Monte Carlo Techniques for Secure Localization ARO Workshop on Localization in Wireless Sensor Networks 14 June David Evans University of Virginia Computer Science

2 Sensor Nodes MICA2Typical 2005 Desktop Memory644 KB (128 K program flash memory / 4 K config EEPROM / 512 K data) 400 x (just RAM) x (hard drive) Processor Speed 7 MHz500 x Electrical Power ~40mW 2 AA batteries 2000 x ~100W (CPU only) Mass18 grams (+ batteries) 167 x 3kg MICA2 Mote (UCB/Crossbow)

3 MICA2Typical 2004 Desktop Memory0.01 x (4K 14-bit words) 644 KB (128 K program flash memory / 4 K config EEPROM / 512 K data) 400 x (just RAM) x (hard drive) Processor Speed x (add in 20  s) 7 MHz500 x Electrical Power 1500 x ~70W ~40mW 2 AA batteries 2000 x ~100W (CPU only) Mass1667 x 30kg 18 grams (+ batteries) 167 x 3kg MICA2 Apollo Guidance Computer Photo: Typical 2005 Desktop

4 MICA2Typical 2004 Desktop Memory0.01 x (4K 14-bit words) 644 KB (128 K program flash memory / 4 K config EEPROM / 512 K data) 400 x (just RAM) x (hard drive) Processor Speed x (add in 20  s) 7 MHz500 x Electrical Power 1500 x ~70W ~40mW 2 AA batteries 2000 x ~100W (CPU only) Mass1667 x 30kg 18 grams (+ batteries) 167 x 3kg MICA2 Apollo Guidance Computer Photo: Typical 2004 Desktop

5 Sensor Network Applications Reindeer Tracking (Sámi Network Connectivity Project) Battlefield Event Tracking Volcano Monitoring Photo:

6 This Talk Location Matters –How do nodes know where they are? Security (Sometimes) Matters –How can we provide trust without infrastructure? L. Hu and D. Evans. Localization for Mobile Sensor Networks. MobiCom L. Hu and D. Evans. Using Directional Antennas to Prevent Wormhole Attacks. NDSS 2004.

7 Determining Location Direct approaches –Configured manually Expensive Not possible for ad hoc, mobile networks –GPS Expensive (cost, size, energy) Only works outdoors, on Earth Indirect approaches –Small number of seed nodes Seeds are configured or have GPS –Other nodes determine location based on messages received

8 Hop-Count Techniques DV-HOP [Niculescu & Nath, 2003] Amorphous [Nagpal et. al, 2003] Works well with a few, well-located seeds and regular, static node distribution. Works poorly if nodes move or are unevenly distributed. r

9 Local Techniques Centroid [Bulusu, Heidemann, Estrin, 2000]: Calculate center of all heard seed locations APIT [He, et. al, Mobicom 2003]: Use triangular regions Depend on a high density of seeds (with long transmission ranges)

10 Our Goal (Reasonably) Accurate Localization in Mobile Networks Low Density, Arbitrarily Placed Seeds Range-free: no special hardware Low communication (limited addition to normal neighbor discovery)

11 Scenarios NASA Mars Tumbleweed Image by Jeff Antol Nodes moving, seeds stationary Nodes and seeds moving Nodes stationary, seeds moving

12 Our Approach: Monte Carlo Localization Adapts an approach from robotics localization Take advantage of mobility: –Moving makes things harder…but provides more information –Properties of time and space limit possible locations; cooperation from neighbors Frank Dellaert, Dieter Fox, Wolfram Burgard and Sebastian Thrun. Monte Carlo Localization for Mobile Robots. ICRA 1999.

13 MCL: Initialization Initialization: Node has no knowledge of its location. L 0 = { set of N random locations in the deployment area } Node’s actual position

14 MCL Step: Predict Node’s actual position Predict: Node guesses new possible locations based on previous possible locations and maximum velocity, v max Filter Filter: Remove samples that are inconsistent with observations Seed node: knows and transmits location r p(l t | l t-1 ) = c if d(l t, l t-1 ) < v max 0 if d(l t, l t-1 ) ≥ v max

15 Observations Indirect Seed If node doesn’t hear a seed, but one of your neighbors hears it, node must be within distance (r, 2r] of that seed’s location. Direct Seed If node hears a seed, the node must (likely) be with distance r of the seed’s location S S

16 Resampling Use prediction distribution to create enough sample points that are consistent with the observations. N = 20 is good, N = 50 is plenty

17 Recap: Algorithm Initialization: Node has no knowledge of its location. L 0 = { set of N random locations in the deployment area } Iteration Step: Compute new possible location set L t based on L t-1, the possible location set from the previous time step, and the new observations. L t = { } while (size ( L t ) < N ) do R = { l | l is selected from the prediction distribution } R filtered = { l | l where l  R and filtering condition is met } L t = choose ( L t  R filtered, N )

18 Convergence Node density n d = 10, seed density s d = 1 Localization error converges in first steps Average Estimate Error ( r ) Time (steps) v max =.2r, s max =0 v max =r,s =0 v max =r,s =r

19 Speed Helps and Hurts Increasing speed increases location uncertainty ̶ but provides more observations Estimate Error ( r ) v max ( r distances per time unit) s d =1,s min =0,s max =v s d =1,s max =s min =r s d =2,s max =v s d =2,s max =s min =r Node density n d = 10

Estimate Error ( r ) Seed Density MCL Centroid Amorphous Seed Density n d = 10, v max = s max =.2 r Better accuracy than other localization algorithms over range of seed densities Centroid: Bulusu, Heidemann and Estrin. IEEE Personal Communications Magazine. Oct Amorphous: Nagpal, Shrobe and Bachrach. IPSN 2003.

21 Questionable Assumption: Radio Transmissions r Model: all nodes with distance r hear transmission, no nodes further away do r Reality: radio tranmissions are irregular

22 Radio Irregularity n d = 10, s d = 1, v max = s max =.2 r Insensitive to irregular radio pattern Estimate Error ( r ) Degree of Irregularity ( r varies ± dr ) MCL Centroid Amorphous

23 Questionable Assumption: Motion is Random Model: modified random waypoint Reality: environment creates motion

24 Motion n d =10, v max = s max = r Adversely affected by consistent group motion Estimate Error ( r ) Maximum Group Motion Speed ( r units per time step) s d =.3 s d =1 s d = Estimate Error ( r ) Time Random, v max = s max =.2 r Area Scan Random, v max =0, s max =.2 r Scan Stream and Currents Random Waypoint vs. Area Scan Controlled motion of seeds improves accuracy

25 What about security?

26 Localization Security Issues Denial-of-Service: prevent node from localizing –Global: jam GPS or radio transmissions –Local: disrupt a particular nodes localization Confidentiality: keep location secret Verifiability: prove your location to others Integrity –Attacker makes node think it is somewhere different from actual location

27 MCL Advantages Filtering –Bogus seeds filter out possible locations –As long as one legitimate observation is received, worst attacker can do is denial-of-service Direct –Does not require long range seed-node communication Historical –Current possible location set reflects history of previous observations

28 Authenticating Announcements (Simple, Insecure Version) 1. S  region ID S Broadcast identity 2. N  S ID N Send identity 3. S  N E K NS (L S ) Respond with location encrypted with shared key S N 1. ID S 2. ID N 3. E K NS (L S ) K NS is a pre-loaded pairwise shared key Vulnerable to simple replay attacks

29 Authenticating Announcements 1. S  region ID S Broadcast identity 2. N  S R N | ID N Send nonce challenge 3. S  N E K NS (R N | L S ) Respond with location S N 1. ID S 2. R N | ID N Prevents simple replay attacks (but not wormhole attacks) 3. E K NS (R N | L S )

30 Broadcast Authentication Requires asymmetry: –Every node can verify message –Only legitimate seed can create it Traditional approach: asymmetry of information (public/private keys) –Requires long messages: too expensive for sensor nodes Instead use time asymmetry

31 Using Time Asymmetry Time n Time n + 1 Based on  Tesla: Perrig, et. al KS n-1 | Sign ( ID S | L S, KS n ) f is a one-way function (easy to compute f(x), hard to invert) Initially: nodes know KS 0 = f max (x) for each seed seed knows x, calculates KS n = f max-n (x) Nodes verifies each key as it is received f (KS 0 ) = KS 1 Requires loose time synchronization Saves node transmissions, multiple seed transmissions KS n | Sign ( ID S | L S, KS n + 1 )

32 Wormhole Attack X Y Attacker uses transceivers at two locations in the network to replay (selectively) packets at different location

33 Protocol Idea Wormhole attack depends on a node that is not nearby convincing another node it is Periodically verify neighbors are really neighbors Only accept messages from verified neighbors

34 Previous Solutions: Light Speed is Slow Distance Bounding –Light travels 1 ft per nanosecond (~4 cycles on modern PC!) Packet “Leashes” Use distance bounding to perform secure multilateration Need special hardware to instantly respond to received bits Yih-Chun Hu, Perrig and Johnson. INFOCOM 2003 Brands and Chaum, EUROCRYPT 1993 Capkun and Hubaux, 2004

35 Our Approach: Use Direction Model based on [Choudhury and Vaidya, 2002] General benefits: power saving, less collisions Improve localization accuracy North Aligned to magnetic North, so zone 1 always faces East Omnidirectional Transmission Directional Transmission from Zone 4

36 Directional Neighbor Discovery A 1. A  RegionHELLO | ID A Sent by all antenna elements (sweeping) 2. B  AID B | E K BA (ID A | R | zone (B, A)) Sent by zone (B, A) element, R is nonce 3.A  BR Checks zone is opposite, sent by zone (A, B) B zone (B, A) = 4 is the antenna zone in which B hears A

A B zone (B, A[Y]) = 1 zone (A, B [X]) = 1 False Neighbor: zone (A, B) should be opposite zone (B, A) Detecting False Neighbors X Y

38 A B zone (B, A[Y]) = 4 zone (A, B [X]) = 1 Undetected False Neighbor: zone (A, B) = opposite of zone (B, A) Not Detecting False Neighbors X Y Directional neighbor discovery prevents 1/6 of false direct links…but doesn’t prevent disruption

39 Observation: Cooperate! Wormhole can only trick nodes in particular locations Verify neighbors using other nodes Based on the direction from which you hear the verifier node, and it hears the announcer, can distinguish legitimate neighbor

40 Verifier Region v zone (B, A) = 4 zone (V, A) = A verifier must satisfy these two properties: 1. B and V hear A in different zones: zone (B, A) ≠ zone (V, A) proves B and V don’t hear A through wormhole 2. Be heard by B in a different zone: zone (B, A) ≠ zone (B, V) proves B is not hearing V through wormhole zone (B, A) = 4 zone (B, V) = 5 (one more constraint will be explained soon)

41 Worawannotai Attack v B A Region 1 Region 2 X V hears A and B directly A and B hear V directly But, A and B hear each other only through repeated X

42 Preventing Attack 1. zone (B, A)  zone (B, V) 2. zone (B, A)  zone (V, A) 3. zone (B, V) cannot be both adjacent to zone (B, A) and adjacent to zone (V, A)

43 V Verified Neighbor Discovery 1. A  RegionAnnouncement, done through sequential sweeping 2. B  AInclude nonce and zone information in the message 3. A  BCheck zone information and send back the nonce A B 4. INQUIRY | ID B | ID A | zone (B, A) 5. ID V | E KBV (ID A | zone (V, B)) Same as before 4. B  RegionRequest for verifier to validate A 5. V  BIf V is a valid verifier, sends confirmation 6. B  AAccept A as its neighbor and notify A

44 Cost Analysis Communication Overhead –Adds messages for inquiry, verification and acceptance –Minimal for slow-changing networks Connectivity –How many legitimate links are lost because they cannot be verified?

45 Lose Some Legitimate Links Link Discovery Probability Node Distance ( r ) Verified Protocol Strict Protocol (Preventing Worawannotai Attack) Network Density = Node Distance ( r ) 0 Verified Protocol Strict Protocol (Preventing Worawannotai Attack) Network Density = 3

46 …but small effect on connectivity and routing Average Path Length Omnidirectional Node Density Strict Protocol Trust All Verified Protocol Network density = 10 Verified protocol: 0.5% links are lost no nodes disconnected Strict protocol: 40% links are lost 0.03% nodes disconnected

47 Dealing with Error Ratio Maximum Directional Error Degree Lost Links, Strict Protocol Disconnected Nodes, Strict Protocol Maximum Directional Error Degree Lost Links, Strict Protocol Disconnected Nodes Network Density = 10 Network Density = 3 Even with no control over antenna alignment, few nodes are disconnected

48 Vulnerabilities Attacker with multiple wormhole endpoints –Can create packets coming from different directions to appear neighborly Antenna, orientation inaccuracies –Real transmissions are not perfect wedges Magnet Attacks –Protocol depends on compass alignment

49 Conclusion Computing is moving into the real world: –Rich interfaces to environment –No perimeters Simple properties of physical world are useful: –Space and time can be used to achieve accurate localization cheaply –Space consistency requirements can prevent wormhole attacks

50 Thanks! Students: Lingxuan Hu, Chalermpong Worawannotai Nathaneal Paul, Ana Nora Sovarel, Jinlin Yang, Joel Winstead Funding: NSF ITR, NSF CAREER, DARPA SRS For slides and paper links: