1 / 47

Robust Range-Independent Localization for Wireless Sensor Networks

Robust Range-Independent Localization for Wireless Sensor Networks. Radha Poovendran Joint work with Loukas Lazos Network Security Lab University of Washington http://www.ee.washington.edu/research/nsl/faculty/radha. Talk Outline. Motivation Problem Assumptions Approach

emmy
Download Presentation

Robust Range-Independent Localization for Wireless Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Robust Range-Independent Localization for Wireless Sensor Networks Radha Poovendran Joint work with Loukas Lazos Network Security Lab University of Washington http://www.ee.washington.edu/research/nsl/faculty/radha

  2. Talk Outline • Motivation • Problem • Assumptions • Approach • Solution: SeRLoc • Threats and defense • Performance • High resolution localization: HiRLoc • Conclusions

  3. Motivation • Location information is used for • Applications-Search & rescue etc. • Network Functions-Routing etc. • Location estimation Techniques • Range-based • Absolute p2p distance/angle estimate. • Requires hardware/sync. clocks. • Range-free • No distance or angle measurements • Used by Dv-hop, APIT etc.

  4. Secure Localization Problem • Localization Problem:Estimate sensor’s location. • Threat: An adversary can provide false info  displace the sensor. • Secure Localization:Ensurerobust location estimationevenin the presence ofadversaries. • Related work: Capkun [Technical Report—SecPos]

  5. Network Model Assumptions (1) Two-tier network architecture Omnidirectional antennas, unknown location, randomly deployed, density ρs. Directional antennas, known location, randomly deployed, density ρL. r R ρL << ρs Locator Sensor

  6. Network Model Assumptions (2) • Locator deployment: Homogeneous Poisson point process of rate ρL Random spatial distribution. • Sensor deployment: Random sampling with rate ρs. LHs: Locators heard at a sensor s

  7. Our Approach • Develop range-free location estimation technique that • Detects attacks on localization. • Allows robust location estimation even in the presence of attacks. • We do not attempt to eliminate attacks on other network protocols.

  8. Our Approach: SeRLoc Locator Sensor ROI L4 • Each locator Li transmits information that defines the sector Si, covered by each transmission. • Sensor s defines the region of intersection (ROI), from all locators it hears. L3 L1 s L2

  9. SeRLoc – Step 1: Beacon reception Locator Sensor The sensor collects information from all the locators that it can hear. L4 L3 L1 θ1,2 θ2,2 L2: (X2, Y2) (0, 0) Computing the ROI analytically by intersection of conics is EXPENSIVE!  Approximate method.

  10. SeRLoc – Step 2: Search area Locator Sensor Search Area R: Locator’s Range L4 (Xmax-R, Ymin+R) (Xmin+R, Ymin+R) Xmin = min { Xii  L } Ymin = min { Yii  L } Xmax = max { Yii  L } Ymax = max { Yii  L } R R L3 L1 Define: R L2 (Xmin+R, Ymax-R) (Xmax-R, Ymax-R) • Sensor knows the rectangular coordinates and places a grid. • Every grid point coordinates are known. 2R+Xmin - Xmax

  11. SeRLoc – Step 3: Grid-sector test Locator Sensor R: Locator’s Range • Sensor holds a Grid Score Table (GST) • GST is initialized to zero. • Perform Grid sector test for every point in the grid: • If C1=True and C2=True, increase GST score value by one. θ1,2 θ1,1 R L1 g: (xg,yg)

  12. SeRLoc – Step 4: ROI computation Sensor Search Area 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 … 1 1 1 2 3 3 3 34 4 43 3 3 3 3 3 1 1 2 2 2 34 4 4 4 4 4 43 3 2 2 1 1 2 24 4 4 4 4 4 4 4 44 3 3 2 2 2 2 2 34 4 4 4 4 4 4 43 2 2 2 2 2 3 3 3 34 4 4 4 4 43 3 2 2 2 2 2 2 3 3 3 34 4 4 43 3 2 2 2 2 1 2 2 2 3 3 3 34 43 2 2 2 3 4 3 2 2 2 3 3 3 3 3 2 2 2 2 1 1 1 1 1 … 0 0 0 0 1 1 1 1 0 0 0 0 0 0 0 0 0 ROI • Majority vote: Points with highest score define the ROI. • Error is introduced due to discrete computation. • We trade Accuracy vs. Complexity.

  13. SeRLoc - Security mechanisms • Message Encryption : Messages are encrypted by a shared symmetric key. • Locator ID authentication : • A locator Lihas a unique passwordPWi. • PWi is blinded with a one-way hash function H : {0,1}{0,1} • A hash chain is generated by iterative application of H • h0, h1 ,…, hn, h0=PWi, h1=H(PWi) • Preload every sensor with the values Hn(PWi) of all locators. • A sensor can authenticate a locator within its range (one-hop authentication). • Locator beacon format: • Li : { (Xi, Yi) || (θi,1, θi,2) || (Hn-j(PWi)), j } Ki ID authentication Locator’s coordinates Slopes of the sector Shared symmetric key Hash index

  14. SeRLoc – Wormhole Attack sensor Locator Attacker • THREAT MODEL • An attacker records beacons in region A • Tunnels beacons via wormhole link at region B • Replays the beacons. • Sensor “hears” locators LHs: {L1 - L8}. L4 L3 L1 Region B L2 Wormhole link Region A L7 L8 • No compromise of integrity, authenticity of the communication or crypto protocols. • Direct wormhole link allows timely replay of beacons. L5 L6

  15. Wormhole attack detection (1) Accept only single message per locator sensor Locator Attacker obstacle • Multiple messages from the same locator are heard due to: • Multi-path effects • Imperfect sectorization • Replay attack Ac Wormhole link

  16. Wormhole attack detection (2) Communication range constraint property. sensor Locator Attacker Locators heard by a sensor cannot be more than 2R apart. R: locator-to-sensor communication range. 2R Ai Aj Li Lj Wormhole link

  17. Wormhole attack detection (3) Probability of wormhole detection sensor Locator Attacker The events of a locator being within any region Ai, Aj, Ac are inde-pendent (Regions do not overlap). 2R Ai Aj Ac Wormhole link

  18. Wormhole attack detection (4) Probability of wormhole detection L

  19. Resolution of location ambiguity A sensor needs to distinguish the valid set of locators from the replayed ones. • Attach to Closest Locator Algorithm (ACLA) • Sensor s  : Broadcasts a nonce η. • Locator Li : Reply with a beacon + the nonce η, encrypted with the pair-wise key Ks,Li. • Sensor s  : Identify the locator Lc with the first authentic reply. • Sensor s  : A locator Li belongs to the valid set, only if it overlaps with the sector defined by the beacon of Lc. L4 L3 L1 Region B L2 L8 sensor Locator L5 Attacker Region A Wormhole link L7 L6

  20. SeRLoc – Sybil Attack • THREAT MODEL • The attacker has compromised theglobally shared key K0. • The attacker can impersonate any locator not directly heard to the sensor under attack. L3 L2 L1 • Attacker can fabricate arbitrary number of beacons. • Attacker succeeds in displacing the sensor if more than |LHs| locators can be impersonated. L4 Impersonator

  21. Sybil Attack detection – Defense (1) • In a successfulSybil attack, a sensor hears at least twice the number of locators. • Define a threshold Lmax as the maximum allowable number of locators heard, such that: Probability of false alarm Probability of Sybil attack detection • Design goal: Given security requirement δ, minimize false alarm probability ε.

  22. Sybil Attack detection – Defense (2) • Random locator deployment we can derive the Lmax value: Detection Probability False Alarm Probability Lmax Lmax/2

  23. SeRLoc – Compromised entities • THREAT MODEL • Attacker possess • Knowledge of all cryptographic quantities • Full control over the behavior of the entity. • Compromise of a sensor  reveals the globally shared key K0. • Compromise of alocator reveals K0, master key KLi, and the hash chain of the locator. • The adversary can launch a Sybil attack from a location closer to the sensor under attack than any locator  Compromise the ACLA algorithm  Displace any sensor.

  24. Enhanced location determination algorithm 1. The sensor transmits a nonce with his ID and set LHs 2. Locators within r from the sensor relay the nonce. L1 L7 3. Locators within R reply with a beacon + the nonce. L2 4. Sensor accepts first Lmax replies. L9 L6 L3 L5 • Attacker has to compromise more than Lmax/2 locators, AND • Replay before authentic replies arrive at s. L8 L4

  25. Performance Evaluation • Simulation setup: • Random locator distribution with density ρL. • Random sensor distribution with density ρs. • Performance evaluation metric: • : Sensor location estimation. • si : Sensor actual location. • r : Sensor-to-sensor communication range. • |S| : Number of sensors.

  26. Localization Error vs. LH • SeRLoc outperforms current schemes for any LH value • Satisfactory performance even for very small LH.

  27. Localization error vs. antenna sectors • Higher number of directional antennas (narrower sectors) reduces LH. • More expensive hardware at each locator.

  28. Localization error vs. sector error • Sector error: Fraction of sectors falsely estimated at each sensor. • SeRLoc is resilient against sector error due to the majority vote scheme. • Even when 50% of the sectors are falsely estimated, LE < r for LH  6.

  29. Localization error vs. GPS error • GPS Error (GPSE): Error in the locators’ coordinates. • For GPSE = 1.8r and LH = 3, LE = 1.1r. • DV-hop/Amorphous: LE = 1.1r requires LH = 5 with no GPSE. • APIT: LE = 1.1r requires LH = 12 with no GPSE.

  30. High Resolution localization - HiRLoc Yes, if we can further segment the ROI Can we increase the accuracy of the location estimate, while preserving the resilience against attacks? Is it feasible? • How do we achieve ROI segmentation ? • Expensive solution • Increase the locator density  More sectors will intersect. • Decrease the sector size  Smaller ROI. • Inexpensive solution • Variation of the antenna orientation. • Variation of the communication range.

  31. Variation of the antenna orientation Improved ROI α α • Rotate the antenna system by some angle α. • Broadcast beacons with the new coordinates. • Compute ROI by intersection of all sectors Si(j) over time, j : transmission round • Sector dependence: • Si(j) = S(θi(j), j) s L1 L2 Initial ROI estimate

  32. Antenna rotation equivalence Rotation L1 6-sector antenna • Antenna rotation emulates an antenna system with more directional antennas (narrower sectors). L1 3-sector antenna

  33. Variation of the communication range Reduction in communication range Improved ROI • Reduce the communication range Ri(j) via power control. • Broadcast beacons with the new Ri(j). • Compute the intersection of all sectors Si(j). • Sector dependence: • Si(j) = S(Ri(j), j) s L1 L2 Initial ROI estimate

  34. Intersecting multiple sectors L1 S1(k) • For same angle transmissions θi(j), j=1..k, but different range Ri(j), pick sector with smaller range Rmin=minRi(j). Rmax Rmin S1(2) L1 S1(k) S1(1)

  35. Computation of the ROI • Option 1: • Collect Si(j) info j =1..m . • Intersect all Si(j) j =1..m to determine the ROI. • Option 2: • Collect Si(j) for all Li in LHs. • At each round j, compute ROIt  ROI(j) = ROI(j-1)  ROIt.

  36. Conclusions • Presented a robust range-free localization: SeRLoc • SeRLoc • Robustly computes the location in the presence of attacks • No neighboring sensor information required. • Uses light-weight securitymechanisms (hashing, symmetric crypto). • HiRLoc: Achieves high resolution localization with no additional hardware resources, will preserving robustness against threats in WSN. • This work is only the first step. • More research is needed!

  37. Thank you for your time!

  38. Appendix for Readers

  39. HiRLoc – Wormhole attack (1) Case 1: Antenna Orientation Variation • Transmissions in every round are done with Rmax. • Sensor hear LHs={L1...L8} at every antenna rotation. • Sensor can determine valid LHs={L1..L4} as in SeRLoc. • Use only valid LHs, in ROI computation. L4 L3 L1 Region B L2 Region A L7 L8 Wormhole link L5 • Wormhole attack for case 1 • HiRLoc security  SeRLoc security L6

  40. HiRLoc – Wormhole attack (2) ROI(1) ROI(j) Case 2: Communication Range Variation L4 • THREAT MODEL • Locators in valid LHs can get out of range, once Ri(j) reduced. • Attacker can replay transmissions from valid LHs not heard at the sensor. L3 L1 L2 Wormhole link • DEFENSE • Sensor determines valid LHs based on transmissions with Rmax. • Determine • Intersect any future ROI(j), j = 2..m with ROI(1).

  41. HiRLoc – Sybil attack (1) Case 1: Antenna Orientation Variation • Locators transmit with Rmax at every antenna rotation. • Attacker cannot impersonate locators directly heard to the sensor. • Sybil detection as in SeRLoc  |LHs|  Lmax. • If under attack, execute ACLA. L3 L2 L1 • Sybil attack for case 1 • HiRLoc security  SeRLoc security L4 Impersonator

  42. HiRLoc – Sybil attack (2) Case 2: Communication Range Variation • THREAT • Locators in LHs when Rmax, that get out of range due to reduced Ri(j), can be impersonated. • Limiting |LHs|  Lmax. does not defend against the Sybil attack. • DEFENSE • Compute the ROI(1) based on Rmax beacons. • Intersect future ROI(1) estimation with ROI(1). L4 L3 The sensor cannot be displaced outside ROI(1) HiRLoc ROI  SeRLoc ROI L1 L2 Impersonator

  43. Performance Evaluation (1) SeRLoc vs. HiRLoc – Antenna orientation variation • 3-sector antennas used, beamwidth 120o. • Each antenna rotation is by 40o. • LH   % of ROI improvement . • After 3 antenna rotations. • ROI(3)<0.46 ROI(1)

  44. Performance Evaluation (2) SeRLoc vs. HiRLoc – Antenna orientation variation • LH = 15. • Each antenna rotation is by 2π/3M, M = # of sectors • Sectors   % of ROI improvement . • After 3 antenna rotations. • ROI(3)<0.46 ROI(1)

  45. Performance Evaluation (3) SeRLoc vs. HiRLoc – Communication range variation • 3-sector antennas used, beamwidth 120o. • Each antenna rotation is by 40o. • LH   % of ROI improvement . • For small LH, sectors get out of range with range reduction. • After 3 antenna rotations • ROI(3) < 0.58ROI(1)

  46. Performance Evaluation (4) SeRLoc vs. HiRLoc – Communication range variation • LH = 15. • Each antenna rotation is by 2π/3M, M = # of sectors • Sectors   % of ROI improvement . • After 3 antenna rotations. • ROI(3)<0.58 ROI(1)

  47. Performance Summary • HiRLoc leads to significant improvement over SerLoc even with a small number of antenna rotations and/or communication range variations. • HiRLoc is more effective for small LH and wide antenna sectors, when SeRLoc does not give a high resolution location estimation. • HiRLoc achieves high resolution localization with no additional resources.

More Related