Presentation is loading. Please wait.

Presentation is loading. Please wait.

LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006."— Presentation transcript:

1 LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006

2 Why Location-Based Access Control? Previous user identity- based access control approaches cannot verify Physical location of the access requester, which plays an important role in determining access rights  Secure verification of location claims is required Secure verification of location claims  Natural  No need to establish shared secrets in advance Information about Location can strengthen access control policy  Not just which subject is accessing what object  Where the subject and object are located Subject belongs to a location group as long as she can listen to one of the beacons in that group

3 Previous Works Hardware dependency to determine location  GPS  Temper resistant device  Ultrasonic signals Need central server Expensive crypto and overhead  PKI, DH key exchange

4 Properties No servers No pre-registration No expensive crypto No expensive hardware (e.g. GPS) Low communication/computation Different from localization problem

5 Notation

6 Protocol Description Each access point (AP j )periodically broadcasts its nonce (r j )  Assume each AP j knows other AP's nonces (r j ) through a secure channel A mobile station (MS i ) collects nonces of the access points MS i derives its location key (k i ) by XOR-ing all the nonces of access points MS i constructs its access request (AR i ) using hash of k i and claims its location to its associated access point with it.  If MS i is located in the access-granted area, it can access to the resource  o/w, it cannot access it This system is secure if each entity does not collude each other Assume trust AP  not mutual authentication.

7 What is AP group ? Define three AP groups:  G1={AP1, AP2},  G2={AP3, AP4},  G3={AP1, AP4} Each AP's group:  AP1 is in G1, G3  AP2 is in G1  AP3 is in G2  AP4 is in G2,G3 G1G1 G2G2 G3G3 Access-Granted Area

8 1) 2) 3)

9 Security Analysis Insecure nonce combination  RNG with k=|nonce|  80 bits Bogus location claim  zero-false positive with Interval T < Speed of MS  cf. GPS error, sector error, etc.

10 Security Analysis (cont.) Wormhole attack

11 Security Analysis (cont.) The Sybil attack Simple solution  Assume each mobile station has APs Certificates of each  Using AP's signature of BBM Better solution? Man-in-the-Middle Attack?

12 Efficiency Estimation Various Hash Function Computation Times ( μseconds) based on the Crypto++ 5.2.1 benchmark tested on the AMD Opteron 1.6 GHz processor under Linux 2.4.21. Let |nonce|= 80 bits and |ID|=8 bits and use 160-bit SHA-1  Computation Time Only 0.147 μseconds to compute access request of mobile station side  Communication Load |BBM|  80 + 8 + 8*|L|*|N| bits of each access point |AR| = 160 bits of each mobile station  Storage Requirement For the mobile stations, there is no storage requirement

13 Simulation Result Simulation condition  23 MSs, 2 APs  802.11 propagation and path-loss model in the free-space model without a routing protocol between mobile stations  Two access points broadcast beacons with nonces (r1, r2) 1000 times in every broadcasting interval  False positive rate with various nonce sizes |r 1 | = |r 2 | = 4, 8, 16 bits of access points under T=  =1 second of static mobile station model False positive rate with various T=1, 2, 4, 8 seconds with  = 1 second T  under |r 1 | = |r 2 | = 16 bits of randomly moving mobile station model

14 Application and Extension HotSpot  Cyber Cafe, coffee shop, airport Data encryption key as well as access control key Location Tracking  Sensor network

15 Future Work Scalability Applicable to Sensor Network LBS (Location Based Services)  Location Tracking  Location Privacy  Secure Data Aggregation

16 Conclusion Easy Simple Cheap Practical Applicable

17 Q & A

Download ppt "LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.

Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
Www.mobilevce.com © 2004 Mobile VCE 3G 20041. www.mobilevce.com © 2004 Mobile VCE 3G 20042 19 th October 2004 Regional Blackouts: Protection of Broadcast.

© 2004 Mobile VCE 3G © 2004 Mobile VCE 3G th October 2004 Regional Blackouts: Protection of Broadcast.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Location Based Trust for Mobile User – Generated Content : Applications, Challenges and Implementations Presented By : Anand Dipakkumar Joshi USC.

Location Based Trust for Mobile User – Generated Content : Applications, Challenges and Implementations Presented By : Anand Dipakkumar Joshi USC.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Www.mobilevce.com © 2004 Mobile VCE June 2004 Security – Requirements and approaches to securing future mobile services Malcolm K Payne BT.

© 2004 Mobile VCE June 2004 Security – Requirements and approaches to securing future mobile services Malcolm K Payne BT.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
G22.3250-001 Robert Grimm New York University Using Encryption for Authentication in Computer Networks.

G Robert Grimm New York University Using Encryption for Authentication in Computer Networks.
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
A Secure Network Access Protocol (SNAP) A. F. Al Shahri, D. G. Smith and J. M. Irvine Proceedings of the Eighth IEEE International Symposium on Computers.

A Secure Network Access Protocol (SNAP) A. F. Al Shahri, D. G. Smith and J. M. Irvine Proceedings of the Eighth IEEE International Symposium on Computers.
Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.

Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

Similar presentations

Ads by Google