1. Secure positioning in Wireless Networks Srdjan Capkun, Jean-Pierre Hubaux IEEE Journal on Selected area in Communication 2006. 2 2006. 11. 28 Jeon, Seung Woo

2. 2 / 18  Introduction  Position attack and distance estimation techniques  Verifiable Multilateration (VM)  Secure positioning in Sensor network  Conclusion Contents

3. 3 / 18 Introduction  Positioning and distance estimation techniques for wireless network Vulnerable to attack from internal and external attacks  Internal attack Internal attacker can report false position and distance information  External attack External attacker can modify (spoof) the measured positions and distances of nodes  The secure positioning mechanism is necessary

4. 4 / 18 Positioning Attacks  Distance enlargement and reduction attack Internal attacker External attacker Claimant Verifier

5. 5 / 18 Attacks on network systems [1]  Global Positioning system (GPS) Satellites based system 3-D positioning with an accuracy of around 3m Limitation  Not available for indoor and dense urban positioning  Civilian GPS was never designed for secure positioning  Can be spoofed by GPS satellite simulator (External attack)  The authority or another mobile node have no way to verify the correctness of node’s position (Internal attack)

6. 6 / 18 Attacks on network systems [2]  Ultrasound (US) positioning Measuring time of flight (TOF) of the sound signal between two node Limitation  Only available in indoor systems  Vulnerable to distance reduction and enlargement attacks  Enlargement attack  Attackers can send Jamming or replaying signals  Reduction attack  Attackers can send faster signals

7. 7 / 18 Attacks on network systems [3]  Radio (RF) positioning Based on the transmitted and received signal strength RF TOF-based systems  Node measures their mutual distance based on the time of propagation of the signal  External attacker can only increase distance  Distance is based on the signal speed  Internal attackers can increase and decrease distance  By reporting false report signal RF distance bounding techniques  Allows nodes to distance bound to others  Prevents an internal attackers from reducing the measured distance

8. 8 / 18 Attacks on network systems [4]  Distance bounding Prevent distance reduction Internal attacker External attacker Distance bound

9. 9 / 18 Secure positioning protocol  Distance bounding protocol A Verifier node can verify that a claimant nodes being at certain distance Vulnerable to distance enlargement attacks but not to distance reduction attacks  Authenticated ranging protocol Assumes that the claimant and the verifiers are mutually trusted  Claimant nodes report its processing time to the verifier which then computes the range based on the report times Do not need high speed HW than distance bound Same resistance to External attackers  Not resistant to distance reduction of internal attackers

10. 10 / 18 Verifiable Multilateration  Verifiable Multilateration (VM) Secure computation and verification of the positions  Verifiers can specify the position reported by nodes Proposition of VM  The position of device in two (three) dimension can be computed to three or four reference point Characteristic of VM  At least three reference points  Computations performed by an authority

11. 11 / 18 Verifiable Multilateration  Verifiable Multilateration algorithm [1] The verifiers perform distance bounding to the claimant  With power range of verifiers The authority computes an estimate position from all of the verifiers The authority runs the following test  δ-test  Distance bounding - Distance in verifiers and claimants < δ  Point in the triangle test  Whether claimant point is within the triangle of verifiers  If both tests are positive, the authority accepted as real, otherwise the position is rejected  otherwise, the authority regard it as the enlargement attack

12. 12 / 18 Verifiable Multilateration  Verifiable Multilateration algorithm [2] Verifier Claimant 1. Distance bounding Verifier 2. Estimation of claimants 3. δ-test 4. Triangle Position test

13. 13 / 18 Security properties of VM  Verifiable Multilateration (VM) with several protocol VM with distance bounding  An external attacker cannot cheat any positions within the triangle  The attacker can owns several devices and each device authenticate to the authority VM with authenticated ranging  Protection against external attacker, but not against untrusted claimants  Most suitable for mutually trusted positioning systems

14. 14 / 18 Positioning in sensor network  Threat analysis More severe than if positioning is performed directly to base stations  Temporal or permanent displacement of the nodes undetected to the verifier Attacks by internal attacker are simpler and more harmful than those performed by external attackers  Internal attackers can modify the computed network topology by reporting non-existing links

15. 15 / 18 Positioning in sensor network  Direct sensor positioning Sensors are being positioned directly by the landmark stations The verification depends on the number of verifiers and their power ranges Optimal number of verifiers In L*L area,  N=[(2L/R)+3][(2L/R)+1]/2 An optimal placement of verifiers is much more efficient than their random placement  But the random placed verifiers can prevent the cloning attack

16. 16 / 18 Positioning in sensor network  Cooperative Positioning (SPINE) Sensors measure distance bounds to their neighbors  The distance bounds are verified using VM The positions of the nodes are computed by the neighbor sensors BDV (Basic Distance Verification)  Verification triangles around claimants with verifiers and its neighbors  Verification triangles around verifiers and its neighbors  The measured distance bounds are verified in all triangles, by performing VM

17. 17 / 18 Positioning in sensor network  Security analysis of BDV The resistance of BDV to attacks  Depends on the number and on the mutual dependence of triangles  K verification triangle in network If the triangles are node disjoint  Can resists up to 2k distance enlargement If the triangles are node joint and edge-disjoint  Can resists up to 2k distance enlargement by external attackers  Not resist attacks by a single compromised node adjacent to the spoofed distance If the triangles are edge joint  the BDV can resists to up to k+1 distance enlargements by external attackers

18. 18 / 18 Conclusion  Security analysis Analyzing positioning and distance estimation techniques The effective techniques for secure positioning  Verifiable Multilateration (VM) techniques shows good performance compared to other techniques  The proposal techniques in sensor network : SPINE Mode detailed analysis and implementation of distance bounding is necessary