Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Secure Localization
Presented byEric Chen, Frank Mokaya, Yu Seung Kim
west.cmu.edu 1
April 19, 2011
Contents
• Introduction• SeRLoc: Robust Localization for
Wireless Sensor Networks - Frank• Distance Bounding in Noisy
Environments – Yu Seung• Secure Positioning in Wireless
Networks - Eric
west.cmu.edu2
Introduction
• Range-based algorithms– Estimating distance to landmarks
based on various physical properties (e.g., RSS, ToA, TDoA)
– Ex) Distance Bounding Protocol• Range-free algorithms
– Using coarser metrics to place bounds on candidate positions
– Ex) SeRLocwest.cmu.edu
3
SeRLoc: Robust Localization for Wireless Sensor Networks
Loukas Lazos and Radha Poovendran ACM Transactions on Sensor Networks 2005
Presented by Frank
west.cmu.edu 4
Secure Localization for WSNs• WSNs monitor important vulnerable
systems: buildings, disaster mgmt.– Sensors need to have accurate location info
• Because of hostile environment, WSNs are vulnerable to many threats– Wrong location info can mean a lost life e.g.
in disaster response scenario• In short: We need Secure Localization
– Ensure robust location estimation even in the presence of adversaries
What threats are you talking about?• External
– Replay Attacks: • worm-hole attack
– Node impersonation attacks:• Sybil attack
• Internal– Other Compromise of network entities
• Sensor and Locator node capture• Not addressed
– Phy layer attacks: Jamming– MAC layer attacks: DoS
Solution? SeRLoc: SEcure Range-Independent LOCalization
• SeRLOC features– Two- tier network architecture– Range-less location estimation– Decentralized implementation– Robustness against security threats
Locators (Li): Randomly deployed
Known Location, Orientation
(X1, Y1)
SeRLOC Overview & AssumptionsSensors (Si): Randomly deployed, unknown location r
RLocator range R
Beamwidth θ
θ
Sensor range r
(X2, Y2)
(X3, Y3)
Locator
Sensor
Li : Directional Antennas
Si : Omnidirectional Antennas
©Radha Poovendran Seattle, Washington
ROILocator Sensor
L1
L4
L3(0, 0)
sL3
What’s the Idea behind SeRLoc?
• Location data gathering:– Each Locator Li transmits
information that defines the sector Seci
• Search Area Identified: – Each Sensor Si defines a
region of interest for its location based on all Locators LHs heard by Si
©Radha Poovendran Seattle, Washington
SeRLoc – ROI computationGRID Score Table (GST)
Sensor Search Area 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 2 3 3 3 3 4 4 4 3 3 3 3 3 3 1 1 2 2 2 3 4 4 4 4 4 4 4 3 3 2 21 1 2 2 4 4 4 4 4 4 4 4 4 4 3 3 22 2 2 2 3 4 4 4 4 4 4 4 4 3 2 2 22 2 3 3 3 3 4 4 4 4 4 4 3 3 2 2 22 2 2 3 3 3 3 4 4 4 4 3 3 2 2 2 21 2 2 2 3 3 3 3 4 4 3 2 2 2 3 4 32 2 2 3 3 3 3 3 2 2 2 2 1 1 1 1 10 0 0 0 1 1 1 1 0 0 0 0 0 0 0 0 0
ROI
©Radha Poovendran Seattle, Washington
• Majority vote: Points with highest score in search area define the ROI
• Location set S: S : (xest, yest ) = (1n
xgii=1
n
∑ , 1n
ygii=1
n
∑ )
Security Mechanisms in SeRLOC1. Encryption: ensures authenticity of locators
– All beacons from locators encrypted with symmetric key K0
– Sensors have symmetric pairwise keys KsLi, with locators Li
– Locators use master Key KLi to derive KsLi using a pseudorandom function h, & unique sensor IDs: KsLi = hKLi(IDs)
– Scalability? Expansion prospects?• Preload sensors with extra keys• Use secret quantity known only to admin. Use this
quantity to load new keys
Security Mechanisms in SeRLOC2. Locator ID authentication: Ensures malicious
sensors cant inject bogus info into network– Based on efficient collision-resistant one-way hash
chains to provide locator ID authentication– Each locator Li has password PWi derived by use of
hash function e.g. SHA1 s.t. • H(PWi) = H(PWj) if and only if PWi = PWj
– Each sensor preloaded with table of locator IDs and corresponding hash values Hn(PWi): n ->large no.
– Each beacon from Li includes hash value Hn-j(Pwi)– Jth rec’d beacon verified if
• H(Hn-j+1(PWi)) = Hn-j(PWi)– After verification hash counter incremented so as
to process only one beacon from Li per time
Threat Analysis• Wormhole attack (WH): messages at one end
of link tunneled and replayed at a target destination point
L1 L3
L2 L4 L6
L5
Wormhole link
• Attacker records beacons at 2 and replays them at 1 through wormhole
• Sensor at 1 misled to believe it can hear L1-L6
1
2
(WH) Detection and Defense• Single Message/sector per locator
property– all sector beacons tx’d simultaneously– Same but fresh hash used for auth.– As a result sensor accepts one msg/ Li– Hearing >1 sector from a locator means
that attack is underway– Multipath, imperfect sectorization
effects treated as attack
(WH) Detection and Defense• Communication Range constraint
property– Sensor cannot hear two locators Li, Lj :
{LHs} more than 2R apart. R is range of transmission of each locator
– Violation means attack is underway
Ai
Aj
Wormhole link
2R
Li LjR
R
RLL ji 2≤−
Threat Analysis• Sybil attack (SA): adversary fabricates legit
node IDs or impersonates multiple network entities. Essentially, globally shared key K0 compromised
• Once K0breached, attacker can:– Insert bogus location info into the network – attach an already published hash value from a
locator not heard by the sensor under attack, and encrypt it with the compromised K0
– Impersonate a higher number of locators than LHs and compromise majority voting scheme
Detection and Defense• Specify a threshold Lmax as the
maximum allowable number of locators heard by each sensor
• If a sensor hears more than Lmax locators, it assumes attack – Select Lmax so P(|LHs| ≥ Lmax) is low
and P(|LHs| > Lmax /2) is high• Sensor binds to Closest Locator using
Closest Locator Algorithm (CLA) to determine its position
Distance Bounding in Noisy Environments
Dave Singelee and Bart PreneelESAS ’07
Presented by Yu Seung
west.cmu.edu
18
Proximity Based Authentication
west.cmu.edu19
Distance Bounding Protocols
• Determining an upper bound on the distance between V and P
• Distance sources– RSS, AoA, ToF– Attacker can mislead the signal
strength by using directional antenna
west.cmu.edu20
Attacks Against DBP
• Mafia fraud attacks (a.k.a. relay attacks)– An intruder close to V can identify itself to V as P
west.cmu.edu21
• Terrorist fraud attacks– Collaboration between P and intruder
Design Principles of secure DBP
• P has to identify itself (ex. shared secret key)• To prevent mafia fraud attacks, DBP should
have a challenge-response protocol– the challenge should be unpredictable and the
response should depend on the challenge• To prevent terrorist fraud attacks,
– Using private (or symmetric key)– Using trusted hardware
• Communication process should be minimized
west.cmu.edu22
DBP by Brands and Chaum
• Proposed in EUROCRYPT ‘93
west.cmu.edu23
Start of rapid bit exchange
End of rapid bit exchange
verify commit
verify sign(m)
}1,0{ℜ∈im }1,0{ℜ∈iα
P V)||( 1 kmmcommit
iα
iβiii m⊕← αβ
)()_( 1 msigncommitopenkkm βαβα |||| 11 ←
kkm βαβα |||| 11 ←
MAD by Capkun et al.
• Mutual authentication protocol using DBP
• Both parties estimate an upper bound on the distance between themselves
west.cmu.edu24
RFID Protocol by Hancke and Kuhn
• Proposed in SecureComm 2005• Designed to cope with bit errors during
the fast bit exchanges• Useful in noisy environments such as RFID• For given the security parameter x and the
n fast bit exchanges, DBP succeeds if at least (n-x) of the responses are correct
west.cmu.edu25
RFID Protocol (cont.)
west.cmu.edu26
Noise Resilient MAD
• Combining the strengths of MAD and RFID– Mutual entity authentication– Resilient to bit errors during the exchange
• Exchanging all challenges and responses again on a slower channel with error correction with MAD too costly
• Instead, extends k bits to n bits based on ECC in initial phase and exchanges n bits
west.cmu.edu27
Noise Resilient MAD (cont.)
west.cmu.edu28
Performance Analysis
• An attacker has a major advantage when bit errors due to noise can appear
• Resilient MAD shows slightly lower FR ratio than Hancke and Kuhn’s DBP
west.cmu.edu29
Performance Analysis (cont.)
• Resilient MAD shows significantly lower FA ratio than Hancke and Kuhn’s DBP
west.cmu.edu30
Performance Analysis (cont.)
west.cmu.edu31
Secure Positioning in Wireless Networks
Srdjan Capkun and Jean-Pierre HubauxIEEE JSAC 2006
Presented by Eric
west.cmu.edu
32
Attack model
• External attackers and Internal attackers (compromised nodes)
• Node centric – asks public base stations for position
• Infrastructure centric - Infrastructure computes the location based on their mutual communication
Attacks - GPS
• GPS satellite simulators can spoof radio signals
• Civilian GPS receivers will accept the strongest signal
• This type of attack can be prevented, if we can authenticate the satellite (but we can’t)
Attack – Ultrasound positioning
• Ultrasound positioning systems measure the time of flight of ultrasound signals to determine a node’s location
• Vulnerabilities:- Wormhole attack- Replay attack
Attack – Radio Positioning
• Use received signal strength to infer the distance from transmitter
• Vulnerabilities:– Compromised node can reply with
fake signal strength– Replay attack
Verifiable Multilateration
• VM is a secure localization technique that is related to the following techniques
• Distance bounding techniques upper bounds the distance of one device to another (compromised) device
• Authenticated ranging protocols enable two honest and trusted parties to measure their mutual distance in an authenticated manner
Verifiable Multilateration
• Step 1: verifiers v1...vn perform distance bounding to u
• Step 2: computes the estimated distance (x, y) with the results from step 1
• Step 3:– d test: is (x,y) within the measurement error?– Point in triangle test: does (x,y) fall in a
triangle formed by at least one triplet of verifiers?
Cooperative positioning
• Deploying a large number of landmarks is difficult
• SPINE- Sensor nodes can be used to locate each other using a cooperative technique based on VM
Conclusion
• Range-free algorithm (SeRLoc)– Distributed algorithm– Sector antennas are required
• Range-based algorithm (Distance Bounding Protocols)
– Prevention of distance reduction– Hardware to support high precision is required– High synchronization among nodes is required
west.cmu.edu40
Questions?
west.cmu.edu 41
©Radha Poovendran
SeRLoc - Security mechanisms•Message Encryption: Messages encrypted with a symmetric key K0.•Beacon Format:
Locator’s coordinates Slopes of the sector
ID authentication
Shared symmetric key
Li : { (Xi, Yi) || (θi,1, θi,2) || (Hn-j(PWi)), j } K0
• Every sensor stores the values Hn(PWi) for all the locators.
• A sensor can authenticate all locators that are within its range
PWi H0(Pwi)H H1(Pwi) Hn(Pwi)H H H
one-way hash functionHash chain
Synchronization var