Presentation is loading. Please wait.

Presentation is loading. Please wait.

SeRLoc: Secure Range-Independent Localization for Wireless Sensor Networks Radha Poovendran Network Security Lab University of Washington Protocol Exchange.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "SeRLoc: Secure Range-Independent Localization for Wireless Sensor Networks Radha Poovendran Network Security Lab University of Washington Protocol Exchange."— Presentation transcript:

1 SeRLoc: Secure Range-Independent Localization for Wireless Sensor Networks Radha Poovendran Network Security Lab University of Washington Protocol Exchange Meeting Feb 1-2, Naval Postgraduate School Graduate Student: Loukas Lazos

2 Radha Poovendran Seattle, Washington2 Motivation Secure Localization Problem SeRLoc Threats and defenses Performance Evaluation Conclusions Outline

3 Radha Poovendran Seattle, Washington3 Why do we need location in WSN? Access Control Location-dependent services Network functions Monitoring Apps

4 Radha Poovendran Seattle, Washington4 Location-based Access Control username Microphone Database query Access is decided based on the location of the user. Different privileges for various areas.

5 Radha Poovendran Seattle, Washington5 Geographical Routing A wants to send a message to B. A B Each node forwards the message to the neighbor closest to the destination. s1s1 s5s5 s9s9 s2s2 s4s4 s3s3 s6s6 s7s7 s8s8

6 Radha Poovendran Seattle, Washington6 Report Monitoring Information Monitor the structural health of the bridge. Sensors associate their location with the reporting data. Accelerometer

7 Radha Poovendran Seattle, Washington7 Localization Problem Choice of localization algorithm is based on: Resolution required Region of deployment Resource constraints of the devices Localization: Sensor Location Estimation How do sensors become aware of their position under non-deterministic deployment?

8 Radha Poovendran Seattle, Washington8 Classification of Loc. Schemes Indoors vs. Outdoors: GPS, Centroid (outdoors). RADAR, Active Bat, AhLos (indoors). Infrastructureless (I-L) vs. Infrastructure based (I- B): AhLos, Amorphous, DV-Hop (I-L). RADAR, Active Bat, AVL (I-B). Range-based (R-B) vs. Range-Independent (R-I): RADAR, Ahlos, GPS, Active Bat (R-B). APIT, DV-Hop, Amorphous, Centroid (R-I). Active vs. Passive Dv-hop, APIT (Active). RADAR (Passive).

9 Radha Poovendran Seattle, Washington9 Localization in un-trusted environment WSN may be deployed in hostile environments. Threats in sensor localization: External Replay attacks. Node Impersonation attacks. Internal Compromise of network entities. False location claims.

10 Radha Poovendran Seattle, Washington10 Secure Verification of Location Claims [Sastry et al. WISE 2002]. Location Privacy Privacy-aware Location Sensor Networks [Gruteser et al. USENIX 2003]. Secure Localization: Ensure robust location estimation even in the presence of adversaries. SeRLoc: [Lazos and Poovendran, WISE 2004]. S-GPS: [Kuhn 2004]. SPINE: [Capkun & Hubeaux, Infocom 2005]. Secure Location Services

11 Radha Poovendran Seattle, Washington11 Motivation Problem Description SeRLoc Threats and defense Performance Conclusions Outline

12 Radha Poovendran Seattle, Washington12 SeRLoc: SEcure Range-independent LOCalization. SeRLoc features Passive Localization. No ranging hardware required. Decentralized Implementation, Scalable. Robust against attacks - Lightweight security. Our Approach: SeRLoc

13 Radha Poovendran Seattle, Washington13 Locators: Randomly deployed Known Location, Orientation Directional Antennas (X 1, Y 1 ) (X 3, Y 3 ) (X 4, Y 4 ) (X 5, Y 5 ) (X 2, Y 2 ) Network Model Assumptions (1) Two-tier network architecture Sensors: Randomly deployed, unknown location r R Locator range R Beamwidth θ θ Omnidirectional Antennas Sensor range r Locator Sensor

14 Radha Poovendran Seattle, Washington14 Network Model Assumptions (2) Locator deployment: Homogeneous Poisson point process of rate ρ L (ρ L: Locator density). Sensor deployment: Poisson point process of rate ρ s independent of locator deployment (ρ s : sensor density). Or can be seen as random sampling of the deployment area with rate ρ s (ρ s >> ρ L ). LH s : Locators heard at a sensor s.

15 Radha Poovendran Seattle, Washington15 LocatorSensor L1L1 L4L4 L3L3 (0, 0) s L3L3 ROI The Idea of SeRLoc Each locator L i transmits information that defines the sector S i, covered by each transmission. Sensor defines the region of intersection (ROI) from all locators it hears.

16 Radha Poovendran Seattle, Washington16 The Idea of SeRLoc LocatorSensorROI L1L1 L4L4 L3L3 L2L2 Each locator L i transmits information that defines the sector S i, covered by each transmission. Sensor s defines the region of intersection (ROI), from all locators it hears. s

17 Radha Poovendran Seattle, Washington17 LocatorSensor L1L1 L4L4 L3L3 LocatorsCoordinatesSlopes L1:L1:(X 1, Y 1 )[θ 1,1, θ 1,2 ] L2:L2:(X 2, Y 2 )[θ 2,1, θ 2,2 ] L3:L3:(X 3, Y 3 )[θ 3,1, θ 3,2 ] L4:L4:(X 4, Y 4 )[θ 4,1, θ 4,2 ] The sensor collects information from all the locators that it can hear. SeRLoc – Step 1: Beacon reception (0, 0) L 2: (X 2, Y 2 ) θ2,1θ2,1 θ 2,2 s L4L4

18 Radha Poovendran Seattle, Washington18 Search Area (X min +R, Y max -R) (X min +R, Y min +R) (X max -R, Y min +R) (X max -R, Y max -R) 2R+X min - X max Sensor places a grid of equally spaced points into the search area. SeRLoc – Step 2: Search area LocatorSensor L1L1 L4L4 L3L3 L2L2 Define : X min = min { X i i  LH s } Y min = min { Y i i  LH s } X max = max { Y i i  LH s } Y max = max { Y i i  LH s } R R R Locators heard by the sensor (X 4, Y 4 ) (X 1, Y 1 ) (X 2, Y 2 ) (X 3, Y 3 ) s

19 Radha Poovendran Seattle, Washington19 ― Sensor holds a Grid Score Table (GST) initialized at zero. ― For every point in the grid and every sector heard, perform: ― Grid sector test: SeRLoc – Step 3: Grid-sector test LocatorSensor R: Locator’s Range L1L1 g: (x g,y g ) θ 1,2 θ 1,1 R θ ― If test positive increase score value by one.

20 Radha Poovendran Seattle, Washington20 SeRLoc – Step 4: ROI computation SensorSearch Area 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 … 1 1 1 2 3 3 3 3 4 4 4 3 3 3 3 3 3 1 1 2 2 2 3 4 4 4 4 4 4 4 3 3 2 2 1 1 2 2 4 4 4 4 4 4 4 4 4 4 3 3 2 2 2 2 2 3 4 4 4 4 4 4 4 4 3 2 2 2 2 2 3 3 3 3 4 4 4 4 4 4 3 3 2 2 2 2 2 2 3 3 3 3 4 4 4 4 3 3 2 2 2 2 1 2 2 2 3 3 3 3 4 4 3 2 2 2 3 4 3 2 2 2 3 3 3 3 3 2 2 2 2 1 1 1 1 1 … 0 0 0 0 1 1 1 1 0 0 0 0 0 0 0 0 0 ROI Majority vote: Points with highest score define the ROI. Error introduction due to discrete computation. Accuracy vs. Complexity tradeoff. GRID Score Table (GST)

21 Radha Poovendran Seattle, Washington21 Motivation Problem SeRLoc Threats and defense Performance High resolution localization: HiRLoc Conclusions Outline

22 Radha Poovendran Seattle, Washington22 Threats Attacker aims at displacing the sensors (false info is worse than no info). We do not address DoS attacks. We do not address jamming of the communication medium. [Lazos & Poovendran, IPSN 2005] L1L1 s

23 Radha Poovendran Seattle, Washington23 How can a sensor be displaced? In SeRLoc: Sensor gets false localization information. A) Replay beacons from a far-away region. B) Impersonate locators and fabricate beacons. How can we protect broadcasted localization information?

24 Radha Poovendran Seattle, Washington24 SeRLoc - Security mechanisms Message Encryption: Messages encrypted with a symmetric key K 0. Beacon Format: Locator’s coordinatesSlopes of the sector ID authentication Shared symmetric key L i : { (X i, Y i ) || (θ i,1, θ i,2 ) || (H n-j (PW i )), j } K0 Every sensor stores the values H n ( PW i ) for all the locators. A sensor can authenticate all locators that are within its range (one-hop authentication). PW i H 0 (Pw i ) H H 1 (Pw i )H n (Pw i ) HHH one-way hash function Hash chain Synchronization var

25 Radha Poovendran Seattle, Washington25 SeRLoc – Wormhole Attack L1L1 L4L4 L3L3 L2L2 L5L5 L8L8 L7L7 L6L6 THREAT MODEL The attacker records beacon information at region A No compromise of integrity, authenticity of the communication or crypto protocols. Direct link allows replay of the beacons in a timely fashion. sensorLocatorAttacker Region B Region A Record beacons Wormhole link Tunnels it via the wormhole link at region B, and replays the beacons. Sensor is misled to believe it hears the set of locators LH s : {L 1 - L 8 }.

26 Radha Poovendran Seattle, Washington26 Wormhole attack detection (1) Accept only single message per locator Multiple messages from the same locator are heard due to: – Multi-path effects; – Imperfect sectorization. – Replay attack. sensorLocator AcAc Wormhole link Attacker obstacle R R R : locator-to-sensor communication range.

27 Radha Poovendran Seattle, Washington27 Locators heard by a sensor cannot be more than 2 R apart sensorLocator AiAi AjAj Wormhole attack detection (2) Wormhole link Attacker 2R2R LiLi LjLj R : locator-to-sensor communication range. R R

28 Radha Poovendran Seattle, Washington28 Probability of wormhole detection The events of a locator being within any region A i, A j, A c are inde- pendent (Regions do not overlap). sensorLocator AiAi AjAj AcAc Wormhole attack detection (3) Wormhole link Attacker 2R2R

29 Radha Poovendran Seattle, Washington29 Wormhole attack detection (4) Probability of wormhole detection L 99.48%

30 Radha Poovendran Seattle, Washington30 Attach to Closest Locator Algorithm (ACLA) Resolution of location ambiguity L1L1 L4L4 L3L3 L2L2 L5L5 L8L8 L7L7 L6L6 Region B Region A A sensor needs to distinguish the valid set of locators from the replayed ones. Wormhole link 1.Sensor s  : Broadcasts a nonce η. 2.Locator L i  : Reply with a beacon + the nonce η, encrypted with the pair- wise key K s,Li. 3.Sensor s  : Identify the locator L c with the first authentic reply. 4.Sensor s  : A locator L i belongs to the valid set, only if it overlaps with the sector defined by the beacon of L c. Closest Locator

31 Radha Poovendran Seattle, Washington31 THREAT MODEL The attacker impersonates multiple locators (compromise of the globally shared key K 0 ). SeRLoc – Sybil Attack L1L1 L2L2 L3L3 L4L4 Impersonator Hence, compromise the majority-based scheme, if more than |LH s | locators impersonated. Collect hash values Attacker can fabricate arbitrary beacons.

32 Radha Poovendran Seattle, Washington32 In a Sybil attack, the sensor hears at least twice the number of locators it would normally hear. Define a threshold L max as the maximum allowable number of locators heard, such that: Sybil Attack detection (1) Probability of false alarmProbability of Sybil attack detection Design goal: Given security requirement δ, minimize false alarm probability ε.

33 Radha Poovendran Seattle, Washington33 Sybil Attack detection (2) Random locator deployment we can derive the L max value: 26 locators 5% 52 locators 99% Detection probability False alarm Probability

34 Radha Poovendran Seattle, Washington34 Sybil Attack defense Once a Sybil attack is detected, i.e. More than L max locators are heard: Execute ACLA to attach sensor’s position to the closest locator. Attacker needs to compromise the pairwise key between a locator and the sensor under attack to compromise ACLA. What if a locator is compromised?

35 Radha Poovendran Seattle, Washington35 SeRLoc – Compromised Locators Compromise of a locator L i  reveals K 0, seed PW i to the hash chain of the locator. Attacker can Impersonate the Closest Locator. Compromise the ACLA algorithm. Displace any sensor that uses ACLA. Need an Enhanced version of ACLA

36 Radha Poovendran Seattle, Washington36 Enhanced location determination algorithm L2L2 L3L3 L4L4 L5L5 L6L6 L1L1 L7L7 L8L8 L9L9 1. The sensor transmits a nonce with its ID and set LH s 2. Locators within r from the sensor relay the nonce. 3. Locators within R reply with a beacon + the nonce. 4. Sensor accepts first L max replies. Attacker has to compromise more than L max /2 locators, AND Replay before authentic replies arrive at s.

37 Radha Poovendran Seattle, Washington37 Motivation Secure Localization Problem SeRLoc Threats and defenses Performance Evaluation Conclusions Outline

38 Radha Poovendran Seattle, Washington38 Simulation setup: ― Random locator distribution with density ρ L. ― Random sensor distribution with density 0.5. Performance evaluation metric: : Sensor location estimation. s i : Sensor actual location. r : Sensor-to-sensor communication range. |S| : Number of sensors. Performance Evaluation

39 Radha Poovendran Seattle, Washington39 Localization Error vs. Avg. LH M number of antenna sectors. Each locator is equivalent to M reference points. In our simulation set up, SeRLoc outperforms most of the schemes. LH: Locators Heard

40 Radha Poovendran Seattle, Washington40 Localization error vs. antenna sectors Higher number of directional antennas (narrower sectors) reduces LH. More expensive hardware at each locator. LH: Locators Heard

41 Radha Poovendran Seattle, Washington41 Localization error vs. sector error Sector error: Fraction of sectors falsely estimated at each sensor. Even when 50% of the sectors are falsely estimated, LE < r for LH  6 SeRLoc is resilient against sector error due to the majority vote scheme.

42 Radha Poovendran Seattle, Washington42 Localization error vs. GPS error GPS Error ( GPSE ): Error in the locators’ coordinates. For GPSE = 1.8r and LH = 3, LE = 1.1r. DV-hop/Amorphous: LE = 1.1r requires LH = 5 with no GPSE. APIT: LE = 1.1r requires LH = 15 with no GPSE.

43 Radha Poovendran Seattle, Washington43 Communication Cost Communication cost is independent of the number of sensors. Communication cost increases with the locator density, or number of directional antennas at each locator.

44 Radha Poovendran Seattle, Washington44 Performance Summary  Increasing number of sectors:  Reduction in error and transmission power, but increased complexity.  Sensitivity to GPSE error:  GPSE=1.8r; Avg. LE=1.1r, requires:  SeRLoc needs LH=3.  Dv-Hop needs LH=5, no GPSE.  APIT needs LH=15, no GPSE.  Communication cost:  APIT requires |S|+|L|.  SeRLoc requires |L|*M. S: Set of sensors, L: Set of locators, M: # of antennas.

45 Radha Poovendran Seattle, Washington45 Summary and Conclusions  SeRLoc is a two-tier network architecture:  Locators: Known coordinates, sectored antennas, fixed transmission range.  Sensors: Passively determine their position, by intersecting the antenna sectors heard.  Resistance to attacks in WSN using:  Cryptographic primitives (encryption, hashing).  Geometric properties (Range of transmission).  Analytically evaluated level of security via spatial statistics.  Current developments:  Characterize wormhole Problem [UW+NRL; WCNC 2005]  Resistance to jamming attacks, analytical evaluation of error bounds [Lazos & Poovendran; ROPE 2005]

46 Radha Poovendran Seattle, Washington46 Conclusions  We need to secure location estimation to claim secure location-dependent functions/apps.  SeRLoc: SEcure Range-independent LOCalization  Robustly computes the location even in the presence of attacks.  Better performance than up-to-date range independent localization schemes.  Decentralized implementation, resilient to sources of error.  Current developments  Resistance to jamming attacks.  Analytical evaluation of error bounds.

47 Radha Poovendran Seattle, Washington47 Workshop on Secure Localization of Wireless Sensor Networks: June 2005, University of Washington. Workshop Announcement

Download ppt "SeRLoc: Secure Range-Independent Localization for Wireless Sensor Networks Radha Poovendran Network Security Lab University of Washington Protocol Exchange."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.

Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.
Localization for Mobile Sensor Networks ACM MobiCom 2004 Lingxuan HuDavid Evans Department of Computer Science University of Virginia.

Localization for Mobile Sensor Networks ACM MobiCom 2004 Lingxuan HuDavid Evans Department of Computer Science University of Virginia.
Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.

Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Distributed Detection of Node Replication Attacks in Sensor Networks Bryan Parno, Adrian Perrig Virgil Gligor Carnegie Mellon UniversityUniversity of Maryland.

Distributed Detection of Node Replication Attacks in Sensor Networks Bryan Parno, Adrian Perrig Virgil Gligor Carnegie Mellon UniversityUniversity of Maryland.
Fault-Tolerant Target Detection in Sensor Networks Min Ding +, Dechang Chen *, Andrew Thaeler +, and Xiuzhen Cheng + + Department of Computer Science,

Fault-Tolerant Target Detection in Sensor Networks Min Ding +, Dechang Chen *, Andrew Thaeler +, and Xiuzhen Cheng + + Department of Computer Science,
Computer Networks Group Universität Paderborn Ad hoc and Sensor Networks Chapter 9: Localization & positioning Holger Karl.

Computer Networks Group Universität Paderborn Ad hoc and Sensor Networks Chapter 9: Localization & positioning Holger Karl.
Range-Based and Range-Free Localization Schemes for Sensor Networks

Range-Based and Range-Free Localization Schemes for Sensor Networks
Robust Range-Independent Localization for Wireless Sensor Networks Radha Poovendran Joint work with Loukas Lazos Network Security Lab University of Washington.

Robust Range-Independent Localization for Wireless Sensor Networks Radha Poovendran Joint work with Loukas Lazos Network Security Lab University of Washington.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:

Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:
LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.

LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.
A Beacon-Less Location Discovery Scheme for Wireless Sensor Networks Lei Fang (Syracuse) Wenliang (Kevin) Du (Syracuse) Peng Ning (North Carolina State)

A Beacon-Less Location Discovery Scheme for Wireless Sensor Networks Lei Fang (Syracuse) Wenliang (Kevin) Du (Syracuse) Peng Ning (North Carolina State)
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Similar presentations

Ads by Google