Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

GeoFINDR: Practical Approach to Verify Cloud Instances Geolocation in Multicloud

Said Ider, Maryline Laurent

TL;DR

GeoFINDR tackles the challenge of verifying cloud instance geolocations in multicloud environments under a dishonest CSP. It introduces a three-stage workflow: (i) Greedy selection of dispersed RIPE Atlas audit landmarks, (ii) DDR-based sectorization to identify similar landmarks, and (iii) barycenter-based position estimation to handle non-intersections. The approach demonstrates around 22 km average accuracy across diverse declared positions and remains effective even when landmarks are unevenly distributed, though results degrade without nearby landmarks. The work provides an open-source tool and practical guidance for regulatory and security auditing, offering a step toward greater transparency and trust in cloud geolocation.

Abstract

In multicloud environments, where legal obligations, technical constraints and economic interests are at stake, it is of interest to stakeholders to be able to locate cloud data or the cloud instance where data are decrypted for processing, making it particularly vulnerable. This paper proposes an original and practical delay-based approach, called GeoFINDR, to locate a cloud instance, e.g. a Virtual Machine (VM), over the Internet, based on RIPE Atlas landmarks. First, the assumed threat model and assumptions are more realistic than in existing solutions, e.g. VM-scale localization in multicloud environments, a Cloud Service Provider (CSP) lying about the VM's location. Second, the originality of the approach lies in four original ideas: (1) geolocalization is performed from the VM, (2) a Greedy algorithm selects a first set LM_A of distributed audit landmarks in the vicinity of the declared area, (3) a sectorization algorithm identifies a set LM_S of other landmarks with distance delay behavior similar to that of the VM to estimate the sector of the VM, and (4) the estimated location of the VM is calculated as the barycenter position of the LM_S landmarks. An open source tool is published on GitHub and experiments show that localization accuracy can be as high as 22.1km, under unfavorable conditions where the CSP lies about the location of the VM.

GeoFINDR: Practical Approach to Verify Cloud Instances Geolocation in Multicloud

TL;DR

GeoFINDR tackles the challenge of verifying cloud instance geolocations in multicloud environments under a dishonest CSP. It introduces a three-stage workflow: (i) Greedy selection of dispersed RIPE Atlas audit landmarks, (ii) DDR-based sectorization to identify similar landmarks, and (iii) barycenter-based position estimation to handle non-intersections. The approach demonstrates around 22 km average accuracy across diverse declared positions and remains effective even when landmarks are unevenly distributed, though results degrade without nearby landmarks. The work provides an open-source tool and practical guidance for regulatory and security auditing, offering a step toward greater transparency and trust in cloud geolocation.

Abstract

In multicloud environments, where legal obligations, technical constraints and economic interests are at stake, it is of interest to stakeholders to be able to locate cloud data or the cloud instance where data are decrypted for processing, making it particularly vulnerable. This paper proposes an original and practical delay-based approach, called GeoFINDR, to locate a cloud instance, e.g. a Virtual Machine (VM), over the Internet, based on RIPE Atlas landmarks. First, the assumed threat model and assumptions are more realistic than in existing solutions, e.g. VM-scale localization in multicloud environments, a Cloud Service Provider (CSP) lying about the VM's location. Second, the originality of the approach lies in four original ideas: (1) geolocalization is performed from the VM, (2) a Greedy algorithm selects a first set LM_A of distributed audit landmarks in the vicinity of the declared area, (3) a sectorization algorithm identifies a set LM_S of other landmarks with distance delay behavior similar to that of the VM to estimate the sector of the VM, and (4) the estimated location of the VM is calculated as the barycenter position of the LM_S landmarks. An open source tool is published on GitHub and experiments show that localization accuracy can be as high as 22.1km, under unfavorable conditions where the CSP lies about the location of the VM.

Paper Structure

This paper contains 16 sections, 7 figures, 3 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Related Works on Delay-based Solutions
  3. Our GeoFINDR Approach
  4. Realistic Threat Model and Assumptions
  5. Greedy Audit Landmark Selection Algorithm
  6. DDR-based Sectorization Principle
  7. Estimation of the Position
  8. GeoFINDR Implementation
  9. RIPE Atlas Landmarks
  10. Pseudocode
  11. Python Implementation
  12. Experimentations
  13. Methodology
  14. Impact of Setup Parameters
  15. Impact of Landmark Meshing Configurations
  16. ...and 1 more sections

Figures (7)

  • Figure 1: Example of the Distance-delay Relations Distribution between a Landmark and all available Landmarks under 50ms
  • Figure 2: Example of GeoFINDR Operation to Determine a Set of $LM_S$ using the Distance-Delay Relations between a $LM_A$ and other Landmarks, based on the Measured Delay of 30ms with the VM
  • Figure 3: Illustration of GeoFINDR Operations
  • Figure 4: Average Estimation Accuracy and Average Audit Time as a Function of $Interval\_Percent$ ($tolerance=100$, $zone\_size=200$, $NB\_LM=15$)
  • Figure 5: Average Estimation Accuracy and Average Audit Time as a Function of $Tolerance$ ($zone\_size=200$, $NB\_LM=15$ and $interval\_percent=15$)
  • ...and 2 more figures