Presentation on theme: "Location Privacy Preservation in Collaborative Spectrum Sensing Shuai Li, Haojin Zhu, Zhaoyu Gao, Xinping Guan, Shanghai Jiao Tong University Kai Xing."— Presentation transcript:
Location Privacy Preservation in Collaborative Spectrum Sensing Shuai Li, Haojin Zhu, Zhaoyu Gao, Xinping Guan, Shanghai Jiao Tong University Kai Xing University of Science and Technology of China and Xuemin (Sherman) Shen University of Waterloo Presenter: Haojin Zhu Associate Professor Computer Science & Engineering Department Shanghai Jiao Tong University
Cognitive Radio Primary User (PU) PU uses the spectrum exclusively SUs can access the idle spectrum Secondary User (SU) Traditional Spectrum Allocation Cognitive Radio Cognitive Radio is proposed to increase the efficiency of channel utilization under the current static channel allocation policy. Cognitive Radio ： access the spectrum dynamically
Spectrum Sensing Spectrum Sensing ： In order to identify the idle spectrum, secondary users should sense the spectrum first. Spectrum 1 Spectrum 2 Spectrum n …………………. Which one is idle?
Collaborative Spectrum Sensing But, spectrum sensing accuracy is often degraded by: □Fading □Shadowing □Receiver Uncertainty Collaborative Spectrum Sensing is proposed to overcome these challenges. Step1: SUs sense the spectrum individually Step2: SUs submit the sensing reports to a fusion center Step3: Fusion center combines these reports Collaborative sensing is also facing a series of security threats!
Existing Research in Spectrum Sensing Security 1 Attack: Primary Emulation Attack (JSAC'08, Oakland S&P'10, ) 2 Attack: Sensing Data Falsification Attack (INFOCOM'08, TMC 2011, NDSS 2011) 3 Attack: Selfishness in Collaborative Sensing (ACM MC2R) None of existing works consider the privacy issues in CR networks before!
Exploiting Spectrum Sensing Reports for Involuntary Geo-localization- An Attacker Point of View The Good Side: Exploit spatial diversity for spectrum sensing A Converse Question: Could we exploit correlation of CR sensing reports and their physical location to make an involuntary geo- localization of SU. SU Different Locations Correspond to Different Sensing Reports due to Spatial Diversity.
Attack I: Single Report Location Privacy (SRLP) Attack Test bed Setup and Experiment Approach: 1.Using USRP to detect the TV radio signal of 13 sampling regions. 2.The attacker using classification algorithm to obtain spectrum characteristics of each region (the cluster centroids). 3.Geo-localization a user by comparing the distance of the sensing data and the various cluster centroids. Single Report Location Privacy (SRLP) Attack: the adversary tries to compromise the location privacy of a CR user by correlating his sensing report and physical location.
Attack II: Differential Location Privacy Attack in Aggregation Mode Inspired from database security concept, differential privacy. In the context of CR security: Untrusted Fusion Center (Aggregator), secondary users may frequently join or leave the networks Inspired from database security concept, differential privacy. In the context of CR security: Untrusted Fusion Center (Aggregator), secondary users may frequently join or leave the networks Even under the presence of privacy preserving aggregation solution
Experimental Results for the Attack Result I: Significant location-dependent fluctuation in the RSS sensing of three Digital TV (DTV) channels. Result I: Significant location-dependent fluctuation in the RSS sensing of three Digital TV (DTV) channels. Result II: the attackers could localize a user within 10-50 meters accuracy with 90% successful rate by choosing a proper parameter Result II: the attackers could localize a user within 10-50 meters accuracy with 90% successful rate by choosing a proper parameter How to enable the collaborative spectrum sensing without location privacy leaking?
Formal Definition on Location Privacy in Collaborative Spectrum Sensing We define the uncertainty of the adversary and thus the location privacy level of a node involved in a successful privacy preserving spectrum sensing by adopting the entropy concept as follows: Total number of regions the probability that user a is located in the region b
Privacy Preserving collaborative Spectrum Sensing (PPSS) Conceal each user’s sensing reports in aggregation (thwarting SRLP attack) Conceal the user’s sensing reports when he leaves or joins the aggregation (thwarting the DLP attack) Privacy Preserving Sensing Report Aggregation Protocol (PPSRA) Distributed Dummy Report Injection protocol (DDRI) Distributed Dummy Report Injection protocol (DDRI)
Protocol I: PPSRA Phase II: Multiplying the encrypted data Phase III: Decryption for the result Decrypt it for the aggregation result. 1.E. Shi, T. Chan, E. Rieffel, R. Chow, and D. Song, “Privacy-preserving aggregation of time-series data,” in Proc. of NDSS’11, 2011. Phase I: Individual Encryption …
Protocol II: Distributed Dummy Report Injection protocol (DDRI) Differential Location Privacy Attack: Traditional differential privacy protection approach needs to add a large noise to the sensing reports, which will seriously degrade the collaborative sensing performance, obviously deviating from the original goal of collaboration.
Distributed Dummy Report Injection protocol Our Approach: Our dummy report based approach will not pollute the aggregation result. Broadcast the fusion center’s sensing results Send his own sensing results Send the center’s sensing results LEAVE/JOIN Using some public available sensing data (dummy report) to replace the noises
Distributed Dummy Report Injection protocol The introduced randomness in aggregation result can successfully confuse the attacker.
Distributed Dummy Report Injection protocol Question 1: How much randomness has been introduced? Question 2: What’s the impact introduced to collaborative sensing (the actual number of the sensing nodes)?
Distributed Dummy Report Injection protocol Question 3: What’s the impact introduced to collaborative sensing (the weight of the dummy report)? In general, we will demonstrate that our scheme can generate sufficient randomness to protect the user’s differential location privacy. It has limited impact on collaborative sensing performance In general, we will demonstrate that our scheme can generate sufficient randomness to protect the user’s differential location privacy. It has limited impact on collaborative sensing performance
Conclusion and Future Work We identify and formulate a new security threat in collaborative sensing We introduce PPSS to protect secondary users’ location privacy in collaborative sensing. We evaluate the effectiveness and efficiency of PPSS by implementation in a real experiment. Our future work includes investigating the privacy issues in database-driven CR networks.