GeoFINDR: Practical Approach to Verify Cloud Instances Geolocation in Multicloud

In multicloud environments, where legal obligations, technical constraints and economic interests are at stake, it is of interest to stakeholders to be able to locate cloud data or the cloud instance where data are decrypted for processing, making it particularly vulnerable. This paper proposes an original and practical delay-based approach, called GeoFINDR, to locate a cloud instance, e.g. a Virtual Machine (VM), over the Internet, based on RIPE Atlas landmarks. First, the assumed threat model and assumptions are more realistic than in existing solutions, e.g. VM-scale localization in multicloud environments, a Cloud Service Provider (CSP) lying about the VM's location. Second, the originality of the approach lies in four original ideas: (1) geolocalization is performed from the VM, (2) a Greedy algorithm selects a first set LM_A of distributed audit landmarks in the vicinity of the declared area, (3) a sectorization algorithm identifies a set LM_S of other landmarks with distance delay behavior similar to that of the VM to estimate the sector of the VM, and (4) the estimated location of the VM is calculated as the barycenter position of the LM_S landmarks. An open source tool is published on GitHub and experiments show that localization accuracy can be as high as 22.1km, under unfavorable conditions where the CSP lies about the location of the VM.