In order to tailor services by geography, content and service providers that operate over the internet may need to know the location of customers. This might be necessary, for example, in order to comply with privacy regulations that vary across jurisdictions, to enforce licencing requirements that limit the availability of some services or content in some regions, or as a fraud prevention strategy. An adversary can undermine several commonly used methods for reading client location, by manipulating the Internet Protocol (IP) address or hiding the IP address for example by using a Virtual Private Network (VPN) or proxy. This article proposes a new method, termed Client Presence Verification (CPV), to test the location asserted by the client.
The underlying idea of CPV is to test the assertion of the client based on the relative position to three known points. CPV uses the location of three signals, called verifiers, which form a triangle in the vicinity of the client’s claimed location. Verifiers are trusted sources, such as dedicated servers for location verification or any signal that is publicly reachable by internet. Each verifier sends messages to the client in question and measures the speed of response to each of the three corners of the triangle. By measuring the delays in responses and forwards, compared with the expected delays for the geographic distance and the traffic in that region, the verifiers can identify false assertions about client location. If, extrapolating from the known location of the three verifiers and the hypothetical sides of the triangle, the client location does not seem to fit within the triangle the provider can further investigate the validity of the location assertion.
CPV was tested using 2447 clients and 34 triangles of different sizes in the US and Canada. Based on 600 iterations of probing messages for each client, conducted over a one-month period, the investigators evaluated the accuracy of their method. In the sample, the probability of a false reject is 2% and of a false accept is 1.1%; out of every 100 clients that are legitimately located within the triangle, two may be falsely judged as adversaries. For every 100 adversaries, one will mistakenly be judged as a legitimate client. Although the multiple sampling technique is useful for reducing the effect of outlier measurements, the accuracy was not significantly improved past 100 iterations. The algorithm has some tolerance for error, in order to account for possible congestion and other things that might increase the delay.
A major advantage of CPV is the independence from information submitted by the client. There are ways of thwarting CPV, such as if an adversary delays the sending of response messages. However, this will only flag the client activity as fraudulent. Because a client cannot reduce the time involved in sending a message, they cannot manipulate the result of the CPV process; if a client is outside the triangle, the combined delays will be too large to match the expected regional delay. Given this, CPV could be used to verify client location with greater reliability than commonly used methods that rely on client information.
Triangulation based on data transfer speed can give a rough estimate on location; perhaps good enough to determine if a user is honestly representing their location or using proxies.