Upload
rodney-collins
View
241
Download
0
Tags:
Embed Size (px)
Citation preview
Secure Localization: Location Verification and detection of
Malicious nodes in WSN
Advisor: Dr. Tricia Chigan
Presenter: Solomon Ayalew
3/16/2012 1
Outline Introduction and Background Location discovery in wireless sensor networks Localization systems Detection of malicious nodes Types of attacks on WSN’s Cryptography in secure localization Revocation of malicious nodes Comparison of Secure Localization Algorithms
3/16/2012 2
Introduction & background (I) Wireless Sensor Ntk’s
Low cost, Low power, mobility of nodes dynamic topology, withstand harsh environment unattended operation, ability to cope with node failure Autonomous systems randomly deployed in remote hostile
environments.
3/16/2012 3
Introduction & background (II)
Multi functional Applications
battlefield surveillance enemy tracking Environmental medical and industrial fields
Their location play’s a very important role in their application localization systems are target of attack Wrong location:- wrong military plan, wrong decision
3/16/2012 4
source of Pictures
http://www.decentlab.com/index.php?id=2http://www.indefia.com/products/hardware/wsn/http://www.sics.se/~luca/profile.html
3/16/2012 5
3/16/2012 6
Cont… Official terminologies
GPS is expensive. So new protocols come: use special nodes called Beacon Nodes (landmarks, anchors, locators)
o They Know their own location through GPS receivers or Manual configuration
Regular (unknown/free/dumb) nodes will learn from the beacons. How????
Detecting beacon node:- node performing detection on received signal Target node:- node being detected Node ID: - Id used by a detecting beacon node to make a target
beacon node believe that a non-beacon node wants to communicate.
3/16/2012 7
cont
3/16/2012 8
Deployment of sensor nodes. Ref [1]
Location discovery in WSN nodes. Stage 1
Non beacon nodes receive radio signal called Beacon Signal/Beacon Packet form Beacon nodes.
Beacon Packet = f (RSSI, ToA, TDoA, AoA, (x,y)) where RSSI is Received Signal Strength Indicator. ToA :- Time of Arrival.
TDoA Time Difference of Arrival. Location References AoA:- Angle of Arrival
Stage 2 Based on different References', nodes determine
their own location with minimum estimation error. But if some beacon nodes r malicious???
3/16/2012 9
Localization systems
1. Distance/angle estimation:- Estimate regarding distance &/or angle b/n 2
nodes. Based on RSSI, ToA, or hop count analysis.
• This values are affected by Δ signal power or introduce noise obstacles or magnet to the sensor field.
2. Position computation:- Compute the position of a node based on the
received signal.• Some techniques use trilateration, multilateration or
triangulation.
3/16/2012 10
Cont…
3. Localization algorithms:- Main component of the localization system Distributed and multi-hop algorithms Info manipulated; WSN nodes know their
positions.
rref [6]
Fig xx the division of localization systems in to 3 distinct components
3/16/2012 11
Detection of malicious nodes
Example. [1]
ref [1]
Detecting node N sends request message to the target node NA.
Target node reply a Beacon Packet (beacon signal) that includes its own location (x’, y’).
Then the detecting node will do calculationsEstimates the distance between them based on Beacon
signal.
3/16/2012 12
Cont..Calculate the distance between them from (x’,y’)&
(x,y)If | - measured distance| > maximum
measurement error, the node is Malicious can’t be a node Malicious by satisfying the above
condition ???? ....Condition not satisfied mean this node is Malicious???
Consider an attacker reply a previously captured signal.
DRBTS[7] (distributed reputation based beacon trust system):- each beacon node monitors its neighborhood for suspicious beacon nodes. Build a trustworthy table so that other nodes will chose
highly trustworthy nodes.3/16/2012 13
Types of Attack’s ref [8]
Distance fraud attack Mafia fraud attack Terrorist fraud attack Wormhole attack Sybil attack Spoofing attack Jamming Overshadowing Manipulation and Replay3/16/2012 14
Attacks against Location discovery
beacon node NB attacking node NA Malicious node NB
(x,y) (x’, y’) (x, y)
I am NB location I am NB & my location is
(x, y) (x’, y’)
N N
a) Masquerade beacon b) compromised beacon node
Beacon node NB
I am NB my location attacking node NA
(x, y) is (x, y) (x’,y’) Malicious/ attacking node is a node that have access to a
compromised cryptographic keys .
I am NB @ (x,y)
N
c) Replay attack ref [1]3/16/2012 15
Cont…
3/16/2012 16
a) Sybil attack b) reply attack c) wormhole attack
Ref [6]
Cont…
a) Sybil attack:- Malicious node appears in different poistions.
b) Reply attacks:- Store a received packet(from a beacon node) &
respond it later. Estimated distance & calculated distance are
different. Cant be the some????
3/16/2012 17
Cont…C ) Wormhole attack:-
Received signal by malicious node in 1 side of the ntk is sent and replicated by other side of the ntk.
Developed algorithms: Geographical Leashes, Directional
antenna works if two nodes are neighbors. Temporal Leashes needs synchronization and large mem space to save auth. Keys. Round trip time:- doesn’t need synchronization.
Assumption, all nodes are equipped with Wormhole detectors.
RTT = [(R4-R1)-(R3-R2)] where t1: time to finish sending first byte of request
t2: time to finish receiving first byte of request
t3: time to finish sending first byte of reply
t4: time to finish receiving first byte of reply
3/16/2012 18
Cryptography in secure localization
Cryptograph is against externally deployed hostile nodes. But here we are talking about compromised nodes. Attackers
have access to secret keys and passwords
So most secure localization algorithms use non-cryptographic security techniques.
Cryptography is 2nd Line of defense.
E.g HiRLoc, ROUPE, SeRLoc
Communication between beacon nodes &BS and some algorithms use cryptography. E.g SPINe
3/16/2012 19
Revocation of Malicious Nodes
• A Beacon node will report its detection to the base station securely. ==>they use shared key.
• Alert [detecting node ID, target node ID].• Base station maintains alert counter & report
counter. Alert counter :- suspiciousness of this node. Report counter:- # of alerts this node reported.
Why?? If malicious node repots against Benign B. nodes
3/16/2012 20
Comparison of different algorithms ref[6]
3/16/2012 21
Cont…
3/16/2012 22
Cont…
HiRloc/SeRloc Rope Liu et al
Based on Distance estimation RTT (round trip time)
WRBTS Keeps neighbor- reputation table Trustworthiness by voting
3/16/2012 23
Cont…
HiRloc (High resolution range independent localization) Extended version of SerLoc (secure range independent localization) doesn’t perform range measurment Sensors don’t interact to determine their location Beacon nodes called locaters Locators know their location and orientation (antenna) Sensors determine their position Passively.
3/16/2012 24
Location determination
Each locator transmits1. Locators coordinate2. Angel of sector boundary3. Locators communication range
Sensors don’t perform Signal strength measurement angle of arrival measurement or time of flight HirLoc and SeRloc are range independent
3/16/2012 25
Cont…
3/16/2012 26
Cont…
Region of intersection (ROI) Is the region formed by intersection of the locators signal Location determination perfection
Varying the antenna orientation or rotation Varying the communication range. SeRloc do this by
Increasing the locator density Narrower antenna sectors hardware complexity, expensive
Weakness of HiRloc and SeRloc, assumption no Jamming
3/16/2012 27
ROPE
ROPE (RObust Position Estimation) Resistant to jamming Accept the existence of malicious nodes Assuming Benign nodes outnumber malicious nodes Statistical and outlier filtering techniques Sensors request update of their position Assumption:-
Sensors share a pair wise key.
DBIR (Distance Bounding Intersection Region)
3/16/2012 28
Cont…
3/16/2012 29
Location estimation in ROUPE
1. Sensor broadcasts it ID and nonce Ns
2. Locator that is in range performs distance bounding Sensor defines its LDB
3. If LDB>=3 perform Verifiable Multilateration (VM) Computes it location Notify this to locators Terminate the algorithm
4. If locator didn’t receive notification==> sensor don’t know his position. Do more specific steps looks like the above.
Weakness of ROPE, needs at least 3 locators unlike 2 for HiRloc/SeRloc
3/16/2012 30
.
?
3/16/2012 31
References
1. D.Liu, P.Ning, and W.Du “”Detecting Malicious beacon Nodes fir Secure Location Discovery in Wireless Sensor Networks” 25th ICDCS, 2005,pp.609-19.
2. L.lazos, R. Poovendran, and S.Capkun “Rope: Robust Position Estimation in Wireless sensor Networks” Proc IPSN, Apr. 2005 pp. 324-31
3. L.lazos, and R. Poovendran, “Hirloc: High-Resolution Robust Localization for Wireless Sensor Networks ” IEEE JSAC Vol. 24, Feb 2006, pp. 233-46
4. L.lazos, and R. Poovendran, “Serloc: Secure Range-independent Localization for Wireless Sensor Networks” IPSN, Apr. 2005, pp.324-31.
5. S.Capkun and J. Hubaux “Secure Positioning in Sensor Networks” …
6. A.Boukerche, H. Oleiveira, E. Nakamura and A. Loureio “Secure Localization Algorithms for Wireless Sensor Networks” …
7. Z. Li et al., “Robust Statistical Methods for Securing Wireless Localization in Sensor Networks” IPSN ’05, p. 12
8. W. Ammar, A. ELDawy, M. Youssef “ Sensor Localization in a Wireless Sensor Networks” June 2007
3/16/2012 32