This thesis addresses the problem of verifying the geographic locations of Internet clients. First, we demonstrate how current state-of-the-art delay-based geolocation techniques are susceptible to evasion through delay manipulations. We found that delay-based techniques generally lack appropriate mechanisms to measure delays in an integrity-preserving manner. Upon analyzing the effect of several adversarial evasion strategies on three representative delay-based geolocation techniques, we found that these strategies combined with the ability of full delay manipulation can allow an adversary to (fraudulently) control the location returned by those geolocation techniques accurately.
Client Presence Verification (CPV) is then proposed as a delay-based technique to verify an assertion about a client's physical presence in a prescribed geographic region. Three verifiers geographically encapsulating a client's asserted location are used to corroborate that assertion by measuring delays between themselves and the client. CPV infers geographic distances from these delays and thus, using the smaller of the forward and reverse one-way delay between each verifier and the client is expected to result in a more accurate distance inference than conventional round-trip times. Accordingly, we devise a novel protocol for accurately estimating one-way delays between the client and the verifiers for CPV to use, taking into account that the client could manipulate the measurements to defeat the verification process.
CPV is evaluated through real-world experiments with legitimate clients (those truly present at where they asserted to be) modeled to use both wired and wireless access networks. Wired evaluation is done using the PlanetLab testbed, during which we examine various factors affecting CPV's efficacy. For wireless evaluation, we leverage the Internet delay information collected for wired clients from PlanetLab, and model additional delays representing the last-mile wireless link using delay distribution models studied in the literature.
Finally, we reinforce CPV against a (hypothetical) middlebox that an adversary specifically customizes to defeat CPV (i.e., assuming an adversary that is aware of how CPV operates). We propose to use a Proof-of-Work mechanism that allows CPV to impose constraints which effectively limit the number of clients (now adversaries) simultaneously colluding with that middlebox; beyond that number, CPV detects the middlebox.