Upload
vuquynh
View
215
Download
0
Embed Size (px)
Citation preview
Cybersecurity in
Localization seminar: Security, robustness and
privacy in non-GNSS localization
Elena Simona Lohan, Philipp Richter, Helena Leppäkoski, Zhe
PengTampere University of Technology
INSURE teamContact: [email protected]
Outline
- Introduction and motivation- Non-GNSS localization chain - Positioning-related threats and mitigation approaches- Model assumptions in our research- (Some of) the investigated aspects:
- Indoor simulator - Crowdsourcing for RSS-based positioning- Faults and attacks on RSS in positioning- Received Signal Strength (RSS) quantization for secure
positioning protocols
- Conclusions25.1.2018www.cs.tut.fi/tlt/pos 2
Introduction: why non-GNSS
approaches?
25.1.2018 3
GNSS/ Outdoors• GNSS – down to cm-level
accuracy outdoors, but do notwork well in indoors
• Legacy GNSS relies on ’passive’receivers, i.e., no uplinkcommunication from receiver tosatellite -> fully private
• Increased accuracy/lowercomplexity can be achieved withAssisted and Cloud GNSS(AGNSS/CGNSS) solutions ->possible decrease in privacy;CGNSS still in incipient phase
Non-GNSS/ Indoors and outdoors
• GNSS solutions difficult indoors• => Non-GNSS & hybrid systems:
• Cellular; e.g., 5G: accuracy below 1 m in more than 80% of cases
• WiFi – widespread nowadays; low-cost solutions
• BLE/BLE mesh – less spread than WiFi; developping at fast speed
• IoT – emerging IoT-based positioning solutions, e.g., LoRa, Sigfox, NB-IoT ..
• Very dynamic environment; both private & less private approaches
Introduction: why to protect
the positioning information?
• “Mobility traces are highly unique”• As little as “four spatio-temporal points are
enough to uniquely identify 95% of the individuals”[Montjoye et al., “Unique in the Crowd: The privacy bounds
of human mobility” Nature, 2013]
But,- Privacy has different meanings for different individuals- Privacy can refer to : preserving one’s anonymity, preserving one’s
solitude, or keeping all/parts of own information secret- Privacy targets can depend on the service utility (e.g., less concerns
in health or emergency situations)
25.1.2018 4
Introduction: who might
have access to the location?
25.1.2018 5
LSP=Location solution (technology) provider
LBSP= Location Based Service provider
Introduction: what to
protect regarding location?
• Point-wise latitude, longitude, altitude coordinates• Track history of a person (e.g., moving from A to B
at certain times)• Data about the wireless environment accessible at
from user device (e.g., Access Nodes in range, visual or other types of landmarks, ...)
• ...
25.1.2018 6
Getting non-GNSS location
information
• No preeminent location system exist at the moment
25.1.2018 8
Direct solutions• Radio spectrum (cellular,
wireless PANs, wireless LANs, ..)
• Ultrasound• Visible light• Infra-red • Magnetic fields• Smells, ....
Indirect solutions• Facebook
postings/Check-in feature
• Twitter postings• ATMs & credit card use• Loyalty cards use
(shopping, cinema,...) • Using tolls on high-ways
(Some) positioning-related
threats• Malicious nodes: i) Spoofing: rogue
Access Node (AN) impersonates a legitimate one or ii) Sybil attack: rogue AN assumes multiple identities of legitimate ANs
• Environment-manipulation : placing large objects such as foils to attenuate signals used in localization
• Intentional RF interferences : wireless interferences in the desired transmission band
• Crowdsourcing errors : parts of data collected in crowdsourced mode for positioning is corrupt
• Un-trustable LSP, anonymizer, or LBSP
25.1.2018 9
Accuracy/granularity versus privacy:
Granularity Possible Attacks
Useful LBS
District level StalkingUn-wantedadvertising
Location-basedsocializing
Block level Publicdisclosure of unwanted info (e.g., at pub instead of work)
Automatic tollsGeofencing
Room level Identity theft E-healthEmergency servicesGamification
Example
25.1.2018 10
a) ’Attacker’ knows both MAC (AN ID) and RSS of access nodes heard by the ’spied’ user -> blue curve
b) ’Attacker’ knows MAC & coverage area of heard ANs -> red curve
c) ’Attacker’ knows only MAC of heard ANs -> black curve
‘Atacker’ examples: Android malware, WiFi monitoring app, …
Block level accuracies
Tests based on a 4-floor university building
Possible mitigation
approaches
25.1.2018 11
Method Stakeholderin charge
Challenges
Laws and policies to protect the privacy
Governments Typically slow process and only a general framework that must be filled sensibly by the service providers
Fully mobile-centric localization
LSP High computational complexity; high power consumption on battery-operated user devices; unfeasible for low-cost IoT sensors
Random user identities/ k-anonymity/spatial cloaking/obfuscation
LSP and Anonymizer
There is typically the need of a third party, called Anonymizer; Anonymizer need to be trusted; User’s identity can usually be easily inferred from 4 or more regular locations; also some of these techniques deteriorate the accuracy
New security protocols based on cryptography
LSP and Anonymizer
Anonymizer needed; Computational complexity; quantization errors; achieving low latency is challenging
Integrity (Outlier& interference detectors)
LSP Might be difficult if not enough apriori reliable information available
Proximity-based access LBSP Attackers found in the proximity of the user can still eavesdrop the user’s location
Model assumptions in our
research• Positioning algorithms based
on Received Signal Strength (RSS) approaches
• Most tests done with WiFi signals, but RSS approaches valid for a wide range of signals
• Indoor scenarios, multiple floors
• Intentional collection errors in the positioning databases
• RSS quantization needed for security protocols (to keep complexity at a minimum)
25.1.2018 12
Our contributions
• Creating a multi-wall multi-floor indoor environment simulator for RSS fluctuations, based on measurements
• Studying various crowdsourcing errors• Investigating the impact of various faults and
attacks on RSS in positioning• Analyzing the RSS quantization effects on
positioning (for secure positioning protocols)
25.1.2018 13
RSS indoor channel model
25.1.2018 14
• Multi-wall multi-floor path loss model based on floor plan information
• � = 10 �log � + ���1+
���2+ ���3+ �
• Distribution of path loss parameters estimated from real-life measurements
Plans to make it available in open access; now available on request
Crowdsourcing aspectsAndroid app for point-wise data collection from different devices (21 in our studies)
Collected data is available in open access
25.1.2018 15
A sufficient high number of crowdsourced fingerprints can yield a fingerprinting database similar to those systematically created by trained/dedicated personnel
Systematically collected
Attack Tolerance of RSS-
based fingerprinting (1/2)
Emulate Attacks
25.1.2018 16
Attack on AN affects RSS at all FP but only of certain AN:• AN attenuation adds constant bias to
RSS of ANs• AN removal disables ANs• AN interchange swap RSS of ANs• AN spoofing replace RSS AP with
RSS of spoofer
Attack on RSS affects all ANs but only FP in vicinity of attack :• Environment manipulation through
local RSS offset• Interferer adds noise with power
dependent on distance to RFI• Jammer disables ANs if jammer
power is above threshold
Attack Tolerance of RSS-
based fingerprinting (2/2)
Attacks on AN Attack on RSS
25.1.2018 17
� Good resilience to AN removal� Susceptible primarily to jamming, AN swapping, spoofing� MAC-only fingerprinting tends to be more robust to increased level of attacks
than RSS+MAC, but it has a lower accuracy level
Quantization of RSS (1/2)
25.1.2018 18
Why quantizing RSS?• Compress training database• Enable security through
cryptographic protocols at feasible complexity
How to quantize RSS?• Uniform quantization
• Simple• Most popular
• Non-uniform quantization• Complex • Smaller errors, larger
dynamic range
How to design a quantizer?1. Specify codebook/partition
based on input pdf2. Minimize average squared
quantization
→Specify codebook based on pdf of RSS of database;
Quantization of RSS (2/2)
25.1.2018 19
Non-uniform quantizerUniform quantizer
Original
Quantized[dB]
Quantizedand encoded
Positioning with quantized
RSS
Positioning accuracy
25.1.2018 20
• Similar results for floor detection rate in %
�3-4 bits seem enough�Positioning methods
affects more than type of quantization
�k-NN with Sorensen distance outperforms other distances
Conclusions
Localization information can enable a variety of useful Location Based Services
but,
There are always also unanticipated uses of location data-> location privacy should be improved
21
Further readings & open-access
data
• Project webpage: www.insure-project.org• Open-access databases with fingerprints collected with various devices and
Matlab&Python codes for indoor positioning can be found at http://www.cs.tut.fi/tlt/posRelated publications of our team:1. L. Chen, S. Thombre, K. Järvinen, E.S. Lohan, P. Korpisaari, H. Kuusniemi, H. Leppäkoski, S. Honkala, M.Z. H.
Bhuiyan, L. Ruotsalainen, G.N. Ferrara, S. Bu-Pasha, “Robustness, Security, and Privacy in Location-BasedServices for Future IoT”, in IEEE Access, vol. 5, no. , pp. 8956-8977, 2017.doi: 10.1109/ACCESS.2017.2695525
2. E.S. Lohan, J. Torres-Sospedra, H. Leppäkoski, P. Richter, Z. Peng, J. Huerta, “Wi-Fi Crowdsourced FingerprintingDataset for Indoor Positioning”, MDPI Data 2017; 2(4):32, Oct 2017, doi:10.3390/data2040032,http://www.mdpi.com/2306-5729/2/4/32
3. E.S. Lohan, P. Richter, V. Lucas-Sabola, J.A. López-Salcedo, G. Seco-Granados, H. Leppäkoski, E. SernaSantiago, “Location privacy challenges and solutions – Part 1: GNSS localization”, in InsideGNSS, Sep/Oct 2017,http://www.insidegnss.com/node/5617
4. E.S. Lohan, P. Richter, V. Lucas-Sabola, J.A. López-Salcedo, G. Seco-Granados, H. Leppäkoski, E. SernaSantiago, “Location privacy challenges and solutions – Part 2: Hybrid and non-GNSS localization”, In InsideGNSS,Nov/Dec 2017, http://www.insidegnss.com/node/5703
5. G. M. Mendoza-Silva, P. Richter, J. Torres-Sospedra, E.S. Lohan, J. Huerta, “Long-Term WiFi fingerprinting datasetfor research on robust indoor positioning”, MDPI Data, an 2018, 3(1), 3; doi:10.3390/data3010003,http://www.mdpi.com/2306-5729/3/1/3/
6. E.S. Lohan, A. Alén-Savikko, L. Chen, K. Järvinen, H. Leppäkoski, H. Kuusniemi, P. Korpisaari, “5G positioning:security and privacy aspects”, chapter 13 in Wiley book “Comprehensive Guide to 5G Security book” (Liyange et al.eds.), Jan 2018, ISBN 9781119293088
7. P. Richter, M. Valkama, E.S. Lohan, “Attack Tolerance of RSS-based Fingerprinting”, in Proc. of IEEE WNCNconference, Apr 2018, Barcelona, Spain
8. Z. Peng, P. Richter, H. Leppäkoski, and E.S. Lohan, “Analysis of crowdsensed WiFi fingerprints for indoorlocalization”, in Proc. of FRUCT conference, Nov 2017, Helsinki, Finland