LOGO TULIP Trilateration Utility for Locating IP addresses

LOGO TULIP Trilateration Utility for Locating IP addresses Presented By Faran Javed BIT-5 1

TULIP Project Committee 1 Advisor: Prof. Dr. Arshad Ali 2 Co-Advisor: Mr. Umar Kalim 3 Member: Mr. Azhar Maqsood 4 Member: Mr. Imran Daud 5 External Advisor: Dr R. Les Cottrell 2

TULIP Motivation v Dynamic Geolocation solely based on delay measurements. v Help identify hosts that have proxies v To help determine from where to get a replicated service v Useful for security to pin-point the location of a suspicious host v Identify anomalies in the Ping. ER database 3

TULIP Ping. ER v Ping. ER – Ping end-to-End Reporting v Name given to IEPM project v Used to monitor end-to-end performance of Internet links ping. ER historical graphs 4

TULIP Ping. ER Architecture 5

TULIP Aim/Problem Statement v. To geolocate a specified target host (identified by domain name or public IP address) using only ping RTT delay measurements to the target from reference landmark hosts whose positions are well known. 6

LOGO 7

TULIP Geo IP v. Mainly realize on end users input. v. Data acquired from various websites that offer end users membership. v. Further applies various techniques including triangulation. v. Conflicts are resolved manually. 8

TULIP Literature Review 1/3 v CBG – Constraint Based Geolocation [bamba] § Works only within US § Uses 90 reference landmarks § Marks a possible region where the host may be located § Currently not available v Net. Geo § Stores location of each AS in a plain text file § Databased approach. Prone to get outdated § Needs updating every Saturday 9

TULIP Literature Review 2/3 v. Octant § Efficient within US only § Similar to CBG v. DNS LOC § Rarely available § Info provided by the network administrators themselves 10

TULIP Literature Review 3/3 v. Whois § Gets outdated § Database needs to be updated regularly 11

TULIP Proposed Solution Take Min RTT Delay to Distance Conversion Final (Lat , Lon) Apply Trilateration Iterative Correction 12

LOGO 13

TULIP Adjusted Alpha values v. Methodology § Plotted a scatter plot between distance in km & min. RTT (ms) § The data set were the landmarks § Drew the tightest upper bound on distances 14

TULIP Adjusting Alpha 15

TULIP Equation for the line representing the tightest upper bound v Two points on the line are § i- origin & ii- the point with highest value of ratio Dist / min. RTT v Line is represented by the equation § § Y = mx + b Y intercept is zero hence b = 0 M = y 2 -y 1 / x 2 -x 1; y 1 = 0 & x 1 = 0 [origin] M = y 2 / x 2; y 2=Distance(km); x 2=min. RTT(ms) v Y = m*x ; Distance = m * min. RTT v Distance = alpha * min. RTT v M = suggested alpha 16

TULIP 17

LOGO 18

TULIP Iterative correction of the location vmin. RTT = propagation delay + extra delay (due to extra circular routes) v∆T measured= ∆t + ∆t 0 v(Pseudo -distance) v. PD = ∆Tmeasured. α v(Actual distance) v. D = ∆T. α v. PD = (∆T+∆T 0). α v. PD = D+∆T 0. α …. (1) 19

TULIP Iterative correction v D = actual distance from the landmark. v C = speed of light v a = X(c) i. e. Speed of digital info in fiber optic cable v X = factor of c with which digital info travels in fiber optic cable. v ∆T = actual propagation delay along the greater circle router/paths. v ∆T 0 = the extra delay causing overestimation. v PD = pseudo distance 20

TULIP Graphically: 21

TULIP Landmarks v H: host v L 1: Landmark 1 v L 2: landmark 2 v L 3: landmark 3 v D 1=√ (XL 1 -Xh) 2 + (YL 1 -Yh) 2 …. . (2) v FROM (1) & (2) v PD 1=√ (XL 1 -Xh) 2 + (YL 1 -Yh) 2 + α. ∆t 0…. . (A) v Similarly for other 2 landmarks: v PD 2=√ (XL 2 -Xh) 2 + (YL 2 -Yh) 2 + α. ∆t 0. . (B) v PD 3=√ (XL 3 -Xh) 2 + (YL 3 -Yh) 2 + α. ∆t 0. . (C) 22

TULIP Linearize the equation 23

TULIP Contd … v Considering the simplified first part v F(x) = f(x 0) + f`(x 0) (x-x 0) v Put (x-x 0=∆X) v F(x) = f(x 0) + f`(x 0) ∆X………… (3) v Hence to compute the original value of X an arbitrary value x 0 is required, this is done by simple Trilateration. v We know that v Hx =Xest+∆X……. (D) v HY =Yest+∆Y……. . (D) v Also v Est. Di=√ (Lhi-Xest+ (Hy-Yest) 2 ………. . (4) 24

TULIP Contd … 25

TULIP Contd … 26

TULIP v. Solution from (4) is put in eq(D) to get new estimations. v. Hx, HY becomes the new estimated position. 27

LOGO 28

TULIP System Architecture 29

LOGO 30

LOGO 31

TULIP v. For each point calculate alpha =distance/min. RTT vthen calculate the median and Interquartile Range of the alphas. v. In the following case study we got 46. 61=median and IQR=15. 31. v. For this data median alpha ~ 46. 5 km/ms and IQR ~15. 6 km/ms or IQR/Median~ 33% or ~ +-16%. 32

TULIP Alpha vs Distance 33

TULIP Alpha Vs min RTT 34

TULIP v. Hence if we can calculate error in alpha we can calculate error in distance estimation and hence in the location estimate. 35

LOGO 36

TULIP Tiering Approach v. The purpose of this study is to investigate the effectiveness of tiering for TULIP vi. e we have a set of primary landmarks tier 0 which will narrow down the target location to being in a particular region and then a denser set of secondary tier 1 landmarks in the discovered region that can be used to get more accurate results. 37

TULIP Benefits v. The use of tiering should enable us to reduce the network traffic (number of landmarks pinging a target) while retaining the accuracy of using all landmarks. 38

TULIP 39

TULIP 40

TULIP 41

TULIP 42

TULIP 43

TULIP Alpha vs Distance (SLAC) 44

TULIP Alpha vs Min. RTT (SLAC) 45

TULIP 46

LOGO 47

TULIP Results 48

TULIP Cumulative Distribution 49

TULIP Conclusions v. TULIP offers coarse grain accuracy and can confirm location up to city level. v. Total of 14 differences ranging from 5, 000 to 13, 000 were inaccuracies in Ping. ER database. v. Further accuracy can be increase by increasing location data of landmark and a much careful landmark selection 50

TULIP Applicability of TULIP v. TULIP is being used as the location estimation service for Phantom OS to assist in making VO’s autonomously v. Being Used by SLAC to detect Anomalies in Ping. ER database 51

TULIP Problem Statement by Phantom OS v Phantom. OS resource discovery scheme is based on a two-tier based super peer based architecture. The lowest tier is a machine level granularity subgrid, which consists of machines that have good network connectivity between them, analogous to a traditional cluster. Each sub-grid is represented by a super-peer, which is the most available machine within the vicinity of the sub-grid. At the top-most tier the granularity is in terms of subgrids, and these are grouped into regions depending on geographical proximity of the super peers. The regions are represented by a region peer. A virtual organization (VO) in this system can be at any level: it can consist of individual machines or be an aggregation of entire sub grids or of entire regions. Interactive applications will be handled at a machine-level VO, whereas large-scale grid applications will require aggregations of entire sub grids. v With TULIP in Phantom. OS, super peers will also provide the landmarks. New nodes will locate the nearest landmark and map to a subgrid which is spatially closest to them. Similarly Regions will be created by associating Subgrids to spatially close neighbouring subgrids. This information will also be provided by TULIP. 52

LOGO 53

TULIP Challenges v Increase accuracy in regions with poor network infrastructure v Satellite links v Circular routes v Best Landmark Selection v Security Considerations 54

TULIP Achievement v Stood First in All Asia Software Competition, Softec, Held at Fast Lahore. 55

TULIP v Acknowledgment by SLAC daily newsletter 56

TULIP Winner at NIIT Open House 57

LOGO 58

TULIP Future Directions v. Centralized Reflector v. Complete Feasibility Analysis for Tiering approach v. Detailed visualization tools. v. Study on most suitable number of ping packets 59

TULIP References v [1] Constraint-Based Geolocation of Internet Hosts Bamba Gueye, Artur Ziviani, Mark Crovella and Serge Fdida, v [2] Scale-free behavior of the Internet global performance R. Percacci 1 and A. Vespignani 2, Published online 7 May 2003 – c EDP Sciences, Societ`a Italiana di Fisica, Springer-Verlag 2003 v [3] Geometric Exploration of the Landmark Selection Problem Liying Tang and Mark Crovella Department of Computer Science, Boston University, Boston, MA 02215 flitang, crovellag@cs. bu. edu v [4] An Empirical Evaluation of Landmark Placement on Internet Coordinate Schemes Sridhar Srinivasan Ellen Zegura Networking and Telecommunications Group College of Computing Georgia Institute of Technology Atlanta, GA 30332, USA Email: {sridhar, ewz}@cc. gatech. edu v [5] A Network Positioning System for the Internet, T. S. Eugene Ng, Rice University, Hui Zhang, Carnegie Mellon University. v [6] Towards IP Geolocation Using Delay and Topology Measurements Ethan Katz. Bassett John P. John Arvind Krishnamurthy David Wetherall† Thomas Anderson Yatin Chawathe‡ 60

TULIP Demo v. Demo of current progress available at http: //www. slac. stanford. edu/comp/net/wanmon/tulip Or http: //maggie. niit. edu. pk/newwebsite/tulip v. Progress details also available at the Maggie wiki vhttp: //maggie 2. niit. edu. pk/wiki 61

LOGO 62

LOGO 63

TULIP Previous value of alpha v. Speed of digital information in fiber optic cable = 2/3 * c v. Since we have two side delay v. Alpha = 2/3 * c/2 v. Put c = 3 * 108 m/s v. We get alpha = 100 km/ms 64

TULIP Haversine Formula v The haversine formula is an equation important in navigation, giving great-circle distances between two points on a sphere from their longitudes and latitudes. v For two points on a sphere (of radius R) with latitudes φ1 and φ2, latitude separation Δφ = φ1 − φ2, and longitude separation Δλ, where angles are in radians, the distance d between the two points (along a great circle of the sphere; see spherical distance) is related to their locations by the formula: 65