Secure Positioning of Wireless Devices with ...

INFOCOM 2005

Secure Positioning of Wireless Devices with Application to Sensor Networks Srdjan Čapkun and Jean-Pierre Hubaux EPFL, Switzerland

Presented by Ning Li March 26, 2005 NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

1

Outline Attacks against Position and Distance Estimation Distance Bounding Verifiable Multilateration SPINE: Secure Positioning In sensor NEtworks Conclusions

NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

2

Security Vulnerabilities in Positioning Existing positioning techniques Global Positioning System (GPS) For outdoor positioning

Ultrasound (US) Operates by measuring time-of-flight (ToF) of sound signal

Radio (RF) Received Signal Strength (RSS) Time-of-Flight (ToF)

Attacker model External attacker: cannot authenticate itself Compromised node: controlled by attacker and can authenticate itself

NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

3

Security Vulnerability (Cont.) Global Positioning System (GPS) Civilian GPS can be spoofed by GPS satellites simulators Military GPS are protected by encryption

Ultrasound (US)

u

v

Distance reduction: Attacker: uses a faster radio link Compromised node: lies about sending/receiving time

Distance enlargement: Attacker: jams and replays Compromised node: delays the response

NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

4

Security Vulnerability (Cont.) Radio (RF) Received Signal Strength (RSS): Compromised node: false power strength report External attacker: jams and replays

Time-of-Flight (ToF): Compromised node: false power strength report External attacker: jams and replays, but only can enlarge the distance

NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

5

Outline Attacks against Position and Distance Estimation Distance Bounding Verifiable Multilateration SPINE: Secure Positioning In sensor NEtworks Conclusions

NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

2

Distance Bounding Protocol

u cannot pretend to be closer to v than what it really is. NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

6

Outline Attacks against Position and Distance Estimation Distance Bounding Verifiable Multilateration SPINE: Secure Positioning In sensor NEtworks Conclusions

NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

2

Verifiable Multilateration VM relies on distance bounding measurements from at least three reference points (verifiers) to the considered device (the claimant). The claimant can only pretend that it is more distant from the verifier than it really is due to the distance bounding. If the claimant is within the triangle formed by verifiers, it cannot increase the measured distance to one or more verifiers without impairing the consistency of the position.

NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

7

Verifiable Multilateration Protocol

The algorithm is executed by an authority. NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

8

Detection of Enlarged Distances

NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

9

Properties of VM A node located at position p within the triangle formed by the verifiers cannot prove to be at another position p’≠ p within the same triangle. A node located outside the triangle formed by the verifiers cannot prove to be at any position p within the triangle. NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

10

Outline Attacks against Position and Distance Estimation Distance Bounding Verifiable Multilateration SPINE: Secure Positioning In sensor NEtworks Conclusions

NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

2

SPINE: Secure Positioning In sensor NEtworks System Model Sensor nodes and landmarks Sensors can measure distance by ToF of radio signal Network is operated by a central authority Network nodes can establish pairwise secret keys.

Threats in sensor network positioning (Attacker-x-y means x compromised and y external nodes) Node physical displacement: Attacker-0-2 Wormhole attack: Attack-0-2 Malicious distance enlargement: Attack-0-1 Dissemination of false position and distance: Attack-1-0

NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

11

Attacks on Sensor Network Positioning

NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

12

SPINE Algorithm

1) Sensors measure distance bounds to their neighbors 2) Distance bounds are verified through verifiable multilateration 3) Positions of the nodes are computed with a distributed or centralized range-based positioning algorithm. NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

13

Basic Distance Verification (BDV)

NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

14

BDV Triangle Forming

Verification triangles around u, with v and its neighbors Verification triangles around v, with u and its neighbors Verification triangles around u and v NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

15

BDV Verification 1) Nodes forming a triangle define a local coordinate system, in which they then compute the position of u or v (or both). 2) The computation of the position of u and v is performed with verifiable multilateration, through which the distance bounds dbuv and dbvu are then verified. 3) Verification of the distance bound is successful within BDV only if in all verification triangles the measured distance bounds dbuv and dbvu match the computed positions (with a tolerance of δ). NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

16

SPINE: Discussions The effectiveness of SPINE depends on the node density and the spatial distribution of landmarks. Landmarks should be specially placed on the boundaries.

NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

17

SPINE: Security Analysis

An external attacker or compromised node (v’) can launch a distance enlargement attack on a single triangle BDV. BDV of k disjoint triangles can resist up to 2k distance enlargement attacks. NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

18

Conclusions Most proposed positioning techniques are vulnerable to position spoofing attacks from external attackers and compromised nodes. Positioning and distance estimation techniques based on radio signal propagation exhibit the best properties for position verification. Verifiable Multilateration enables secure computation and verification of node positions in the presence of attackers. SPINE can resist against distance modification attacks from a large number of attacker nodes. NING LI

DEPARTMENT OF COMPUTER SCIENCE

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN

19