Î¼Proxy – A Hardware Relay Solution for Protecting Geolocation Anonymity of Internet Users
Anonymity and privacy of internet users have attracted considerable attention during the past few years. A pivotal privacy issue is that a user’s geographical location can be pinpointed, if his/her IP address has been detected, giving the attacker a relatively precise real-time location. In most cases, this information is adequate for an attacker, to close in and eventually determine the location of the user via implementation of traditional tracking methods.
Presently available anonymity solutions, including The Onion Routing Project (TOR), proxy servers and Virtual Private Networks (VPNs) aim at mitigating this problem via routing network traffic through a single, or multiple third party relay nodes. This prevents an attacker from determining the real origin or destination of a data packet. This approach is effective in isolating a user from the websites he/she is visiting, yet it does little, when it comes to guarding the user’s geographical location, as the attacker can still detect VPN, or Tor traffic emerging from the user’s network connection. Consequently, a system is needed to sever the association between a user’s IP address and his/her geographical location.
A recently published paper introduced Î¼Proxy, an inexpensive solution that can solve this problem and break the association between a user’s IP address and his/her corresponding geographical location. Î¼ProxyÂ promotes location anonymity of internet users via an arbitrary set interconnected Wifi nodes that relay users’ traffic. The relay extends between the user and the destination network, to which he/she chooses to connect, e.g. a public Wifi network. Network traffic will seem to emerge from the last device along the path of relay nodes. If an attacker attempts to trace back the IP address of the user, he will only be able to determine the IP address of the relay endpoint. Further tracking will require detecting the location of an arbitrary number of relay nodes (these are potentially covert relay nodes), which would yield an exponentially enlarging search radius. Such a search radius is well beyond the capabilities of most adversaries.
System Design of Î¼Proxy:
Î¼ProxyÂ represents a series of Wifi nodes forming a “Wifi relay” with a “daisy chain” topology, as illustrated in the below figure. The relay has a pair of endpoints; a local endpoint to which the user connects, and a remote endpoint that connects to the internet, e.g. via a public Wifi network. Between the two endpoints, a group of relay nodes route the network traffic. In most cases, there will be N relay nodes, rather than the single relay node illustrated in the below figure. Hidden Wifi hotspots are broadcast via individual nodes, along the Wifi relay, realized with ESP modules. These modules are implanted physically along the path that connects between the locations of the two endpoints of the relay. A tunnel is created to seamlessly forward all network traffic between the two endpoints. Each one of these modules will connect to the node of the module ahead of it along the chain of relay nodes, while accepting an incoming connection from the node of the previous module. ESP’s ability to function both as a Wifi client, and as an access point simultaneously marks the basic infrastructure of Î¼ProxyÂ .
The protocol is setup to control a relay network which is comprised of an arbitrary number of Wifi devices, provide interfaces for external endpoints, support necessary cryptography and efficiently transmit data along the relay nodes. The protocol has to be executed within the restrictive embedded system environment of the ESP modules. Consequently, usage of runtime resources, as well as the size of the compiled computer code had to be minimized. The protocol is extremely light weighted; this is necessary so as not to monopolize the 80 MHz processor core of the ESP, which would prevent the Wifi router from functioning normally.
Long relay can be established inexpensively, given the low cost nature of ESP modules. A measured delay per relay node of around 20 ms is adequately low to promote practicality of usage of Î¼ProxyÂ when geolocation anonymity is concerned.