Transcript TULIP LOGO Trilateration Utility for Locating IP addresses Presented By

LOGO
TULIP
Trilateration Utility for Locating IP addresses
Presented By
Faran Javed
BIT-5
1
TULIP
Project Committee
1
Advisor: Prof. Dr. Arshad Ali
2
Co-Advisor: Mr. Umar Kalim
3
Member: Mr. Azhar Maqsood
4
Member: Mr. Imran Daud
5
External Advisor: Dr R. Les Cottrell
2
TULIP
Motivation
Dynamic Geolocation solely based on delay
measurements.
Help identify hosts that have proxies
To help determine from where to get a replicated
service
Useful for security to pin-point the location of a
suspicious host
Identify anomalies in the PingER database
3
TULIP
PingER
PingER – Ping end-to-End Reporting
Name given to IEPM project
Used to monitor end-to-end performance of
Internet links
pingER historical graphs
4
TULIP
PingER Architecture
5
TULIP
Aim/Problem Statement
To geolocate a specified target host
(identified by domain name or public IP
address) using only ping RTT delay
measurements to the target from
reference landmark hosts whose positions
are well known.
6
LOGO
7
TULIP
Geo IP
Mainly realize on end users input.
Data acquired from various websites that
offer end users membership.
Further applies various techniques
including triangulation.
Conflicts are resolved manually.
8
TULIP
Literature Review 1/3
CBG – Constraint Based Geolocation [bamba]
 Works only within US
 Uses 90 reference landmarks
 Marks a possible region where the host may be
located
 Currently not available
NetGeo
 Stores location of each AS in a plain text file
 Database based approach. Prone to get outdated
 Needs updating every Saturday
9
TULIP
Literature Review 2/3
Octant
 Efficient within US only
 Similar to CBG
DNS LOC
 Rarely available
 Info provided by the network administrators
themselves
10
TULIP
Literature Review 3/3
Whois
 Gets outdated
 Database needs to be updated regularly
11
TULIP
Proposed Solution
Take
Min RTT
Delay to
Distance
Conversion
Final (Lat , Lon)
Apply
Trilateration
Iterative
Correction
12
LOGO
13
TULIP
Adjusted Alpha values
Methodology
 Plotted a scatter plot between distance in km
& minRTT (ms)
 The data set were the landmarks
 Drew the tightest upper bound on distances
14
TULIP
Adjusting Alpha
15
TULIP
Equation for the line representing the tightest upper bound
Two points on the line are
 i- origin & ii- the point with highest value of ratio
Dist / minRTT
Line is represented by the equation




Y = mx + b
Y intercept is zero hence b = 0
M = y2-y1 / x2-x1; y1 = 0 & x1 = 0 [origin]
M = y2 / x2; y2=Distance(km);x2=minRTT(ms)
Y = m*x ; Distance = m * minRTT
Distance = alpha * minRTT
M = suggested alpha
16
TULIP
17
LOGO
18
TULIP
Iterative correction of the location
minRTT = propagation delay + extra delay
(due to extra circular routes)
∆T measured= ∆t + ∆t0
(Pseudo -distance)
PD = ∆Tmeasured.α
(Actual distance)
D = ∆T.α
PD = (∆T+∆T0).α
PD = D+∆T0. α …. (1)
19
TULIP
Iterative correction
D = actual distance from the landmark.
C = speed of light
a = X(c) i.e. Speed of digital info in fiber optic
cable
X = factor of c with which digital info travels in
fiber optic cable.
∆T = actual propagation delay along the greater
circle router/paths.
∆T0 = the extra delay causing overestimation.
PD = pseudo distance
20
TULIP
Graphically:
21
TULIP
Landmarks
H: host
L1: Landmark 1
L2: landmark 2
L3: landmark 3
D1=√ (XL1-Xh) 2 + (YL1-Yh) 2 ….. (2)
FROM (1) & (2)
PD1=√ (XL1-Xh) 2 + (YL1-Yh) 2 + α.∆t0….. (A)
Similarly for other 2 landmarks:
PD2=√ (XL2-Xh) 2 + (YL2-Yh) 2 + α.∆t0.. (B)
PD3=√ (XL3-Xh) 2 + (YL3-Yh) 2 + α.∆t0..(C)
22
TULIP
Linearize the equation
23
TULIP
Contd …
Considering the simplified first part
F(x) = f(x0) + f`(x0) (x-x0)
Put (x-x0=∆X)
F(x) = f(x0) + f`(x0) ∆X………… (3)
Hence to compute the original value of X an
arbitrary value x0 is required, this is done by
simple Trilateration.
We know that
Hx =Xest+∆X……. (D)
HY =Yest+∆Y…….. (D)
Also
EstDi=√ (Lhi-Xest+ (Hy-Yest) 2 ……….. (4)
24
TULIP
Contd …
25
TULIP
Contd …
26
TULIP
Solution from (4) is put in eq(D) to get new
estimations.
Hx, HY becomes the new estimated
position.
27
LOGO
28
TULIP
System Architecture
29
LOGO
30
LOGO
31
TULIP
For each point calculate alpha
=distance/minRTT
then calculate the median and Interquartile Range of the alphas.
In the following case study we got
46.61=median and IQR=15.31.
For this data median alpha ~ 46.5km/ms
and IQR ~15.6km/ms or IQR/Median~
33% or ~ +-16%.
32
TULIP
Alpha vs Distance
Alpha vs Distance from SLAC
100
0.3301
10
Alpha (km/ms)
y = 3.3609x
2
R = 0.567
1
0.1
1
10
100
Distance from SLAC (km)
1000
10000
33
TULIP
Alpha Vs min RTT
0.2593
y = 14.026x
2
R = 0.1861
Alpha vs. min_RTT from SLAC
100
Alpha (km/ms)
10
1
0.1
0.1
1
10
min_RTT (ms)
100
1000
34
TULIP
Hence if we can calculate error in alpha
we can calculate error in distance
estimation and hence in the location
estimate.
35
LOGO
36
TULIP
Tiering Approach
The purpose of this study is to investigate
the effectiveness of tiering for TULIP
i.e we have a set of primary landmarks
tier0 which will narrow down the target
location to being in a particular region and
then a denser set of secondary tier1
landmarks in the discovered region that
can be used to get more accurate results.
37
TULIP
Benefits
The use of tiering should enable us to
reduce the network traffic (number of
landmarks pinging a target) while retaining
the accuracy of using all landmarks.
38
TULIP
39
TULIP
40
TULIP
41
TULIP
42
TULIP
43
TULIP
Alpha vs Distance (SLAC)
44
TULIP
Alpha vs MinRTT (SLAC)
45
TULIP
46
LOGO
47
TULIP
TULIP Results
18000
16000
14000
12000
Distance GeoIP
10000
Distance TULIP
Distance Host Info
8000
6000
4000
2000
0
uta.edu
www.uma.rnu.tn
kek.jp
kek.jp
credis.ro
bunda.unima.mw
shinbiro.net
kyushu-u.ac.jp
m.root-servers.net
jp.apan.net
hokudai.ac.jp
ru.ac.bd
noc.kr.apan.net
kaist.ac.kr
cache.kr.apan.net
ucr.edu
bham.ac.uk
nic.lk
lanl.gov
waikato.ac.nz
www.eng.bellsouth.ne
cbinet.bi
hawaii.edu
www.utl.co.ug
pgis.lk
direcpc.com
netsgo.com
kreonet.re.kr
kornet.ne.kr
just.edu.jo
mt.net.mk
www.psi.gov.ps
sunysb.edu
uoi.gr
ns1.retina.ar
ece.rice.edu
perl-pbdsl.stanford.edu
gnt4.grid.man.ac.uk
orange.cm
ns.fq.edu.uy
psi.net
bo.cache.nlanr.net
llnl.gov
prime.edu.np
ucla.edu
ucla.edu
82.137.192.62
b.root-servers.net
anl.gov
anl.gov
anl.gov
ucsd.edu
d.root-servers.net
ub.es
aip.org
www.runnet.ru
jlab.org
cisco.com
nyu.edu
indiana.edu
sci.am
indiana.edu
hepi.edu.ge
www.monash.edu.my
cern.ch
www.tsc.ru
leonis.nus.edu.sg
cern.ch
indo.net.id
utdallas.edu
www.irk.ru
rftpexp.rhic.bnl.gov
www.msu.ru
pinger.bnl.org
kazrena.kz
mfa.gov.bn
washington.edu
washington.edu
foundation.bw
www.hr
lahoreschoolofeconomi
slac.stanford.edu
slac.stanford.edu
nic.ni
digex.net
lattice.wa.aarnet.net.a
uchicago.edu
rutgers.edu
ornl.gov
ornl.gov
utexas.edu
umn.edu
cir.red.sv
ns.cybercentro.com.sv
cbpf.br
ufrj.br
snowmass2001.org
triumf.ca
www.vodafone.com.m
vix.com
caida.org
purdue.edu
cmu.edu
ihep.ac.cn
utk.edu
ps.uci.edu
stanford.edu
iepm-bw.cesnet.cz
mps.ohio-state.edu
cau.ac.kr
thrunet.co.kr
kotis.net
ucsc.edu
in2p3.fr
www.cyfronet.krakow
www.ifj.edu.pl
stanford.edu
ohio-state.edu
stsci.edu
msu.ru
130.207.244.56
desy.de
princeton.edu
princeton.edu
princeton.edu
bu.edu
hawaii.edu
www.fulbright.org.cy
www.intercollege.ac.c
arizona.edu
ru.ac.za
ping.if.usp.br
multinet.af
desy.de
bu.edu
uoregon.edu
uoregon.edu
camnet.cm
rhnet.is
mit.edu
aau.edu.et
usb.ve
pdsfgrid4.nersc.gov
lbl.gov
auth.gr
81.199.21.194
cornell.edu
es.net
lbl.gov
www.ecnu.edu.cn
cmsfq.edu.ec
www.region.am
v-www.ihep.ac.cn
brown.edu
wisc.edu
alfred.edu
brandeis.edu
caltech.edu
caltech.edu
finance.gov.mv
wisc.edu
umich.edu
ams.ac.ir
cad.zju.edu.cn
novagest.co.ao
mcbs.edu.om
uaeu.ac.ae
latinalfuheis.edu.jo
www.mssf.mn
hellenic.ac.zw
hanarotel.net
lattice.act.aarnet.net.au
mercury.uvic.ca
na.infn.it
aspu.edu.jo
sara.nl
asu.edu
uiuc.edu
fcien.edu.uy
knu.ac.kr
syr.edu
www.institutokilpatrick
yumit.am
seua.am
www.ust.edu.sd
rol.net.mv
rwandaparliament.gov.
webster.ac.th
globalnet.cm
www.sustech.edu
200.37.46.80
kyoto-u.ac.jp
48
TULIP
Cumulative Distribution
Cumulative Distribution
100%
80%
60%
40%
20%
0%
0
5000
10000
15000
20000
Distance (km)
49
TULIP
Conclusions
TULIP offers coarse grain accuracy and
can confirm location up to city level.
Total of 14 differences ranging from 5,000
to 13,000 were inaccuracies in PingER
database.
Further accuracy can be increase by
increasing location data of landmark and a
much careful landmark selection
50
TULIP
Applicability of TULIP
TULIP is being used as the location
estimation service for Phantom OS to
assist in making VO’s autonomously
Being Used by SLAC to detect Anomalies
in PingER database
51
TULIP
Problem Statement by Phantom OS
 PhantomOS resource discovery scheme is based on a two-tier based super
peer based architecture. The lowest tier is a machine level granularity subgrid, which consists of machines that have good network connectivity
between them, analogous to a traditional cluster. Each sub-grid is
represented by a super-peer, which is the most available machine within the
vicinity of the sub-grid. At the top-most tier the granularity is in terms of subgrids, and these are grouped into regions depending on geographical
proximity of the super peers. The regions are represented by a region peer.
A virtual organization (VO) in this system can be at any level: it can consist
of individual machines or be an aggregation of entire sub grids or of entire
regions. Interactive applications will be handled at a machine-level VO,
whereas large-scale grid applications will require aggregations of entire sub
grids.
 With TULIP in PhantomOS, super peers will also provide the landmarks.
New nodes will locate the nearest landmark and map to a subgrid which is
spatially closest to them. Similarly Regions will be created by associating
Subgrids to spatially close neighbouring subgrids. This information will also
be provided by TULIP.
52
LOGO
53
TULIP
Challenges
Increase accuracy in regions with poor network
infrastructure
Satellite links
Circular routes
Best Landmark Selection
Security Considerations
54
TULIP
Achievement
Stood First in All Asia
Software Competition,
Softec, Held at Fast
Lahore.
55
TULIP
Acknowledgment by
SLAC daily newsletter
56
TULIP
Winner at NIIT Open House
57
LOGO
58
TULIP
Future Directions
Centralized Reflector
Complete Feasibility Analysis for Tiering
approach
Detailed visualization tools.
Study on most suitable number of ping
packets
59
TULIP
References
 [1] Constraint-Based Geolocation of Internet Hosts Bamba Gueye, Artur Ziviani, Mark
Crovella and Serge Fdida,
 [2] Scale-free behavior of the Internet global performance R. Percacci1 and A.
Vespignani2, Published online 7 May 2003 – c EDP Sciences, Societ`a Italiana di
Fisica, Springer-Verlag 2003
 [3] Geometric Exploration of the Landmark Selection Problem Liying Tang and Mark
Crovella Department of Computer Science, Boston University, Boston, MA 02215
flitang,[email protected]
 [4] An Empirical Evaluation of Landmark Placement on Internet Coordinate Schemes
Sridhar Srinivasan Ellen Zegura Networking and Telecommunications Group College
of Computing Georgia Institute of Technology Atlanta, GA 30332, USA Email:
{sridhar,ewz}@cc.gatech.edu
 [5] A Network Positioning System for the Internet, T. S. Eugene Ng, Rice University,
Hui Zhang, Carnegie Mellon University.
 [6] Towards IP Geolocation Using Delay and Topology Measurements Ethan KatzBassett John P. John Arvind Krishnamurthy David Wetherall† Thomas Anderson Yatin
Chawathe‡
60
TULIP
Demo
Demo of current progress available at
http://www.slac.stanford.edu/comp/net/wanmon/tulip
Or
http://maggie.niit.edu.pk/newwebsite/tulip
Progress details also available at the
Maggie wiki
http://maggie2.niit.edu.pk/wiki
61
LOGO
62
LOGO
63
TULIP
Previous value of alpha
Speed of digital information in fiber optic
cable = 2/3 * c
Since we have two side delay
Alpha = 2/3 * c/2
Put c = 3 * 108 m/s
We get alpha = 100 km/ms
64
TULIP
Haversine Formula
 The haversine formula is an equation important in navigation,
giving great-circle distances between two points on a sphere from
their longitudes and latitudes.
 For two points on a sphere (of radius R) with latitudes φ1 and φ2,
latitude separation Δφ = φ1 − φ2, and longitude separation Δλ,
where angles are in radians, the distance d between the two points
(along a great circle of the sphere; see spherical distance) is related
to their locations by the formula:
65