Presentation is loading. Please wait.

Presentation is loading. Please wait.

No Matter Where You Go, There You Are: Secure Localization Techniques for Mobile Wireless Networks Seminar on Applications of Mathematics UVa Institute.

Published byAndrew Boyd Modified over 8 years ago

Similar presentations

Presentation on theme: "No Matter Where You Go, There You Are: Secure Localization Techniques for Mobile Wireless Networks Seminar on Applications of Mathematics UVa Institute."— Presentation transcript:

1 No Matter Where You Go, There You Are: Secure Localization Techniques for Mobile Wireless Networks Seminar on Applications of Mathematics UVa Institute of Mathematical Science 2 December 2004 http://www.cs.virginia.edu/evans/talks/sam/ David Evans University of Virginia Computer Science

2 2 Computing is Entering Real World Desktop PC Protected Box Narrow Interface 1 Machine per User- Admin Sensor Network Unprotected Nodes Rich Interface Thousands of Nodes per Admin

3 3 Sensor Nodes MICA2Typical 2004 Desktop Memory644 KB (128 K program flash memory / 4 K config EEPROM / 512 K data) 400 x (just RAM) 130 000 x (hard drive) Processor Speed 7 MHz500 x Electrical Power ~40mW 2 AA batteries 2000 x ~100W (CPU only) Mass18 grams (+ batteries) 167 x 3kg MICA2 Mote (UCB/Crossbow)

4 4 MICA2Typical 2004 Desktop Memory0.01 x (4K 14-bit words) 644 KB (128 K program flash memory / 4 K config EEPROM / 512 K data) 400 x (just RAM) 130 000 x (hard drive) Processor Speed 0.007 x (add in 20  s) 7 MHz500 x Electrical Power 1500 x ~70W ~40mW 2 AA batteries 2000 x ~100W (CPU only) Mass1667 x 30kg 18 grams (+ batteries) 167 x 3kg MICA2 Apollo Guidance Computer Photo: http://ed-thelen.org/comp-hist/ Typical 2004 Desktop

5 5 MICA2Typical 2004 Desktop Memory0.01 x (4K 14-bit words) 644 KB (128 K program flash memory / 4 K config EEPROM / 512 K data) 400 x (just RAM) 130 000 x (hard drive) Processor Speed 0.007 x (add in 20  s) 7 MHz500 x Electrical Power 1500 x ~70W ~40mW 2 AA batteries 2000 x ~100W (CPU only) Mass1667 x 30kg 18 grams (+ batteries) 167 x 3kg MICA2 Apollo Guidance Computer Photo: http://ed-thelen.org/comp-hist/ Typical 2004 Desktop

6 6 Sensor Network Applications Reindeer Tracking (Sámi Network Connectivity Project) Battlefield Event Tracking Volcano Monitoring http://www.eecs.harvard.edu/~werner/projects/volcano/ Photo: http://news.bbc.co.uk/1/hi/technology/2491501.stm

7 7 This Talk Location Matters –How do nodes know where they are? Security (Sometimes) Matters L. Hu and D. Evans. Localization for Mobile Sensor Networks. MobiCom 2004. L. Hu and D. Evans. Using Directional Antennas to Prevent Wormhole Attacks. NDSS 2004.

8 8 Determining Location Direct approaches –Configured manually Expensive Not possible for ad hoc, mobile networks –GPS Expensive (cost, size, energy) Only works outdoors, on Earth Indirect approaches –Small number of seed nodes Seeds are configured or have GPS –Other nodes determine location based on messages received

9 9 Hop-Count Techniques DV-HOP [Niculescu & Nath, 2003] Amorphous [Nagpal et. al, 2003] Works well with a few, well-located seeds and regular, static node distribution. Works poorly if nodes move or are unevenly distributed. r 1 1 2 2 3 3 3 3 4 4 4 4 4 5 5 6 7 8

10 10 Local Techniques Centroid [Bulusu, Heidemann, Estrin, 2000]: Calculate center of all heard seed locations APIT [He, et. al, Mobicom 2003]: Use triangular regions Depend on a high density of seeds (with long transmission ranges)

11 11 Our Goal (Reasonably) Accurate Localization in Mobile Networks Low Density, Arbitrarily Placed Seeds Range-free: no special hardware Low communication (limited addition to normal neighbor discovery)

12 12 Scenarios NASA Mars Tumbleweed Image by Jeff Antol Nodes moving, seeds stationary Nodes and seeds moving Nodes stationary, seeds moving

13 13 Our Approach: Monte Carlo Localization Adapts an approach from robotics localization Take advantage of mobility: –Moving makes things harder…but provides more information –Properties of time and space limit possible locations; cooperation from neighbors Frank Dellaert, Dieter Fox, Wolfram Burgard and Sebastian Thrun. Monte Carlo Localization for Mobile Robots. ICRA 1999.

14 14 MCL: Initialization Initialization: Node has no knowledge of its location. L 0 = { set of N random locations in the deployment area } Node’s actual position

15 15 MCL Step: Predict Node’s actual position Predict: Node guesses new possible locations based on previous possible locations and maximum velocity, v max Filter Filter: Remove samples that are inconsistent with observations Seed node: knows and transmits location r p(l t | l t-1 ) = c if d(l t, l t-1 ) < v max 0 if d(l t, l t-1 ) ≥ v max

16 16 Observations Indirect Seed If node doesn’t hear a seed, but one of your neighbors hears it, node must be within distance (r, 2r] of that seed’s location. Direct Seed If node hears a seed, the node must (likely) be with distance r of the seed’s location S S

17 17 Resampling Use prediction distribution to create enough sample points that are consistent with the observations. N = 20 is good, N = 50 is plenty

18 18 Recap: Algorithm Initialization: Node has no knowledge of its location. L 0 = { set of N random locations in the deployment area } Iteration Step: Compute new possible location set L t based on L t-1, the possible location set from the previous time step, and the new observations. L t = { } while (size ( L t ) < N ) do R = { l | l is selected from the prediction distribution } R filtered = { l | l where l  R and filtering condition is met } L t = choose ( L t  R filtered, N )

19 19 Convergence Node density n d = 10, seed density s d = 1 Localization error converges in first 10-20 steps 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2 05101520253035404550 Average Estimate Error ( r ) Time (steps) v max =.2r, s max =0 v max =r,s =0 v max =r,s =r

20 20 Speed Helps and Hurts Increasing speed increases location uncertainty ̶ but provides more observations. 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0.10.20.40.60.811.21.41.61.82 Estimate Error ( r ) v max ( r distances per time unit) s d =1,s min =0,s max =v s d =1,s max =s min =r s d =2,s max =v s d =2,s max =s min =r Node density n d = 10

21 21 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2 2.2 2.4 2.6 2.8 3 0.10.511.522.533.54 Estimate Error ( r ) Seed Density MCL Centroid Amorphous Seed Density n d = 10, v max = s max =.2 r Better accuracy than other localization algorithms over range of seed densities Centroid: Bulusu, Heidemann and Estrin. IEEE Personal Communications Magazine. Oct 2000. Amorphous: Nagpal, Shrobe and Bachrach. IPSN 2003.

22 22 Questionable Assumption: Radio Transmissions r Model: all nodes with distance r hear transmission, no nodes further away do r Reality: radio tranmissions are irregular

23 23 Radio Irregularity n d = 10, s d = 1, v max = s max =.2 r Insensitive to irregular radio pattern 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2 0 0.10.20.30.40.5 Estimate Error ( r ) Degree of Irregularity ( r varies ± dr ) MCL Centroid Amorphous

24 24 Questionable Assumption: Motion is Random Model: modified random waypoint Reality: environment creates motion

25 25 Motion n d =10, v max = s max = r Adversely affected by consistent group motion 0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5 5.5 6 00.51246 0 1 1.5 2 2.5 3 3.5 4 4.5 5 5.5 6 00.51246 Estimate Error ( r ) Maximum Group Motion Speed ( r units per time step) s d =.3 s d =1 s d =2 0 1 2 3 4 020406080100120140160180200 Estimate Error ( r ) Time Random, v max = s max =.2 r Area Scan Random, v max =0, s max =.2 r Scan Stream and Currents Random Waypoint vs. Area Scan Controlled motion of seeds improves accuracy

26 26 What about security?

27 27 Localization Security Issues Denial-of-Service: prevent node from localizing –Global: jam GPS or radio transmissions –Local: disrupt a particular nodes localization Confidentiality: keep location secret Verifiability: prove your location to others Integrity –Attacker makes node think it is somewhere different from actual location

28 28 MCL Advantages Filtering –Bogus seeds filter out possible locations –As long as one legitimate observation is received, worst attacker can do is denial-of-service Direct –Does not require long range seed-node communication Historical –Current possible location set reflects history of previous observations

29 29 Authenticating Announcements (Simple, Insecure Version) 1. S  region ID S Broadcast identity 2. N  S ID N Send identity 3. S  N E K NS (L S ) Respond with location encrypted with shared key S N 1. ID S 2. ID N 3. E K NS (L S ) K NS is a pre-loaded pairwise shared key Vulnerable to simple replay attacks

30 30 Authenticating Announcements 1. S  region ID S Broadcast identity 2. N  S R N | ID N Send nonce challenge 3. S  N E K NS (R N | L S ) Respond with location S N 1. ID S 2. R N | ID N Prevents simple replay attacks (but not wormhole attacks) 3. E K NS (R N | L S )

31 31 Broadcast Authentication Requires asymmetry: –Every node can verify message –Only legitimate seed can create it Traditional approach: asymmetry of information (public/private keys) –Requires long messages: too expensive for sensor nodes Instead use time asymmetry

32 32 Using Time Asymmetry Time n Time n + 1 Based on  Tesla: Perrig, et. al. 2002 KS n-1 | Sign ( ID S | L S, KS n ) f is a one-way function (easy to compute f(x), hard to invert) Initially: nodes know KS 0 = f max (x) for each seed seed knows x, calculates KS n = f max-n (x) Nodes verifies each key as it is received f (KS 0 ) = KS 1 Requires loose time synchronization Saves node transmissions, multiple seed transmissions KS n | Sign ( ID S | L S, KS n + 1 )

33 33 Wormhole Attack X Y Attacker uses transceivers at two locations in the network to replay (selectively) packets at different location

34 34 Protocol Idea Wormhole attack depends on a node that is not nearby convincing another node it is Periodically verify neighbors are really neighbors Only accept messages from verified neighbors

35 35 Previous Solutions: Light Speed is Slow Distance Bounding –Light travels 1 ft per nanosecond (~4 cycles on modern PC!) Packet “Leashes” Use distance bounding to perform secure multilateration Need special hardware to instantly respond to received bits Yih-Chun Hu, Perrig and Johnson. INFOCOM 2003 Brands and Chaum, EUROCRYPT 1993 Capkun and Hubaux, 2004

36 36 Our Approach: Use Direction Model based on [Choudhury and Vaidya, 2002] General benefits: power saving, less collisions Improve localization accuracy 1 23 4 56 North Aligned to magnetic North, so zone 1 always faces East Omnidirectional Transmission Directional Transmission from Zone 4

37 37 Directional Neighbor Discovery A 1. A  RegionHELLO | ID A Sent by all antenna elements (sweeping) 2. B  AID B | E K BA (ID A | R | zone (B, A)) Sent by zone (B, A) element, R is nonce 3.A  BR Checks zone is opposite, sent by zone (A, B) B zone (B, A) = 4 is the antenna zone in which B hears A 1 23 4 56

38 38 1 23 4 56 A B zone (B, A[Y]) = 1 zone (A, B [X]) = 1 False Neighbor: zone (A, B) should be opposite zone (B, A) Detecting False Neighbors X Y

39 39 A B zone (B, A[Y]) = 4 zone (A, B [X]) = 1 Undetected False Neighbor: zone (A, B) = opposite of zone (B, A) Not Detecting False Neighbors 1 23 4 56 X Y Directional neighbor discovery prevents 1/6 of false direct links…but doesn’t prevent disruption

40 40 Observation: Cooperate! Wormhole can only trick nodes in particular locations Verify neighbors using other nodes Based on the direction from which you hear the verifier node, and it hears the announcer, can distinguish legitimate neighbor

41 41 Verifier Region v zone (B, A) = 4 zone (V, A) = 3 1 23 4 56 A verifier must satisfy these two properties: 1. B and V hear A in different zones: zone (B, A) ≠ zone (V, A) proves B and V don’t hear A through wormhole 2. Be heard by B in a different zone: zone (B, A) ≠ zone (B, V) proves B is not hearing V through wormhole zone (B, A) = 4 zone (B, V) = 5 (one more constraint will be explained soon)

42 42 Worawannotai Attack v B A Region 1 Region 2 X 1 23 56 23 4 56 V hears A and B directly A and B hear V directly But, A and B hear each other only through repeated X

43 43 Preventing Attack 1. zone (B, A)  zone (B, V) 2. zone (B, A)  zone (V, A) 3. zone (B, V) cannot be both adjacent to zone (B, A) and adjacent to zone (V, A)

44 44 V Verified Neighbor Discovery 1. A  RegionAnnouncement, done through sequential sweeping 2. B  AInclude nonce and zone information in the message 3. A  BCheck zone information and send back the nonce A B 4. INQUIRY | ID B | ID A | zone (B, A) 5. ID V | E KBV (ID A | zone (V, B)) Same as before 4. B  RegionRequest for verifier to validate A 5. V  BIf V is a valid verifier, sends confirmation 6. B  AAccept A as its neighbor and notify A

45 45 Cost Analysis Communication Overhead –Adds messages for inquiry, verification and acceptance –Minimal for slow-changing networks Connectivity –How many legitimate links are lost because they cannot be verified?

46 46 Lose Some Legitimate Links 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Link Discovery Probability Node Distance ( r ) Verified Protocol Strict Protocol (Preventing Worawannotai Attack) Network Density = 10 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Node Distance ( r ) 0 Verified Protocol Strict Protocol (Preventing Worawannotai Attack) Network Density = 3

47 47 …but small effect on connectivity and routing 0 1 2 3 4 5 6 7 8 9 10 4 6 8 12 14 16 18 20 Average Path Length Omnidirectional Node Density Strict Protocol Trust All Verified Protocol Network density = 10 Verified protocol: 0.5% links are lost no nodes disconnected Strict protocol: 40% links are lost 0.03% nodes disconnected

48 48 Dealing with Error 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 10 20 30 40 50 60 Ratio Maximum Directional Error Degree Lost Links, Strict Protocol Disconnected Nodes, Strict Protocol 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 10 20 30 40 50 60 Maximum Directional Error Degree Lost Links, Strict Protocol Disconnected Nodes Network Density = 10 Network Density = 3 Even with no control over antenna alignment, few nodes are disconnected

49 49 Vulnerabilities Attacker with multiple wormhole endpoints –Can create packets coming from different directions to appear neighborly Antenna, orientation inaccuracies –Real transmissions are not perfect wedges Magnet Attacks –Protocol depends on compass alignment

50 50 Conclusion Computing is moving into the real world: –Rich interfaces to environment –No perimeters Simple properties of physical world are useful: –Space and time can be used to achieve accurate localization cheaply –Space consistency requirements can prevent wormhole attacks

51 51 Thanks! Students: Lingxuan Hu, Chalermpong Worawannotai Nathaneal Paul, Ana Nora Sovarel, Jinlin Yang, Joel Winstead Funding: NSF ITR, NSF CAREER, DARPA SRS For slides and paper links: http://www.cs.virginia.edu/evans/talks/sam/

Download ppt "No Matter Where You Go, There You Are: Secure Localization Techniques for Mobile Wireless Networks Seminar on Applications of Mathematics UVa Institute."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Localization for Mobile Sensor Networks ACM MobiCom 2004 Lingxuan HuDavid Evans Department of Computer Science University of Virginia.

Localization for Mobile Sensor Networks ACM MobiCom 2004 Lingxuan HuDavid Evans Department of Computer Science University of Virginia.
Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.

Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
A Mobile Ad hoc Biosensor Network Muzammil KP S7,ECE Govt. Engg. College, Wayanad.

A Mobile Ad hoc Biosensor Network Muzammil KP S7,ECE Govt. Engg. College, Wayanad.
Computer Networks Group Universität Paderborn Ad hoc and Sensor Networks Chapter 9: Localization & positioning Holger Karl.

Computer Networks Group Universität Paderborn Ad hoc and Sensor Networks Chapter 9: Localization & positioning Holger Karl.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.

Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.
Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June 17-19 2002.

Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June
Using Directional Antennas to Prevent Wormhole Attacks Lingxuan Hu, David Evans Jason Buckingham CSCI 7143: Secure Sensor Networks November 2, 2004.

Using Directional Antennas to Prevent Wormhole Attacks Lingxuan Hu, David Evans Jason Buckingham CSCI 7143: Secure Sensor Networks November 2, 2004.
An Analysis of the Optimum Node Density for Ad hoc Mobile Networks Elizabeth M. Royer, P. Michael Melliar-Smith and Louise E. Moser Presented by Aki Happonen.

An Analysis of the Optimum Node Density for Ad hoc Mobile Networks Elizabeth M. Royer, P. Michael Melliar-Smith and Louise E. Moser Presented by Aki Happonen.
Murat Demirbas Youngwhan Song University at Buffalo, SUNY

Murat Demirbas Youngwhan Song University at Buffalo, SUNY
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)

Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
INSS 2009 June, 18 th 2009 Pittsburgh, USA Marcelo Martins, Hongyang Chen and Kaoru Sezaki University of Tokyo, Japan OTMCL: Orientation Tracking-based.

INSS 2009 June, 18 th 2009 Pittsburgh, USA Marcelo Martins, Hongyang Chen and Kaoru Sezaki University of Tokyo, Japan OTMCL: Orientation Tracking-based.
Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.

Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
A Probabilistic Approach to Collaborative Multi-robot Localization Dieter Fox, Wolfram Burgard, Hannes Kruppa, Sebastin Thrun Presented by Rajkumar Parthasarathy.

A Probabilistic Approach to Collaborative Multi-robot Localization Dieter Fox, Wolfram Burgard, Hannes Kruppa, Sebastin Thrun Presented by Rajkumar Parthasarathy.

Similar presentations

Ads by Google