Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.

Slides:

Advertisements

Similar presentations

Problems in Ad Hoc Channel Access

Advertisements

Chris Karlof and David Wagner

Localization for Mobile Sensor Networks ACM MobiCom 2004 Lingxuan HuDavid Evans Department of Computer Science University of Virginia.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

Trust relationships in sensor networks Ruben Torres October 2004.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Secure In-Band Wireless Pairing Shyamnath Gollakota Nabeel Ahmed Nickolai Zeldovich Dina Katabi.

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.

KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys

Computer Networks Group Universität Paderborn Ad hoc and Sensor Networks Chapter 9: Localization & positioning Holger Karl.

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Source-Location Privacy Protection in Wireless Sensor Network Presented by: Yufei Xu Xin Wu Da Teng.

Detecting Phantom Nodes in Wireless Sensor Networks Joengmin Hwang Tian He Yongdae Kim Department of Computer Science, University of Minnesota, Minneapolis.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 6: Securing neighbor discovery.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

TPS: A Time-Based Positioning Scheme for outdoor Wireless Sensor Networks Authors: Xiuzhen Cheng, Andrew Thaeler, Guoliang Xue, Dechang Chen From IEEE.

Probability Grid: A Location Estimation Scheme for Wireless Sensor Networks Presented by cychen Date ： 3/7 In Secon (Sensor and Ad Hoc Communications and.

Scalable and Distributed GPS free Positioning for Sensor Networks Rajagopal Iyengar and Biplab Sikdar Department of ECSE, Rensselaer Polytechnic Institute.

Dynamic Clustering for Acoustic Target Tracking in Wireless Sensor Network Wei-Peng Chen, Jennifer C. Hou, Lui Sha Presented by Ray Lam Oct 23, 2004.

1 A Practical Secure Neighbor Verification Protocol for Wireless Sensor Networks Reza Shokri, Marcin Poturalski, Gael Ravot, Panos Papadimitratos, and.

Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.

Secure Localization Algorithms for Wireless Sensor Networks proposed by A. Boukerche, H. Oliveira, E. Nakamura, and A. Loureiro (2008) Maria Berenice Carrasco.

How Does Topology Affect Security in Wireless Ad Hoc Networks? Ioannis Broustis CS 260 – Seminar on Network Topology.

Time of arrival(TOA) Prepared By Sushmita Pal Roll No Dept.-CSE,4 th year.

A Survey of Secure Location Schemes in Wireless Networks /5/21.

Dynamic Clustering for Acoustic Target Tracking in Wireless Sensor Network Wei-Peng Chen, Jennifer C. Hou, Lui Sha.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 3.

Wireless Ad-Hoc Networks

Using Directional Antennas to Prevent Wormhole Attacks Lingxuan HuDavid Evans Department of Computer Science University of Virginia.

Mapping and Localization with RFID Technology Matthai Philipose, Kenneth P Fishkin, Dieter Fox, Dirk Hahnel, Wolfram Burgard Presenter: Aniket Shah.

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson

The Sybil Attack in Sensor Networks: Analysis & Defenses

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

Differential Ad Hoc Positioning Systems Presented By: Ramesh Tumati Feb 18, 2004.

11/25/2015 Wireless Sensor Networks COE 499 Localization Tarek Sheltami KFUPM CCSE COE 1.

Dual-Region Location Management for Mobile Ad Hoc Networks Yinan Li, Ing-ray Chen, Ding-chau Wang Presented by Youyou Cao.

Computer Science 1 Using Directional Antennas to Prevent Wormhole Attacks Presented by: Juan Du Nov 16, 2005.

1 Security for distributed wireless sensor nodes Ingrid Verbauwhede Department of Electrical Engineering University of California Los Angeles

Ad Hoc Network.

Performance of Adaptive Beam Nulling in Multihop Ad Hoc Networks Under Jamming Suman Bhunia, Vahid Behzadan, Paulo Alexandre Regis, Shamik Sengupta.

SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Network Raymond Chang March 30, 2005 EECS 600 Advanced Network Research, Spring.

Interleaving and Collusion Attacks on a Dynamic Group Key Agreement Scheme for Low-Power Mobile Devices * Junghyun Nam 1, Juryon Paik 2, Jeeyeon Kim 2,

Computer Science Using Directional Antennas to Prevent Wormhole Attacks Stephen Thomas Acknowledgement: Portions of this presentation have been donated.

NDSS 2004Hu and Evans, UVa1 Using Directional Antennas to Prevent Wormhole Attacks Lingxuan Hu and David Evans [lingxuan, Department.

1 An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Sencun Zhu, Sanjeev Setia, Sushil Jajodia, Peng.

1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.

International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.

Secure positioning in Wireless Networks Srdjan Capkun, Jean-Pierre Hubaux IEEE Journal on Selected area in Communication Jeon, Seung.

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

PROJECT DOMAIN : NETWORK SECURITY Project Members : M.Ananda Vadivelan & E.Kalaivanan Department of Computer Science.

Jamming for good: a fresh approach to authentic communication in WSNs

Packet Leashes: Defense Against Wormhole Attacks

Wireless Sensor Network Architectures

Presented by Prashant Duhoon

Secure Verification of Location Claims

Wireless Mesh Networks

Information Theoretical Analysis of Digital Watermarking

Presentation transcript:

Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava

Outline Motivation Aim and Idea Model INFRASTRUCTURE-CENTRIC LOCALIZATION WITH HIDDEN BASE STATIONS NODE-CENTRIC LOCALIZATION WITH HIDDEN BASE STATIONS SECURE LOCALIZATION IN SENSOR NETWORKS WITH MOBILE BASE STATIONS LOCATION VERIFICATION IN MOBILE AD HOC NETWORKS ANALYSIS

Motivation Most localization techniques were mainly studied in non-adversarial settings. Current secure localization techniques – rely on GPS, high-speed hardware, directional antennas, robust statistics, spread spectrum techniques using spreading codes. – An efficient implementation of these secure protocols remains a challenge.

Aim and Idea Aim of the protocols in this paper – To ensure that a node cannot lie about its position Idea – Relies on a set of covert base stations (CBSs-Sniper). – CBS’s locations are not known by the attacker at the time of the execution of the secure localization. – Locations of CBSs represent a secret input (a key) to the system. – CBSs can be realized by hiding or disguising a static base station or by the random motion of mobile base stations (MBSs). – Typically, CBSs are passive.

Model System Model – localization infrastructure consists of a set of CBSs and a set of public base stations (PBS). – CBSs’ locations are known only to the authority controlling the verification infrastructure. – CBSs are silent on the wireless channel: they only listen to the ongoing communication. Assumptions – Attackers cannot tamper with CBS or PBS locations or compromise the base stations. – Every legitimate node shares a secret key with the base stations This key is established/obtained through the authority controlling the verification infrastructure prior to position verification. – CBSs can measure range. – CBSs‘ mutual communication and their communication to the verification authority is performed through a channel that cannot be detected by the attackers.

Attacker Model – types of attacks: internal and external. – Internal attacks cheat in their selves locations are those in which a dishonest or compromised node reports a false position or convinces the localization infrastructure that it is at a false position. – External attacks spoof other node’s position convinces an honest node and the localization infrastructure that a node is at a different position from its true position.

INFRASTRUCTURE-CENTRIC LOCALIZATION WITH HIDDEN BASE STATIONS In Infrastructure-centric localization systems – Infrastructure computes the locations of nodes based on their mutual communication. – In multilateration-based approaches, an internal attacker can cheat on its position by cheating on ranging mechanisms – External attackers are similar to those performed by internal attackers.

CBS Density Requirement? Assuming that the attackers can guess the locations of base stations only with a very low probability. TDOA with hidden base stations is designed to detect both internal and external attacks. Upon receiving the beacons, the base stations compute the nodes’ location with TDOA and check if this location is consistent with the time differences. main advantages of TDOA is that node localization does not require communication from the base stations to the nodes ∆ is the maximal expected inconsistency

External wormhole attack – attacker jams the original localization message sent by node P – the attacker replays the message from a location p’. – the base stations will be convinced that node P is located at p’  the attacker needs to jam all hidden base stations  the attacker needs to have access to location p’. Using CBSs, this attack is partially prevented by the challenge-response scheme. – the node is expected to reply to a challenge nonce within a period T – T limits the time during which the attacker can mount the attack. – T is estimated based on the expected signal propagation times and node processing time.

NODE-CENTRIC LOCALIZATION WITH HIDDEN BASE STATIONS In node-centric localization system – a node computes its position by observing the signals received from PBSs. – Internal attacks are generally straightforward: an attacker simply lies about the position that it computed. – Node might compute its position through a nonsecure localization system. – External attacks are more complex and assume that the attacker spoofs the node’s position and then cheats on the position verification mechanisms.

Not a Necessary Check The PBS sends a challenge to the node A – T is time within which a node needs to reply A replies by sending radio and ultrasonic messages containing the alleged node position p F. CBS then measures the distance d m F bashed on the time difference CBS verifies if the reported position p F corresponds to the measured distance with ∆, – which is combined localization and ranging error

One limitation of this attack ?? – an attacker needs to have a device at the position where it wants to falsely place A – the attacker nodes need to be tightly synchronized to perform it.

SECURE LOCALIZATION IN SENSOR NETWORKS WITH MOBILE BASE STATIONS Assumptions – the sensors compute their locations through one of the nonsecure localization algorithms – the authority has a number of MBSs that know securely their locations – MBSs share a secret key with each sensor Idea – MBS replace the role of PBS and CBS in the above scheme

1.MBS send nonce 2.Sensors needs to reply the nonce after delay TR time. 3.MBS move to a new location in TR time to verify. TR must not give away any information about the distance from the current transmission position to the next verification position. Furthermore, TR must allow enough time for the MBS to wait a few seconds at its new location until all the nodes have replied.

Hence, as the MBS moves through the network – it will only verify locations of the sensors that were in the intersections of two subsequent power ranges of the MBS Provided that the sensors are uniformly distributed – MBS will hear at least 39 percent of the sensors that were in its two ranges. The trajectory of the MBS needs to be unpredictable for the sensor nodes The best results are achieved if the movement range and the transmission range are equal

LOCATION VERIFICATION IN MOBILE AD HOC NETWORKS Assumptions – nodes obtain their positions by using GPS – rely on their neighbors for position verification – all nodes have passive ranging capabilities. – all nodes have a public/private key pair – each node shares a secret key with the location database server. Application – a node wants to update its location in a central location database. – In order to update its location, the node will rely on the (signed) statements of its neighbors.

ANALYSIS Assumption – the attacker and the hidden base station are placed uniformly on a disk/ball( Last Three ). Probability of attacker success when the attacker is trying to guess the distance to the CBS ; he will have the highest chance of success if his guess is d=0.84R (for a disk).

The probability of the attacker’s success can be significantly reduced if multiple CBSs are used for position verification. In that case, the probability of attacker’s success is simply When the CBSs are placed outside the localization region, the maximum probability of the attacker’s success is further reduced to

For the first scheme – attacker must also guess the direction in which he needs to point his directional antenna in order to send the delayed message to the correct base station. – In order to succeed in his attack, the attacker must hit the correct base station and not hit any of the remaining base stations. – If the CBSs are randomly distributed across the verification space, the probability of the attacker hitting the correct CBS depends on the angle of his transmission cone. – attacker has the highest probability of success, which is the case when the attacker positions himself at the center of the verification circle.

The best choice for the attacker is to pick the angle that – maximizes his chance to hit the desired CBS – minimizes the risk of hitting anyone

combined probability of correctly aiming N directional antennas at N CBSs without accidentally hitting any wrong CBS

the frequency of false positives and false negatives as a function of the expected localization and ranging error ∆. two sources of error (Gaussian) – localization error – ranging error