The following story was first published in the March/16 Carleton Now. It was written by Kate Hawkins.

Carleton researchers are working on software to stop location fraud by cracking down on proxy servers and other masking technology — a development that would be a boon to big content companies like Netflix.

AbdelRahman Abdou is a postdoctorate at Carleton’s Computer Security Lab. He and his fellow researchers, Ashraf Matrawy and Paul Van Oorschot, have been making big progress on their research on location verification technology.

Head shot of AbdelRahman Abdou

AbdelRahman Abdou. Photo Credit: Justin Tang

Beyond Netflix, their research could help deter credit card fraud and even mislead online gamblers, who use proxy servers to manipulate the system by pretending to be in a region with different gambling laws.

Technology reporter Martyn Williams says proxy servers are intermediary servers that provide anonymity, allowing some users to mislead Internet service providers about their actual location. For many, this is a way to gain access to video that isn’t available in their region.

“The problem that Netflix and other companies have is that with a lot of the video they’re showing, they don’t have the rights to show it in a particular country or region. And what people are doing is using proxy servers to try to get around that. So say Netflix did have an ability to absolutely determine where someone is, in theory they could effectively cut people off,” he says.

According to Williams, masking software is most commonly used to access videos because movie and television rights are still sold on a country-by-country basis.

Abdou’s approach to solving this and other location verification problems relies on network measurements, which are calculated by figuring out the amount of time it takes your computer to send a signal to a server and back.

Some critics have argued that slow network times can affect whether or not your connection is believed to be authentic or not, but Abdou says this is a problem they addressed in their work.

“One of the things we did was, instead of relying on round-trip time delays, we relied on one-way delays, or end-to-end measurements. That’s the delay from your computer to the measuring server, or the other way around,” he says.

“That way if there was any network congestion or other factors that would spike the delays in one direction but not the other, or if for any reason one of the links had higher delays, then the faster link is better representative of the distance as it is less affected by those factors. We had to devise techniques that could measure one-way delays without requiring a substantial amount of client co-operation.”

Most location verification is currently done by checking the location of a user’s Internet protocol address, or IP address, but this can be easily bypassed with masking software.

When Abdou and his co-authors began their research on location verification it was an uphill battle.

“At the beginning it was tough approaching the problem. It’s an old problem that was usually seen as a dead research point because you can never achieve 100 per cent secure geolocation. There’s nothing that’s 100 per cent secure in any system… but I guess we managed to raise the bar at the end,” he says.

Abdou and his fellow researchers don’t have any plans to patent the process because they like doing open research that is available for public use. He does, however, want people to know that he isn’t trying to make Netflix less accessible.

“People think we’re working hard to block them from Netflix, but that’s not what it’s about. We are interested in reducing fraud by verifying the locations of credit card transactions online, enhancing web authentication by making it location-aware, and by other security applications.”