LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006

Why Location-Based Access Control? Previous user identity- based access control approaches cannot verify Physical location of the access requester, which plays an important role in determining access rights  Secure verification of location claims is required Secure verification of location claims  Natural  No need to establish shared secrets in advance Information about Location can strengthen access control policy  Not just which subject is accessing what object  Where the subject and object are located Subject belongs to a location group as long as she can listen to one of the beacons in that group

Previous Works Hardware dependency to determine location  GPS  Temper resistant device  Ultrasonic signals Need central server Expensive crypto and overhead  PKI, DH key exchange

Properties No servers No pre-registration No expensive crypto No expensive hardware (e.g. GPS) Low communication/computation Different from localization problem

Notation

Protocol Description Each access point (AP j )periodically broadcasts its nonce (r j )  Assume each AP j knows other AP's nonces (r j ) through a secure channel A mobile station (MS i ) collects nonces of the access points MS i derives its location key (k i ) by XOR-ing all the nonces of access points MS i constructs its access request (AR i ) using hash of k i and claims its location to its associated access point with it.  If MS i is located in the access-granted area, it can access to the resource  o/w, it cannot access it This system is secure if each entity does not collude each other Assume trust AP  not mutual authentication.

What is AP group ? Define three AP groups:  G1={AP1, AP2},  G2={AP3, AP4},  G3={AP1, AP4} Each AP's group:  AP1 is in G1, G3  AP2 is in G1  AP3 is in G2  AP4 is in G2,G3 G1G1 G2G2 G3G3 Access-Granted Area

1) 2) 3)

Security Analysis Insecure nonce combination  RNG with k=|nonce|  80 bits Bogus location claim  zero-false positive with Interval T < Speed of MS  cf. GPS error, sector error, etc.

Security Analysis (cont.) Wormhole attack

Security Analysis (cont.) The Sybil attack Simple solution  Assume each mobile station has APs Certificates of each  Using AP's signature of BBM Better solution? Man-in-the-Middle Attack?

Efficiency Estimation Various Hash Function Computation Times ( μseconds) based on the Crypto benchmark tested on the AMD Opteron 1.6 GHz processor under Linux Let |nonce|= 80 bits and |ID|=8 bits and use 160-bit SHA-1  Computation Time Only μseconds to compute access request of mobile station side  Communication Load |BBM|  *|L|*|N| bits of each access point |AR| = 160 bits of each mobile station  Storage Requirement For the mobile stations, there is no storage requirement

Simulation Result Simulation condition  23 MSs, 2 APs  propagation and path-loss model in the free-space model without a routing protocol between mobile stations  Two access points broadcast beacons with nonces (r1, r2) 1000 times in every broadcasting interval  False positive rate with various nonce sizes |r 1 | = |r 2 | = 4, 8, 16 bits of access points under T=  =1 second of static mobile station model False positive rate with various T=1, 2, 4, 8 seconds with  = 1 second T  under |r 1 | = |r 2 | = 16 bits of randomly moving mobile station model

Application and Extension HotSpot  Cyber Cafe, coffee shop, airport Data encryption key as well as access control key Location Tracking  Sensor network

Future Work Scalability Applicable to Sensor Network LBS (Location Based Services)  Location Tracking  Location Privacy  Secure Data Aggregation

Conclusion Easy Simple Cheap Practical Applicable

Q & A