Presentation is loading. Please wait.

Presentation is loading. Please wait.

Monte Carlo Techniques for Secure Localization ARO Workshop on Localization in Wireless Sensor Networks 14 June 2005 David.

Published byAusten Goodman Modified over 9 years ago

Similar presentations

Presentation on theme: "Monte Carlo Techniques for Secure Localization ARO Workshop on Localization in Wireless Sensor Networks 14 June 2005 David."— Presentation transcript:

1 Monte Carlo Techniques for Secure Localization ARO Workshop on Localization in Wireless Sensor Networks 14 June 2005 http://www.cs.virginia.edu/evans David Evans University of Virginia Computer Science

2 2 www.cs.virginia.edu/physicrypt Sensor Nodes MICA2Typical 2005 Desktop Memory644 KB (128 K program flash memory / 4 K config EEPROM / 512 K data) 400 x (just RAM) 130 000 x (hard drive) Processor Speed 7 MHz500 x Electrical Power ~40mW 2 AA batteries 2000 x ~100W (CPU only) Mass18 grams (+ batteries) 167 x 3kg MICA2 Mote (UCB/Crossbow)

3 3 www.cs.virginia.edu/physicrypt MICA2Typical 2004 Desktop Memory0.01 x (4K 14-bit words) 644 KB (128 K program flash memory / 4 K config EEPROM / 512 K data) 400 x (just RAM) 130 000 x (hard drive) Processor Speed 0.007 x (add in 20  s) 7 MHz500 x Electrical Power 1500 x ~70W ~40mW 2 AA batteries 2000 x ~100W (CPU only) Mass1667 x 30kg 18 grams (+ batteries) 167 x 3kg MICA2 Apollo Guidance Computer Photo: http://ed-thelen.org/comp-hist/ Typical 2005 Desktop

4 4 www.cs.virginia.edu/physicrypt MICA2Typical 2004 Desktop Memory0.01 x (4K 14-bit words) 644 KB (128 K program flash memory / 4 K config EEPROM / 512 K data) 400 x (just RAM) 130 000 x (hard drive) Processor Speed 0.007 x (add in 20  s) 7 MHz500 x Electrical Power 1500 x ~70W ~40mW 2 AA batteries 2000 x ~100W (CPU only) Mass1667 x 30kg 18 grams (+ batteries) 167 x 3kg MICA2 Apollo Guidance Computer Photo: http://ed-thelen.org/comp-hist/ Typical 2004 Desktop

5 5 www.cs.virginia.edu/physicrypt Sensor Network Applications Reindeer Tracking (Sámi Network Connectivity Project) Battlefield Event Tracking Volcano Monitoring http://www.eecs.harvard.edu/~werner/projects/volcano/ Photo: http://news.bbc.co.uk/1/hi/technology/2491501.stm

6 6 www.cs.virginia.edu/physicrypt This Talk Location Matters –How do nodes know where they are? Security (Sometimes) Matters –How can we provide trust without infrastructure? L. Hu and D. Evans. Localization for Mobile Sensor Networks. MobiCom 2004. L. Hu and D. Evans. Using Directional Antennas to Prevent Wormhole Attacks. NDSS 2004.

7 7 www.cs.virginia.edu/physicrypt Determining Location Direct approaches –Configured manually Expensive Not possible for ad hoc, mobile networks –GPS Expensive (cost, size, energy) Only works outdoors, on Earth Indirect approaches –Small number of seed nodes Seeds are configured or have GPS –Other nodes determine location based on messages received

8 8 www.cs.virginia.edu/physicrypt Hop-Count Techniques DV-HOP [Niculescu & Nath, 2003] Amorphous [Nagpal et. al, 2003] Works well with a few, well-located seeds and regular, static node distribution. Works poorly if nodes move or are unevenly distributed. r 1 1 2 2 3 3 3 3 4 4 4 4 4 5 5 6 7 8

9 9 www.cs.virginia.edu/physicrypt Local Techniques Centroid [Bulusu, Heidemann, Estrin, 2000]: Calculate center of all heard seed locations APIT [He, et. al, Mobicom 2003]: Use triangular regions Depend on a high density of seeds (with long transmission ranges)

10 10 www.cs.virginia.edu/physicrypt Our Goal (Reasonably) Accurate Localization in Mobile Networks Low Density, Arbitrarily Placed Seeds Range-free: no special hardware Low communication (limited addition to normal neighbor discovery)

11 11 www.cs.virginia.edu/physicrypt Scenarios NASA Mars Tumbleweed Image by Jeff Antol Nodes moving, seeds stationary Nodes and seeds moving Nodes stationary, seeds moving

12 12 www.cs.virginia.edu/physicrypt Our Approach: Monte Carlo Localization Adapts an approach from robotics localization Take advantage of mobility: –Moving makes things harder…but provides more information –Properties of time and space limit possible locations; cooperation from neighbors Frank Dellaert, Dieter Fox, Wolfram Burgard and Sebastian Thrun. Monte Carlo Localization for Mobile Robots. ICRA 1999.

13 13 www.cs.virginia.edu/physicrypt MCL: Initialization Initialization: Node has no knowledge of its location. L 0 = { set of N random locations in the deployment area } Node’s actual position

14 14 www.cs.virginia.edu/physicrypt MCL Step: Predict Node’s actual position Predict: Node guesses new possible locations based on previous possible locations and maximum velocity, v max Filter Filter: Remove samples that are inconsistent with observations Seed node: knows and transmits location r p(l t | l t-1 ) = c if d(l t, l t-1 ) < v max 0 if d(l t, l t-1 ) ≥ v max

15 15 www.cs.virginia.edu/physicrypt Observations Indirect Seed If node doesn’t hear a seed, but one of your neighbors hears it, node must be within distance (r, 2r] of that seed’s location. Direct Seed If node hears a seed, the node must (likely) be with distance r of the seed’s location S S

16 16 www.cs.virginia.edu/physicrypt Resampling Use prediction distribution to create enough sample points that are consistent with the observations. N = 20 is good, N = 50 is plenty

17 17 www.cs.virginia.edu/physicrypt Recap: Algorithm Initialization: Node has no knowledge of its location. L 0 = { set of N random locations in the deployment area } Iteration Step: Compute new possible location set L t based on L t-1, the possible location set from the previous time step, and the new observations. L t = { } while (size ( L t ) < N ) do R = { l | l is selected from the prediction distribution } R filtered = { l | l where l  R and filtering condition is met } L t = choose ( L t  R filtered, N )

18 18 www.cs.virginia.edu/physicrypt Convergence Node density n d = 10, seed density s d = 1 Localization error converges in first 10-20 steps 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2 05101520253035404550 Average Estimate Error ( r ) Time (steps) v max =.2r, s max =0 v max =r,s =0 v max =r,s =r

19 19 www.cs.virginia.edu/physicrypt Speed Helps and Hurts Increasing speed increases location uncertainty ̶ but provides more observations. 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0.10.20.40.60.811.21.41.61.82 Estimate Error ( r ) v max ( r distances per time unit) s d =1,s min =0,s max =v s d =1,s max =s min =r s d =2,s max =v s d =2,s max =s min =r Node density n d = 10

20 20 www.cs.virginia.edu/physicrypt 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2 2.2 2.4 2.6 2.8 3 0.10.511.522.533.54 Estimate Error ( r ) Seed Density MCL Centroid Amorphous Seed Density n d = 10, v max = s max =.2 r Better accuracy than other localization algorithms over range of seed densities Centroid: Bulusu, Heidemann and Estrin. IEEE Personal Communications Magazine. Oct 2000. Amorphous: Nagpal, Shrobe and Bachrach. IPSN 2003.

21 21 www.cs.virginia.edu/physicrypt Questionable Assumption: Radio Transmissions r Model: all nodes with distance r hear transmission, no nodes further away do r Reality: radio tranmissions are irregular

22 22 www.cs.virginia.edu/physicrypt Radio Irregularity n d = 10, s d = 1, v max = s max =.2 r Insensitive to irregular radio pattern 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2 0 0.10.20.30.40.5 Estimate Error ( r ) Degree of Irregularity ( r varies ± dr ) MCL Centroid Amorphous

23 23 www.cs.virginia.edu/physicrypt Questionable Assumption: Motion is Random Model: modified random waypoint Reality: environment creates motion

24 24 www.cs.virginia.edu/physicrypt Motion n d =10, v max = s max = r Adversely affected by consistent group motion 0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5 5.5 6 00.51246 0 1 1.5 2 2.5 3 3.5 4 4.5 5 5.5 6 00.51246 Estimate Error ( r ) Maximum Group Motion Speed ( r units per time step) s d =.3 s d =1 s d =2 0 1 2 3 4 020406080100120140160180200 Estimate Error ( r ) Time Random, v max = s max =.2 r Area Scan Random, v max =0, s max =.2 r Scan Stream and Currents Random Waypoint vs. Area Scan Controlled motion of seeds improves accuracy

25 25 www.cs.virginia.edu/physicrypt What about security?

26 26 www.cs.virginia.edu/physicrypt Localization Security Issues Denial-of-Service: prevent node from localizing –Global: jam GPS or radio transmissions –Local: disrupt a particular nodes localization Confidentiality: keep location secret Verifiability: prove your location to others Integrity –Attacker makes node think it is somewhere different from actual location

27 27 www.cs.virginia.edu/physicrypt MCL Advantages Filtering –Bogus seeds filter out possible locations –As long as one legitimate observation is received, worst attacker can do is denial-of-service Direct –Does not require long range seed-node communication Historical –Current possible location set reflects history of previous observations

28 28 www.cs.virginia.edu/physicrypt Authenticating Announcements (Simple, Insecure Version) 1. S  region ID S Broadcast identity 2. N  S ID N Send identity 3. S  N E K NS (L S ) Respond with location encrypted with shared key S N 1. ID S 2. ID N 3. E K NS (L S ) K NS is a pre-loaded pairwise shared key Vulnerable to simple replay attacks

29 29 www.cs.virginia.edu/physicrypt Authenticating Announcements 1. S  region ID S Broadcast identity 2. N  S R N | ID N Send nonce challenge 3. S  N E K NS (R N | L S ) Respond with location S N 1. ID S 2. R N | ID N Prevents simple replay attacks (but not wormhole attacks) 3. E K NS (R N | L S )

30 30 www.cs.virginia.edu/physicrypt Broadcast Authentication Requires asymmetry: –Every node can verify message –Only legitimate seed can create it Traditional approach: asymmetry of information (public/private keys) –Requires long messages: too expensive for sensor nodes Instead use time asymmetry

31 31 www.cs.virginia.edu/physicrypt Using Time Asymmetry Time n Time n + 1 Based on  Tesla: Perrig, et. al. 2002 KS n-1 | Sign ( ID S | L S, KS n ) f is a one-way function (easy to compute f(x), hard to invert) Initially: nodes know KS 0 = f max (x) for each seed seed knows x, calculates KS n = f max-n (x) Nodes verifies each key as it is received f (KS 0 ) = KS 1 Requires loose time synchronization Saves node transmissions, multiple seed transmissions KS n | Sign ( ID S | L S, KS n + 1 )

32 32 www.cs.virginia.edu/physicrypt Wormhole Attack X Y Attacker uses transceivers at two locations in the network to replay (selectively) packets at different location

33 33 www.cs.virginia.edu/physicrypt Protocol Idea Wormhole attack depends on a node that is not nearby convincing another node it is Periodically verify neighbors are really neighbors Only accept messages from verified neighbors

34 34 www.cs.virginia.edu/physicrypt Previous Solutions: Light Speed is Slow Distance Bounding –Light travels 1 ft per nanosecond (~4 cycles on modern PC!) Packet “Leashes” Use distance bounding to perform secure multilateration Need special hardware to instantly respond to received bits Yih-Chun Hu, Perrig and Johnson. INFOCOM 2003 Brands and Chaum, EUROCRYPT 1993 Capkun and Hubaux, 2004

35 35 www.cs.virginia.edu/physicrypt Our Approach: Use Direction Model based on [Choudhury and Vaidya, 2002] General benefits: power saving, less collisions Improve localization accuracy 1 23 4 56 North Aligned to magnetic North, so zone 1 always faces East Omnidirectional Transmission Directional Transmission from Zone 4

36 36 www.cs.virginia.edu/physicrypt Directional Neighbor Discovery A 1. A  RegionHELLO | ID A Sent by all antenna elements (sweeping) 2. B  AID B | E K BA (ID A | R | zone (B, A)) Sent by zone (B, A) element, R is nonce 3.A  BR Checks zone is opposite, sent by zone (A, B) B zone (B, A) = 4 is the antenna zone in which B hears A 1 23 4 56

37 37 www.cs.virginia.edu/physicrypt 1 23 4 56 A B zone (B, A[Y]) = 1 zone (A, B [X]) = 1 False Neighbor: zone (A, B) should be opposite zone (B, A) Detecting False Neighbors X Y

38 38 www.cs.virginia.edu/physicrypt A B zone (B, A[Y]) = 4 zone (A, B [X]) = 1 Undetected False Neighbor: zone (A, B) = opposite of zone (B, A) Not Detecting False Neighbors 1 23 4 56 X Y Directional neighbor discovery prevents 1/6 of false direct links…but doesn’t prevent disruption

39 39 www.cs.virginia.edu/physicrypt Observation: Cooperate! Wormhole can only trick nodes in particular locations Verify neighbors using other nodes Based on the direction from which you hear the verifier node, and it hears the announcer, can distinguish legitimate neighbor

40 40 www.cs.virginia.edu/physicrypt Verifier Region v zone (B, A) = 4 zone (V, A) = 3 1 23 4 56 A verifier must satisfy these two properties: 1. B and V hear A in different zones: zone (B, A) ≠ zone (V, A) proves B and V don’t hear A through wormhole 2. Be heard by B in a different zone: zone (B, A) ≠ zone (B, V) proves B is not hearing V through wormhole zone (B, A) = 4 zone (B, V) = 5 (one more constraint will be explained soon)

41 41 www.cs.virginia.edu/physicrypt Worawannotai Attack v B A Region 1 Region 2 X 1 23 56 23 4 56 V hears A and B directly A and B hear V directly But, A and B hear each other only through repeated X

42 42 www.cs.virginia.edu/physicrypt Preventing Attack 1. zone (B, A)  zone (B, V) 2. zone (B, A)  zone (V, A) 3. zone (B, V) cannot be both adjacent to zone (B, A) and adjacent to zone (V, A)

43 43 www.cs.virginia.edu/physicrypt V Verified Neighbor Discovery 1. A  RegionAnnouncement, done through sequential sweeping 2. B  AInclude nonce and zone information in the message 3. A  BCheck zone information and send back the nonce A B 4. INQUIRY | ID B | ID A | zone (B, A) 5. ID V | E KBV (ID A | zone (V, B)) Same as before 4. B  RegionRequest for verifier to validate A 5. V  BIf V is a valid verifier, sends confirmation 6. B  AAccept A as its neighbor and notify A

44 44 www.cs.virginia.edu/physicrypt Cost Analysis Communication Overhead –Adds messages for inquiry, verification and acceptance –Minimal for slow-changing networks Connectivity –How many legitimate links are lost because they cannot be verified?

45 45 www.cs.virginia.edu/physicrypt Lose Some Legitimate Links 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Link Discovery Probability Node Distance ( r ) Verified Protocol Strict Protocol (Preventing Worawannotai Attack) Network Density = 10 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Node Distance ( r ) 0 Verified Protocol Strict Protocol (Preventing Worawannotai Attack) Network Density = 3

46 46 www.cs.virginia.edu/physicrypt …but small effect on connectivity and routing 0 1 2 3 4 5 6 7 8 9 10 4 6 8 12 14 16 18 20 Average Path Length Omnidirectional Node Density Strict Protocol Trust All Verified Protocol Network density = 10 Verified protocol: 0.5% links are lost no nodes disconnected Strict protocol: 40% links are lost 0.03% nodes disconnected

47 47 www.cs.virginia.edu/physicrypt Dealing with Error 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 10 20 30 40 50 60 Ratio Maximum Directional Error Degree Lost Links, Strict Protocol Disconnected Nodes, Strict Protocol 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 10 20 30 40 50 60 Maximum Directional Error Degree Lost Links, Strict Protocol Disconnected Nodes Network Density = 10 Network Density = 3 Even with no control over antenna alignment, few nodes are disconnected

48 48 www.cs.virginia.edu/physicrypt Vulnerabilities Attacker with multiple wormhole endpoints –Can create packets coming from different directions to appear neighborly Antenna, orientation inaccuracies –Real transmissions are not perfect wedges Magnet Attacks –Protocol depends on compass alignment

49 49 www.cs.virginia.edu/physicrypt Conclusion Computing is moving into the real world: –Rich interfaces to environment –No perimeters Simple properties of physical world are useful: –Space and time can be used to achieve accurate localization cheaply –Space consistency requirements can prevent wormhole attacks

50 50 www.cs.virginia.edu/physicrypt Thanks! Students: Lingxuan Hu, Chalermpong Worawannotai Nathaneal Paul, Ana Nora Sovarel, Jinlin Yang, Joel Winstead Funding: NSF ITR, NSF CAREER, DARPA SRS For slides and paper links: http://www.cs.virginia.edu/evans/talks/aro/

Download ppt "Monte Carlo Techniques for Secure Localization ARO Workshop on Localization in Wireless Sensor Networks 14 June 2005 David."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Localization for Mobile Sensor Networks ACM MobiCom 2004 Lingxuan HuDavid Evans Department of Computer Science University of Virginia.

Localization for Mobile Sensor Networks ACM MobiCom 2004 Lingxuan HuDavid Evans Department of Computer Science University of Virginia.
Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.

Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
A Mobile Ad hoc Biosensor Network Muzammil KP S7,ECE Govt. Engg. College, Wayanad.

A Mobile Ad hoc Biosensor Network Muzammil KP S7,ECE Govt. Engg. College, Wayanad.
Computer Networks Group Universität Paderborn Ad hoc and Sensor Networks Chapter 9: Localization & positioning Holger Karl.

Computer Networks Group Universität Paderborn Ad hoc and Sensor Networks Chapter 9: Localization & positioning Holger Karl.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.

Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.
Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June 17-19 2002.

Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June
Using Directional Antennas to Prevent Wormhole Attacks Lingxuan Hu, David Evans Jason Buckingham CSCI 7143: Secure Sensor Networks November 2, 2004.

Using Directional Antennas to Prevent Wormhole Attacks Lingxuan Hu, David Evans Jason Buckingham CSCI 7143: Secure Sensor Networks November 2, 2004.
An Analysis of the Optimum Node Density for Ad hoc Mobile Networks Elizabeth M. Royer, P. Michael Melliar-Smith and Louise E. Moser Presented by Aki Happonen.

An Analysis of the Optimum Node Density for Ad hoc Mobile Networks Elizabeth M. Royer, P. Michael Melliar-Smith and Louise E. Moser Presented by Aki Happonen.
Murat Demirbas Youngwhan Song University at Buffalo, SUNY

Murat Demirbas Youngwhan Song University at Buffalo, SUNY
Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.

Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)

Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
INSS 2009 June, 18 th 2009 Pittsburgh, USA Marcelo Martins, Hongyang Chen and Kaoru Sezaki University of Tokyo, Japan OTMCL: Orientation Tracking-based.

INSS 2009 June, 18 th 2009 Pittsburgh, USA Marcelo Martins, Hongyang Chen and Kaoru Sezaki University of Tokyo, Japan OTMCL: Orientation Tracking-based.
Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.

Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

Similar presentations

Ads by Google