Cybersecurity in

Localization seminar: Security, robustness and

privacy in non-GNSS localization

Elena Simona Lohan, Philipp Richter, Helena Leppäkoski, Zhe

PengTampere University of Technology

INSURE teamContact: elena-simona.lohan@tut.fi

Outline

- Introduction and motivation- Non-GNSS localization chain - Positioning-related threats and mitigation approaches- Model assumptions in our research- (Some of) the investigated aspects:

- Indoor simulator - Crowdsourcing for RSS-based positioning- Faults and attacks on RSS in positioning- Received Signal Strength (RSS) quantization for secure

positioning protocols

- Conclusions25.1.2018www.cs.tut.fi/tlt/pos 2

Introduction: why non-GNSS

approaches?

25.1.2018 3

GNSS/ Outdoors• GNSS – down to cm-level

accuracy outdoors, but do notwork well in indoors

• Legacy GNSS relies on ’passive’receivers, i.e., no uplinkcommunication from receiver tosatellite -> fully private

• Increased accuracy/lowercomplexity can be achieved withAssisted and Cloud GNSS(AGNSS/CGNSS) solutions ->possible decrease in privacy;CGNSS still in incipient phase

Non-GNSS/ Indoors and outdoors

• GNSS solutions difficult indoors• => Non-GNSS & hybrid systems:

• Cellular; e.g., 5G: accuracy below 1 m in more than 80% of cases

• WiFi – widespread nowadays; low-cost solutions

• BLE/BLE mesh – less spread than WiFi; developping at fast speed

• IoT – emerging IoT-based positioning solutions, e.g., LoRa, Sigfox, NB-IoT ..

• Very dynamic environment; both private & less private approaches

Introduction: why to protect

the positioning information?

• “Mobility traces are highly unique”• As little as “four spatio-temporal points are

enough to uniquely identify 95% of the individuals”[Montjoye et al., “Unique in the Crowd: The privacy bounds

of human mobility” Nature, 2013]

But,- Privacy has different meanings for different individuals- Privacy can refer to : preserving one’s anonymity, preserving one’s

solitude, or keeping all/parts of own information secret- Privacy targets can depend on the service utility (e.g., less concerns

in health or emergency situations)

25.1.2018 4

Introduction: who might

have access to the location?

25.1.2018 5

LSP=Location solution (technology) provider

LBSP= Location Based Service provider

Introduction: what to

protect regarding location?

• Point-wise latitude, longitude, altitude coordinates• Track history of a person (e.g., moving from A to B

at certain times)• Data about the wireless environment accessible at

from user device (e.g., Access Nodes in range, visual or other types of landmarks, ...)

• ...

25.1.2018 6

Non-GNSS localization chain

25.1.2018 7

Network plane

User plane

Getting non-GNSS location

information

• No preeminent location system exist at the moment

25.1.2018 8

Direct solutions• Radio spectrum (cellular,

wireless PANs, wireless LANs, ..)

• Ultrasound• Visible light• Infra-red • Magnetic fields• Smells, ....

Indirect solutions• Facebook

postings/Check-in feature

• Twitter postings• ATMs & credit card use• Loyalty cards use

(shopping, cinema,...) • Using tolls on high-ways

(Some) positioning-related

threats• Malicious nodes: i) Spoofing: rogue

Access Node (AN) impersonates a legitimate one or ii) Sybil attack: rogue AN assumes multiple identities of legitimate ANs

• Environment-manipulation : placing large objects such as foils to attenuate signals used in localization

• Intentional RF interferences : wireless interferences in the desired transmission band

• Crowdsourcing errors : parts of data collected in crowdsourced mode for positioning is corrupt

• Un-trustable LSP, anonymizer, or LBSP

25.1.2018 9

Accuracy/granularity versus privacy:

Granularity Possible Attacks

Useful LBS

District level StalkingUn-wantedadvertising

Location-basedsocializing

Block level Publicdisclosure of unwanted info (e.g., at pub instead of work)

Automatic tollsGeofencing

Room level Identity theft E-healthEmergency servicesGamification

Example

25.1.2018 10

a) ’Attacker’ knows both MAC (AN ID) and RSS of access nodes heard by the ’spied’ user -> blue curve

b) ’Attacker’ knows MAC & coverage area of heard ANs -> red curve

c) ’Attacker’ knows only MAC of heard ANs -> black curve

‘Atacker’ examples: Android malware, WiFi monitoring app, …

Block level accuracies

Tests based on a 4-floor university building

Possible mitigation

approaches

25.1.2018 11

Method Stakeholderin charge

Challenges

Laws and policies to protect the privacy

Governments Typically slow process and only a general framework that must be filled sensibly by the service providers

Fully mobile-centric localization

LSP High computational complexity; high power consumption on battery-operated user devices; unfeasible for low-cost IoT sensors

Random user identities/ k-anonymity/spatial cloaking/obfuscation

LSP and Anonymizer

There is typically the need of a third party, called Anonymizer; Anonymizer need to be trusted; User’s identity can usually be easily inferred from 4 or more regular locations; also some of these techniques deteriorate the accuracy

New security protocols based on cryptography

LSP and Anonymizer

Anonymizer needed; Computational complexity; quantization errors; achieving low latency is challenging

Integrity (Outlier& interference detectors)

LSP Might be difficult if not enough apriori reliable information available

Proximity-based access LBSP Attackers found in the proximity of the user can still eavesdrop the user’s location

Model assumptions in our

research• Positioning algorithms based

on Received Signal Strength (RSS) approaches

• Most tests done with WiFi signals, but RSS approaches valid for a wide range of signals

• Indoor scenarios, multiple floors

• Intentional collection errors in the positioning databases

• RSS quantization needed for security protocols (to keep complexity at a minimum)

25.1.2018 12

Our contributions

• Creating a multi-wall multi-floor indoor environment simulator for RSS fluctuations, based on measurements

• Studying various crowdsourcing errors• Investigating the impact of various faults and

attacks on RSS in positioning• Analyzing the RSS quantization effects on

positioning (for secure positioning protocols)

25.1.2018 13

RSS indoor channel model

25.1.2018 14

• Multi-wall multi-floor path loss model based on floor plan information

• � = 10 �log � + ���1+

���2+ ���3+ �

• Distribution of path loss parameters estimated from real-life measurements

Plans to make it available in open access; now available on request

Crowdsourcing aspectsAndroid app for point-wise data collection from different devices (21 in our studies)

Collected data is available in open access

25.1.2018 15

A sufficient high number of crowdsourced fingerprints can yield a fingerprinting database similar to those systematically created by trained/dedicated personnel

Systematically collected

Attack Tolerance of RSS-

based fingerprinting (1/2)

Emulate Attacks

25.1.2018 16

Attack on AN affects RSS at all FP but only of certain AN:• AN attenuation adds constant bias to

RSS of ANs• AN removal disables ANs• AN interchange swap RSS of ANs• AN spoofing replace RSS AP with

RSS of spoofer

Attack on RSS affects all ANs but only FP in vicinity of attack :• Environment manipulation through

local RSS offset• Interferer adds noise with power

dependent on distance to RFI• Jammer disables ANs if jammer

power is above threshold

Attack Tolerance of RSS-

based fingerprinting (2/2)

Attacks on AN Attack on RSS

25.1.2018 17

� Good resilience to AN removal� Susceptible primarily to jamming, AN swapping, spoofing� MAC-only fingerprinting tends to be more robust to increased level of attacks

than RSS+MAC, but it has a lower accuracy level

Quantization of RSS (1/2)

25.1.2018 18

Why quantizing RSS?• Compress training database• Enable security through

cryptographic protocols at feasible complexity

How to quantize RSS?• Uniform quantization

• Simple• Most popular

• Non-uniform quantization• Complex • Smaller errors, larger

dynamic range

How to design a quantizer?1. Specify codebook/partition

based on input pdf2. Minimize average squared

quantization

→Specify codebook based on pdf of RSS of database;

Quantization of RSS (2/2)

25.1.2018 19

Non-uniform quantizerUniform quantizer

Original

Quantized[dB]

Quantizedand encoded

Positioning with quantized

RSS

Positioning accuracy

25.1.2018 20

• Similar results for floor detection rate in %

�3-4 bits seem enough�Positioning methods

affects more than type of quantization

�k-NN with Sorensen distance outperforms other distances

Conclusions

Localization information can enable a variety of useful Location Based Services

but,

There are always also unanticipated uses of location data-> location privacy should be improved

21

Further readings & open-access

data

• Project webpage: www.insure-project.org• Open-access databases with fingerprints collected with various devices and

Matlab&Python codes for indoor positioning can be found at http://www.cs.tut.fi/tlt/posRelated publications of our team:1. L. Chen, S. Thombre, K. Järvinen, E.S. Lohan, P. Korpisaari, H. Kuusniemi, H. Leppäkoski, S. Honkala, M.Z. H.

Bhuiyan, L. Ruotsalainen, G.N. Ferrara, S. Bu-Pasha, “Robustness, Security, and Privacy in Location-BasedServices for Future IoT”, in IEEE Access, vol. 5, no. , pp. 8956-8977, 2017.doi: 10.1109/ACCESS.2017.2695525

2. E.S. Lohan, J. Torres-Sospedra, H. Leppäkoski, P. Richter, Z. Peng, J. Huerta, “Wi-Fi Crowdsourced FingerprintingDataset for Indoor Positioning”, MDPI Data 2017; 2(4):32, Oct 2017, doi:10.3390/data2040032,http://www.mdpi.com/2306-5729/2/4/32

3. E.S. Lohan, P. Richter, V. Lucas-Sabola, J.A. López-Salcedo, G. Seco-Granados, H. Leppäkoski, E. SernaSantiago, “Location privacy challenges and solutions – Part 1: GNSS localization”, in InsideGNSS, Sep/Oct 2017,http://www.insidegnss.com/node/5617

4. E.S. Lohan, P. Richter, V. Lucas-Sabola, J.A. López-Salcedo, G. Seco-Granados, H. Leppäkoski, E. SernaSantiago, “Location privacy challenges and solutions – Part 2: Hybrid and non-GNSS localization”, In InsideGNSS,Nov/Dec 2017, http://www.insidegnss.com/node/5703

5. G. M. Mendoza-Silva, P. Richter, J. Torres-Sospedra, E.S. Lohan, J. Huerta, “Long-Term WiFi fingerprinting datasetfor research on robust indoor positioning”, MDPI Data, an 2018, 3(1), 3; doi:10.3390/data3010003,http://www.mdpi.com/2306-5729/3/1/3/

6. E.S. Lohan, A. Alén-Savikko, L. Chen, K. Järvinen, H. Leppäkoski, H. Kuusniemi, P. Korpisaari, “5G positioning:security and privacy aspects”, chapter 13 in Wiley book “Comprehensive Guide to 5G Security book” (Liyange et al.eds.), Jan 2018, ISBN 9781119293088

7. P. Richter, M. Valkama, E.S. Lohan, “Attack Tolerance of RSS-based Fingerprinting”, in Proc. of IEEE WNCNconference, Apr 2018, Barcelona, Spain

8. Z. Peng, P. Richter, H. Leppäkoski, and E.S. Lohan, “Analysis of crowdsensed WiFi fingerprints for indoorlocalization”, in Proc. of FRUCT conference, Nov 2017, Helsinki, Finland