)Similarly for other 2 landmarks:PD2=√ (XL2-Xh) 2 + (YL2-Yh) 2 + α.∆t0.. (B)PD3=√ (XL3-Xh) 2 + (YL3-Yh) 2 + α.∆t0..(C)
23
TULIP
Linearize the equation
24
TULIP
Contd …Considering the simplified first partF(x) = f(x0) + f`(x0) (x-x0)Put (x-x0=∆X)F(x) = f(x0) + f`(x0) ∆X………… (3)Hence to compute the original value of X an
arbitrary value x0 is required, this is done by simple Trilateration.
We know that Hx =Xest+∆X……. (D)HY =Yest+∆Y…….. (D)AlsoEstDi=√ (Lhi-Xest+ (Hy-Yest) 2 ……….. (4)
25
TULIP
Contd …
26
TULIP
Contd …
27
TULIP
Solution from (4) is put in eq(D) to get new estimations.
Hx, HY becomes the new estimated position.
28
LOGO
29
TULIP
System Architecture
30
LOGO
31
LOGO
32
TULIP
For each point calculate alpha =distance/minRTT
then calculate the median and Inter-quartile Range of the alphas.
In the following case study we got 46.61=median and IQR=15.31.
For this data median alpha ~ 46.5km/ms and IQR ~15.6km/ms or IQR/Median~ 33% or ~ +-16%.
33
TULIP
Alpha vs Distance
Alpha vs Distance from SLAC
y = 3.3609x0.3301
R2 = 0.567
0.1
1
10
100
1 10 100 1000 10000
Distance from SLAC (km)
Alp
ha (k
m/m
s)
34
TULIP
Alpha Vs min RTT
Alpha vs. min_RTT from SLAC y = 14.026x0.2593
R2 = 0.1861
0.1
1
10
100
0.1 1 10 100 1000
min_RTT (ms)
Alp
ha (k
m/m
s)
35
TULIP
Hence if we can calculate error in alpha we can calculate error in distance estimation and hence in the location estimate.
36
LOGO
37
TULIP
Tiering Approach
The purpose of this study is to investigate the effectiveness of tiering for TULIP
i.e we have a set of primary landmarks tier0 which will narrow down the target location to being in a particular region and then a denser set of secondary tier1 landmarks in the discovered region that can be used to get more accurate results.
38
TULIP
Benefits
The use of tiering should enable us to reduce the network traffic (number of landmarks pinging a target) while retaining the accuracy of using all landmarks.
39
TULIP
40
TULIP
41
TULIP
42
TULIP
43
TULIP
44
TULIP
Alpha vs Distance (SLAC)
45
TULIP
Alpha vs MinRTT (SLAC)
46
TULIP
47
LOGO
48
TULIP
TULIP Results
0
2000
4000
6000
8000
10000
12000
14000
16000
18000
kyoto-u.ac.jp200.37.46.80w
ww
.sustech.eduglobalnet.cmw
ebster.ac.thrw
andaparliament.gov.
rol.net.mv
ww
w.ust.edu.sd
seua.amyum
it.amw
ww
.institutokilpatricksyr.eduknu.ac.krfcien.edu.uyuiuc.eduasu.edusara.nlaspu.edu.jona.infn.itm
ercury.uvic.calattice.act.aarnet.net.auhanarotel.nethellenic.ac.zww
ww
.mssf.m
nlatinalfuheis.edu.jouaeu.ac.aem
cbs.edu.omnovagest.co.aocad.zju.edu.cnam
s.ac.irum
ich.eduw
isc.edufinance.gov.m
vcaltech.educaltech.edubrandeis.edualfred.eduw
isc.edubrow
n.eduv-w
ww
.ihep.ac.cnw
ww
.region.amcm
sfq.edu.ecw
ww
.ecnu.edu.cnlbl.goves.netcornell.edu81.199.21.194auth.grlbl.govpdsfgrid4.nersc.govusb.veaau.edu.etm
it.edurhnet.iscam
net.cmuoregon.eduuoregon.edubu.edudesy.dem
ultinet.afping.if.usp.brru.ac.zaarizona.eduw
ww
.intercollege.ac.cw
ww
.fulbright.org.cyhaw
aii.edubu.eduprinceton.eduprinceton.eduprinceton.edudesy.de130.207.244.56m
su.rustsci.eduohio-state.edustanford.eduw
ww
.ifj.edu.plw
ww
.cyfronet.krakowin2p3.frucsc.edukotis.netthrunet.co.krcau.ac.krm
ps.ohio-state.eduiepm
-bw.cesnet.cz
stanford.edups.uci.eduutk.eduihep.ac.cncm
u.edupurdue.educaida.orgvix.comw
ww
.vodafone.com.m
triumf.ca
snowm
ass2001.orgufrj.brcbpf.brns.cybercentro.com
.svcir.red.svum
n.eduutexas.eduornl.govornl.govrutgers.eduuchicago.edulattice.w
a.aarnet.net.adigex.netnic.nislac.stanford.eduslac.stanford.edulahoreschoolofeconom
iw
ww
.hrfoundation.bww
ashington.eduw
ashington.edum
fa.gov.bnkazrena.kzpinger.bnl.orgw
ww
.msu.ru
rftpexp.rhic.bnl.govw
ww
.irk.ruutdallas.eduindo.net.idcern.chleonis.nus.edu.sgw
ww
.tsc.rucern.chw
ww
.monash.edu.m
yhepi.edu.geindiana.edusci.amindiana.edunyu.educisco.comjlab.orgw
ww
.runnet.ruaip.orgub.esd.root-servers.netucsd.eduanl.govanl.govanl.govb.root-servers.net82.137.192.62ucla.eduucla.eduprim
e.edu.npllnl.govbo.cache.nlanr.netpsi.netns.fq.edu.uyorange.cmgnt4.grid.m
an.ac.ukperl-pbdsl.stanford.eduece.rice.eduns1.retina.aruoi.grsunysb.eduw
ww
.psi.gov.psm
t.net.mk
just.edu.jokornet.ne.krkreonet.re.krnetsgo.comdirecpc.compgis.lkw
ww
.utl.co.ughaw
aii.educbinet.biw
ww
.eng.bellsouth.new
aikato.ac.nzlanl.govnic.lkbham
.ac.ukucr.educache.kr.apan.netkaist.ac.krnoc.kr.apan.netru.ac.bdhokudai.ac.jpjp.apan.netm
.root-servers.netkyushu-u.ac.jpshinbiro.netbunda.unim
a.mw
credis.rokek.jpkek.jpw
ww
.uma.rnu.tn
uta.edu
Distance GeoIP
Distance TULIP
Distance Host Info
49
TULIP
Cumulative Distribution
0%
20%
40%
60%
80%
100%
0 5000 10000 15000 20000
Distance (km)
Cum
ulat
ive
Dis
trib
utio
n
50
TULIP
Conclusions
TULIP offers coarse grain accuracy and can confirm location up to city level.
Total of 14 differences ranging from 5,000 to 13,000 were inaccuracies in PingER database.
Further accuracy can be increase by increasing location data of landmark and a much careful landmark selection
51
TULIP
Applicability of TULIP
TULIP is being used as the location estimation service for Phantom OS to assist in making VO’s autonomously
Being Used by SLAC to detect Anomalies in PingER database
52
TULIP
Problem Statement by Phantom OS PhantomOS resource discovery scheme is based on a two-tier based super
peer based architecture. The lowest tier is a machine level granularity sub-grid, which consists of machines that have good network connectivity between them, analogous to a traditional cluster. Each sub-grid is represented by a super-peer, which is the most available machine within the vicinity of the sub-grid. At the top-most tier the granularity is in terms of sub-grids, and these are grouped into regions depending on geographical proximity of the super peers. The regions are represented by a region peer. A virtual organization (VO) in this system can be at any level: it can consist of individual machines or be an aggregation of entire sub grids or of entire regions. Interactive applications will be handled at a machine-level VO, whereas large-scale grid applications will require aggregations of entire sub grids.
With TULIP in PhantomOS, super peers will also provide the landmarks. New nodes will locate the nearest landmark and map to a subgrid which is spatially closest to them. Similarly Regions will be created by associating Subgrids to spatially close neighbouring subgrids. This information will also be provided by TULIP.
53
LOGO
54
TULIP
Challenges
Increase accuracy in regions with poor network infrastructure
Satellite links
Circular routes
Best Landmark Selection
Security Considerations
55
TULIP
Achievement
Stood First in All Asia Software Competition, Softec, Held at Fast Lahore.
56
TULIP
Acknowledgment by SLAC daily newsletter
57
TULIP
Winner at NIIT Open House
58
LOGO
59
TULIP
Future Directions
Centralized Reflector
Complete Feasibility Analysis for Tiering approach
Detailed visualization tools.
Study on most suitable number of ping packets
60
TULIP
References [1] Constraint-Based Geolocation of Internet Hosts Bamba Gueye, Artur Ziviani, Mark
Crovella and Serge Fdida,
[2] Scale-free behavior of the Internet global performance R. Percacci1 and A. Vespignani2, Published online 7 May 2003 – c EDP Sciences, Societ`a Italiana di Fisica, Springer-Verlag 2003
[3] Geometric Exploration of the Landmark Selection Problem Liying Tang and Mark Crovella Department of Computer Science, Boston University, Boston, MA 02215 flitang,[email protected]
[4] An Empirical Evaluation of Landmark Placement on Internet Coordinate Schemes Sridhar Srinivasan Ellen Zegura Networking and Telecommunications Group College of Computing Georgia Institute of Technology Atlanta, GA 30332, USA Email: {sridhar,ewz}@cc.gatech.edu
[5] A Network Positioning System for the Internet, T. S. Eugene Ng, Rice University, Hui Zhang, Carnegie Mellon University.
[6] Towards IP Geolocation Using Delay and Topology Measurements Ethan Katz-Bassett John P. John Arvind Krishnamurthy David Wetherall† Thomas Anderson Yatin Chawathe‡
61
TULIP
Demo
Demo of current progress available at
http://www.slac.stanford.edu/comp/net/wan-mon/tulip
Or
http://maggie.niit.edu.pk/newwebsite/tulip
Progress details also available at the Maggie wiki
http://maggie2.niit.edu.pk/wiki
62
LOGO
63
LOGO
64
TULIP
Previous value of alpha
Speed of digital information in fiber optic cable = 2/3 * c
Since we have two side delay Alpha = 2/3 * c/2Put c = 3 * 108
m/s
We get alpha = 100 km/ms
65
TULIP
Haversine Formula The haversine formula is an equation important in navigation,
giving great-circle distances between two points on a sphere from their longitudes and latitudes.
For two points on a sphere (of radius R) with latitudes φ1 and φ2, latitude separation Δφ = φ1 − φ2, and longitude separation Δλ, where angles are in radians, the distance d between the two points (along a great circle of the sphere; see spherical distance) is related to their locations by the formula: