{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,7]],"date-time":"2025-11-07T13:28:32Z","timestamp":1762522112508,"version":"3.41.0"},"reference-count":56,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2017,12,6]],"date-time":"2017-12-06T00:00:00Z","timestamp":1512518400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2018,2,28]]},"abstract":"<jats:p>We introduce the first known mechanism providing realtime server location verification. Its uses include enhancing server authentication by enabling browsers to automatically interpret server location information. We describe the design of this new measurement-based technique, Server Location Verification (SLV), and evaluate it using PlanetLab. We explain how SLV is compatible with the increasing trends of geographically distributed content dissemination over the Internet, without causing any new interoperability conflicts. Additionally, we introduce the notion of (verifiable)<jats:italic>server location pinning<\/jats:italic>(conceptually similar to certificate pinning) to support SLV, and evaluate their combined impact using a server-authentication evaluation framework. The results affirm the addition of new security benefits to the existing TLS-based authentication mechanisms. We implement SLV through a location verification service, the simplest version of which requires no server-side changes. We also implement a simple browser extension that interacts seamlessly with the verification infrastructure to obtain realtime server location-verification results.<\/jats:p>","DOI":"10.1145\/3139294","type":"journal-article","created":{"date-parts":[[2017,12,6]],"date-time":"2017-12-06T21:23:15Z","timestamp":1512595395000},"page":"1-26","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["Server Location Verification (SLV) and Server Location Pinning"],"prefix":"10.1145","volume":"21","author":[{"given":"Abdelrahman","family":"Abdou","sequence":"first","affiliation":[{"name":"Carleton University, Ottawa, Canada"}]},{"given":"P. C. Van","family":"Oorschot","sequence":"additional","affiliation":[{"name":"Carleton University, Ottawa, Canada"}]}],"member":"320","published-online":{"date-parts":[[2017,12,6]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"3GPP. TS 23.271. 2015. Functional Stage 2 Description of Location Services (LCS). Retrieved from http:\/\/www.3gpp.org\/dynareport\/23271.htm. 3GPP. TS 23.271. 2015. Functional Stage 2 Description of Location Services (LCS). Retrieved from http:\/\/www.3gpp.org\/dynareport\/23271.htm."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3052993"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2015.2451614"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-31979-5_18"},{"key":"e_1_2_1_5_1","doi-asserted-by":"crossref","unstructured":"Ilka Agricola and Thomas Friedrich. 2008. Elementary Geometry (1st ed.). Vol. 43. American Mathematical Society. Ilka Agricola and Thomas Friedrich. 2008. Elementary Geometry (1st ed.). Vol. 43. American Mathematical Society.","DOI":"10.1090\/stml\/043\/01"},{"key":"e_1_2_1_6_1","unstructured":"Akamai. 2015. Facts 8 Figures. Retrieved from https:\/\/www.akamai.com\/us\/en\/about\/facts-figures.jsp. Akamai. 2015. Facts 8 Figures. Retrieved from https:\/\/www.akamai.com\/us\/en\/about\/facts-figures.jsp."},{"key":"e_1_2_1_7_1","unstructured":"M. J. Arif S. Karunasekera and S. Kulkarni. 2010. GeoWeight: Internet host geolocation based on a probability model for latency measurements. In Australian Computer Society ACSC. 89--98. M. J. Arif S. Karunasekera and S. Kulkarni. 2010. GeoWeight: Internet host geolocation based on a probability model for latency measurements. In Australian Computer Society ACSC. 89--98."},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1177080.1177100"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663759"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1644893.1644915"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/956993.956995"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.41"},{"key":"e_1_2_1_13_1","unstructured":"Christopher Davis Ian Dickinson Tim Goodwin and Paul Vixie. 1996. A means for expressing location information in the domain name system. RFC 1876 (Experimental). IETF. http:\/\/www.ietf.org\/rfc\/rfc1876.txt. Christopher Davis Ian Dickinson Tim Goodwin and Paul Vixie. 1996. A means for expressing location information in the domain name system. RFC 1876 (Experimental). IETF. http:\/\/www.ietf.org\/rfc\/rfc1876.txt."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1124772.1124861"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2011.08.011"},{"key":"e_1_2_1_16_1","doi-asserted-by":"crossref","unstructured":"V. Dukhovni and W. Hardaker. 2015. The DNS-Based Authentication of Named Entities (DANE) Protocol: Updates and operational guidance. RFC 7671 (Proposed Standard). IETF. http:\/\/tools.ietf.org\/rfc\/rfc7671.txt. V. Dukhovni and W. Hardaker. 2015. The DNS-Based Authentication of Named Entities (DANE) Protocol: Updates and operational guidance. RFC 7671 (Proposed Standard). IETF. http:\/\/tools.ietf.org\/rfc\/rfc7671.txt.","DOI":"10.17487\/RFC7671"},{"key":"e_1_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Brian Eriksson Paul Barford Joel Sommers and Robert Nowak. 2010. A Learning-Based Approach for IP Geolocation. In Springer PAM. 171--180. Brian Eriksson Paul Barford Joel Sommers and Robert Nowak. 2010. A Learning-Based Approach for IP Geolocation. In Springer PAM. 171--180.","DOI":"10.1007\/978-3-642-12334-4_18"},{"key":"e_1_2_1_18_1","doi-asserted-by":"crossref","unstructured":"C. Evans C. Palmer and R. Sleevi. 2015. Public Key Pinning Extension for HTTP. RFC 7469 (Proposed Standard). IETF. http:\/\/tools.ietf.org\/rfc\/rfc7469.txt. C. Evans C. Palmer and R. Sleevi. 2015. Public Key Pinning Extension for HTTP. RFC 7469 (Proposed Standard). IETF. http:\/\/tools.ietf.org\/rfc\/rfc7469.txt.","DOI":"10.17487\/RFC7469"},{"key":"e_1_2_1_19_1","unstructured":"Phillipa Gill Yashar Ganjali Bernard Wong and David Lie. 2010. Dude where\u2019s that IP? Circumventing measurement-based IP geolocation. In USENIX Security. 241--256. Phillipa Gill Yashar Ganjali Bernard Wong and David Lie. 2010. Dude where\u2019s that IP? Circumventing measurement-based IP geolocation. In USENIX Security. 241--256."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2659899"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2006.886332"},{"key":"e_1_2_1_22_1","unstructured":"Nadia Heninger Zakir Durumeric Eric Wustrow and J. Alex Halderman. 2012. Mining your Ps and Qs: Detection of widespread weak keys in network devices. In USENIX Security. 205--220. Nadia Heninger Zakir Durumeric Eric Wustrow and J. Alex Halderman. 2012. Mining your Ps and Qs: Detection of widespread weak keys in network devices. In USENIX Security. 205--220."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-36516-4_23"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068856"},{"volume-title":"Geocompare: A comparison of Public and Commercial Geolocation Databases. Technical Report. CAIDA.","year":"2011","author":"Huffaker Bradley","key":"e_1_2_1_25_1"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315254"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1049\/el.2011.0399"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40012-4_9"},{"key":"e_1_2_1_29_1","doi-asserted-by":"crossref","unstructured":"Timo Kiravuo Mikko Sarela and Jukka Manner. 2013. A survey of Ethernet LAN security. IEEE Communications Surveys 8 Tutorials 15 3 (2013) 1477--1491. Timo Kiravuo Mikko Sarela and Jukka Manner. 2013. A survey of Ethernet LAN security. IEEE Communications Surveys 8 Tutorials 15 3 (2013) 1477--1491.","DOI":"10.1109\/SURV.2012.121112.00190"},{"key":"e_1_2_1_30_1","doi-asserted-by":"crossref","unstructured":"Michael Kranch and Joseph Bonneau. 2015. Upgrading HTTPS in mid-air: An empirical study of strict transport security and key pinning. In NDSS. Internet Society. Michael Kranch and Joseph Bonneau. 2015. Upgrading HTTPS in mid-air: An empirical study of strict transport security and key pinning. In NDSS. Internet Society.","DOI":"10.14722\/ndss.2015.23162"},{"volume-title":"Spotter: A model based active geolocation service","year":"2011","author":"Laki S\u00e1ndor","key":"e_1_2_1_31_1"},{"key":"e_1_2_1_32_1","doi-asserted-by":"crossref","unstructured":"Ra\u00fal Landa Joao Taveira Ara\u00fajo Richael G. Clegg Eleni Mykoniati David Griffin and Miguel Rio. 2013a. The large-scale geography of Internet round trip times. In IFIP Networking. 1--9. Ra\u00fal Landa Joao Taveira Ara\u00fajo Richael G. Clegg Eleni Mykoniati David Griffin and Miguel Rio. 2013a. The large-scale geography of Internet round trip times. In IFIP Networking. 1--9.","DOI":"10.1109\/ICCCN.2013.6614151"},{"key":"e_1_2_1_33_1","doi-asserted-by":"crossref","unstructured":"Raul Landa Richard G. Clegg Joao Taveira Ara\u00fajo Eleni Mykoniati David Griffin and Miguel Rio. 2013b. Measuring the relationships between Internet geography and RTT. In IEEE ICCCN. 1--7. Raul Landa Richard G. Clegg Joao Taveira Ara\u00fajo Eleni Mykoniati David Griffin and Miguel Rio. 2013b. Measuring the relationships between Internet geography and RTT. In IEEE ICCCN. 1--7.","DOI":"10.1109\/ICCCN.2013.6614151"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2659897"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijleo.2014.10.001"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.12"},{"key":"e_1_2_1_37_1","unstructured":"Moxie Marlinspike. 2009. More tricks for defeating SSL in practice. Black Hat USA. Moxie Marlinspike. 2009. More tricks for defeating SSL in practice. Black Hat USA."},{"key":"e_1_2_1_38_1","unstructured":"Declan McCullagh. 2008. How Pakistan Knocked YouTube Offline. Retrieved from http:\/\/www.cnet.com\/news\/how-pakistan-knocked-youtube-offline-and-how-to-make-sure-it-never-happens-again\/. Declan McCullagh. 2008. How Pakistan Knocked YouTube Offline. Retrieved from http:\/\/www.cnet.com\/news\/how-pakistan-knocked-youtube-offline-and-how-to-make-sure-it-never-happens-again\/."},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1592451.1592455"},{"volume-title":"Blackhat Conference Europe.","year":"2003","author":"Ornaghi Alberto","key":"e_1_2_1_40_1"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/383059.383073"},{"key":"e_1_2_1_42_1","doi-asserted-by":"crossref","unstructured":"Roberto Percacci and Alessandro Vespignani. 2003. Scale-free behavior of the Internet global performance. Springer EPJ B\u2014Condensed Matter and Complex Systems 32 (2003) 411--414. Roberto Percacci and Alessandro Vespignani. 2003. Scale-free behavior of the Internet global performance. Springer EPJ B\u2014Condensed Matter and Complex Systems 32 (2003) 411--414.","DOI":"10.1140\/epjb\/e2003-00123-6"},{"key":"e_1_2_1_43_1","unstructured":"Zachary N. J. Peterson Mark Gondree and Robert Beverly. 2011. A position paper on data sovereignty: The importance of geolocating data in the cloud. In USENIX HotCloud. Zachary N. J. Peterson Mark Gondree and Robert Beverly. 2011. A position paper on data sovereignty: The importance of geolocating data in the cloud. In USENIX HotCloud."},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382205"},{"key":"e_1_2_1_45_1","unstructured":"Nuno Santos Rodrigo Rodrigues Krishna P. Gummadi and Stefan Saroiu. 2012. Policy-sealed data: A new abstraction for building trusted cloud services. In USENIX Security. 175--188. Nuno Santos Rodrigo Rodrigues Krishna P. Gummadi and Stefan Saroiu. 2012. Policy-sealed data: A new abstraction for building trusted cloud services. In USENIX Security. 175--188."},{"key":"e_1_2_1_46_1","doi-asserted-by":"crossref","unstructured":"S. S. Siwpersad Bamba Gueye and Steve Uhlig. 2008. Assessing the Geographic Resolution of Exhaustive Tabulation for Geolocating Internet Hosts. In Springer PAM. 11--20. S. S. Siwpersad Bamba Gueye and Steve Uhlig. 2008. Assessing the Geographic Resolution of Exhaustive Tabulation for Geolocating Internet Hosts. In Springer PAM. 11--20.","DOI":"10.1007\/978-3-540-79232-1_2"},{"key":"e_1_2_1_47_1","unstructured":"IEEE Computer Society. 2004. IEEE Std. 802.1D. Media access control (MAC) Bridges. http:\/\/standards.ieee.org\/getieee802\/download\/802.1D-2004.pdf. IEEE Computer Society. 2004. IEEE Std. 802.1D. Media access control (MAC) Bridges. http:\/\/standards.ieee.org\/getieee802\/download\/802.1D-2004.pdf."},{"key":"e_1_2_1_48_1","doi-asserted-by":"crossref","unstructured":"Matthijs van Polen Giovane Moura and Aiko Pras. 2011. Finding and Analyzing Evil Cities on the Internet. In Springer Autonomous Infrastructure Management and Security. 38--48. Matthijs van Polen Giovane Moura and Aiko Pras. 2011. Finding and Analyzing Evil Cities on the Internet. In Springer Autonomous Infrastructure Management and Security. 38--48.","DOI":"10.1007\/978-3-642-21484-4_4"},{"key":"e_1_2_1_49_1","doi-asserted-by":"crossref","unstructured":"Nevena Vratonjic Julien Freudiger Vincent Bindschaedler and Jean-Pierre Hubaux. 2013. The inconvenient truth about web certificates. In Economics of Information Security and Privacy III. Springer 79--117. Nevena Vratonjic Julien Freudiger Vincent Bindschaedler and Jean-Pierre Hubaux. 2013. The inconvenient truth about web certificates. In Economics of Information Security and Privacy III. Springer 79--117.","DOI":"10.1007\/978-1-4614-1981-5_5"},{"key":"e_1_2_1_50_1","unstructured":"Yong Wang Daniel Burgener Marcel Flores Aleksandar Kuzmanovic and Cheng Huang. 2011. Towards street-level client-independent IP geolocation. In USENIX NSDI. Yong Wang Daniel Burgener Marcel Flores Aleksandar Kuzmanovic and Cheng Huang. 2011. Towards street-level client-independent IP geolocation. In USENIX NSDI."},{"volume-title":"Perspectives: Improving SSH-style host authentication with multi-path probing. In USENIX ATC.","year":"2008","author":"Wendlandt Dan","key":"e_1_2_1_51_1"},{"volume-title":"Attacks.","year":"2015","author":"Detect How","key":"e_1_2_1_52_1"},{"volume-title":"Octant: A Comprehensive Framework for the Geolocalization of Internet Hosts. In USENIX NSDI.","year":"2007","author":"Wong Bernard","key":"e_1_2_1_53_1"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2973750.2973766"},{"key":"e_1_2_1_55_1","unstructured":"Der-Yeuan Yu Elizabeth Stobert David Basin and Srdjan Capkun. 2016b. Exploring Website Location as a Security Indicator. arXiv:1610.03647 (2016). Der-Yeuan Yu Elizabeth Stobert David Basin and Srdjan Capkun. 2016b. Exploring Website Location as a Security Indicator. arXiv:1610.03647 (2016)."},{"volume-title":"Advances in Computer Science and Information Engineering","author":"Zhang Yifei","key":"e_1_2_1_56_1"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3139294","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3139294","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,28]],"date-time":"2025-06-28T08:04:03Z","timestamp":1751097843000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3139294"}},"subtitle":["Augmenting TLS Authentication"],"short-title":[],"issued":{"date-parts":[[2017,12,6]]},"references-count":56,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2018,2,28]]}},"alternative-id":["10.1145\/3139294"],"URL":"https:\/\/doi.org\/10.1145\/3139294","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"type":"print","value":"2471-2566"},{"type":"electronic","value":"2471-2574"}],"subject":[],"published":{"date-parts":[[2017,12,6]]},"assertion":[{"value":"2016-08-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-08-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-12-06","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}