Zang li wade trappe yanyong zhang badri nath presented by vipul gupta
1 / 39

Robust Statistical Methods for Securing Wireless Localization in Sensor Networks - PowerPoint PPT Presentation

  • Updated On :

- Zang Li, Wade Trappe, Yanyong Zhang, Badri Nath Presented By : Vipul Gupta Robust Statistical Methods for Securing Wireless Localization in Sensor Networks Outline Introduction and Motivation Related Work Robust Triangulation Robust Fitting: Least Median of Squares

Related searches for Robust Statistical Methods for Securing Wireless Localization in Sensor Networks

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Robust Statistical Methods for Securing Wireless Localization in Sensor Networks' - ostinmannual

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Zang li wade trappe yanyong zhang badri nath presented by vipul gupta l.jpg

- Zang Li, Wade Trappe, Yanyong Zhang, Badri Nath

Presented By: Vipul Gupta

Robust Statistical Methods for Securing Wireless Localization in Sensor Networks

Outline l.jpg

  • Introduction and Motivation

  • Related Work

  • Robust Triangulation

    • Robust Fitting: Least Median of Squares

    • Robust Localization with LMS

    • Simulation and Results

  • Switched LS-LMS Localization Scheme

  • Robust RF-Based Fingerprinting

  • Conclusions

  • Future Work

  • Introduction l.jpg

    • What is Localization (w.r.t. sensor networks)?

      • Is the process of estimating the location of a sensor node w.r.t. a known location (also called anchor node)

  • Why Localization?

    • Enforcing location aware security policies (e.g. this entity should remain in this building only - laptop), emergencies (e.g. where did the fire alarm go off?)

  • Localization Schemes

    • Methods of obtaining estimate location information about a sensor node (e.g. DV – Hop, APIT, Cricket)

  • Anchor Node


    Sensor Node

    Introduction4 l.jpg

    Anchor Node

    • Threat to Localization Infrastructure

      • Purpose of the attacks

        • To give false location information.

  • Types of attacks

    • May be intentional

      • Non – cryptographic attacks

      • Classical security threats (e.g. Sybil attack)

  • Or unintentional

    • Presence of passerby, opening doors of hallway

  • Sensor Node (True)

    Sensor Node

    Motivation behind statistical robustness of localization l.jpg
    Motivation behind Statistical Robustness of Localization

    • Single defense mechanism will not work!

    • Unforeseen and non-filterable attacks

    • Localization should function properly at all times!

    • Living with the bad guys!

    Related work l.jpg
    Related Work

    • Two main localization techniques:

      • Range – based localization (more accurate)

        • Measurement of absolute point to point distance estimate (or angle)

    • Range – free localization (no special hardware)

  • Range – based localization:

    • Time of Flight (e.g. Cricket)

    • Angle of Arrival (e.g. APS)

  • Range – free localization:

    • Hop Count (e.g. DV-Hop)

    • Region Inclusion (e.g. APIT)

  • Anchor Node


    Sensor Node

    Anchor Node

    Sensor Node

    Anchor Node

    Anchor Node

    Related work7 l.jpg
    Related Work

    • Cricket

      • Time of Flight (Time difference of Arrival)

        • Using RF and Ultrasonic Waves

        • Utilizes the difference in propagation speeds

    • Pure RF – based system not used! (Why?)

    • Difference between the receipt of first bit of RF and ultrasound signals

    • Distance = Speed * Time

      • For constant speeds, greater the distance, longer the signal takes

    Signal 1: T seconds

    Signal 2: >T seconds

    Cricket l.jpg


    • WhereTRF is the time at which the RF signal is received

    • TUS is the time at which the Ultrasonic signal is received

    • Δ =TRF – TUS ; is the time difference

      • Speed * Time = Distance

  • Speeds are known, time is known, distance can be calculated

  • Attack threats l.jpg
    Attack Threats

    • Remove direct path & force radio transmission to employ multipath

    • Exploit difference in propagation speeds

    RF Signal reaches sensor node, nearby adversary hears it

    True Ultrasonic signal on its way

    Sends ultrasonic signal


    Attack threats10 l.jpg
    Attack Threats

    • Make the signal to pass through another medium

      • Speed gets affected and hence the distance estimate


    Sensor node

    Another medium

    Related work11 l.jpg
    Related Work

    • Ad Hoc Positioning System (APS)

      • Uses Angle of Arrival

      • Use of directional antennas

    Attack threats12 l.jpg
    Attack Threats

    Reflective Object

    • Use of reflective objects to change the signal arrival angle

    • Remove direct path & force radio transmission to employ multipath


    Angle of arrival changes

    Reflective Object

    Related work13 l.jpg
    Related Work

    • DV – Hop

      • Three stages –

        • Calculate distance in hops to anchor nodes (using beacons)

        • An anchor node calculates distance to other anchor nodes

        • Correction (average per hop distance) is calculated for each anchor node and deployed to the nodes

          i ≠ j – for all anchor nodes j

    Dv hop l.jpg
    DV Hop

    • Example

    Attack threats15 l.jpg
    Attack Threats

    • Vary hop count:

      • Wormhole

      • Jamming

      • Varying the radio range

    • Vary the per-hop distance

    Attack threats16 l.jpg
    Attack Threats

    Wormhole and Jamming

    Related work17 l.jpg
    Related Work

    • APIT (Approximate Point-in-Triangulation Test)

      • Uses area-based (Region Inclusion) estimation

      • Environment divided into triangular regions

      • PIT test narrows the location of the node

      • Calculated the Center of Gravity of the narrowed region

    Attack threats18 l.jpg
    Attack Threats

    • Alter neighborhood

      • Wormholes

      • Jamming

      • Changing the shape of the received radio region

        • Placing an absorbing barrier

  • Alter the per-hop measurement

  • Least squares l.jpg
    Least Squares

    • According to Wikipedia, is used to model the numerical data obtained from observations by adjusting the parameters of the model so as to get an optimal fit for the data.

    • Optimal fit – Sumof squared residuals having least value

    • Residue – Difference between the observed value and the value given by the model

    • Has its own shortcomings, which we will see soon

    Localization schemes l.jpg
    Localization Schemes

    (Xa, ya)


    • Triangulation & Trilateration

      • Collecting (x, y, d) values for each node

      • (x, y) coordinates of the anchor node

      • d is the distance to the anchor node

      • Using sufficient (xi, yi, di) solving for (x0, y0) is a simple least squares problem

    (x0, y0)



    (Xc, yc)

    (Xb, yb)

    Shortcomings of least squares l.jpg
    Shortcomings of Least Squares

    • Non-robustness to outliers

      • A single incorrect (x, y, d) value may deviate the location estimate significantly away from the true value in spite of other correct values being present

      • e.g. altering hop count using wormhole or jamming attacks may deviate d significantly from its original value

      • Let 10 samples values of ‘d’ be – 8, 9, 10, 11, 8, 9, 10, 11, 9, 10;

        However if an attacker changes one ’10’ to ‘100’, it will significantly affect the location measurement

    Robust fitting least median of squares l.jpg
    Robust Fitting: Least Median of Squares

    • Fitting: Finding the best fitting curve for a given set of points

    • Cost Function for LS algorithm (in this case) is given by:

    • where d is the parameter to be estimated (distance), is the i-th measured distance, xi and yi are the coordinates of the i-th location and x0 and y0 are the coordinates of the true location

    • A single outlier may ruin the estimation due to the summation in the cost function

    Robust localization with least median of squares l.jpg
    Robust Localization with Least Median of Squares

    • Under ideal conditions (no attacks), the device location can be estimated by …..(A)

      • value of the argument for which the value of the expression attains its minimum value

  • In presence of adversaries, we get outliers. Instead of trying to identify the outliers, we want to live with the bad nodes. This is achieved using LMS instead of LS


  • Non linear and linear least squares l.jpg
    Non-linear and Linear Least Squares

    • Equation A is a nonlinear least squares problem and is equivalent to solving:

    • Averaging the left and right sides:

    Non linear and linear least squares25 l.jpg
    Non-linear and Linear Least Squares

    • Subtracting the last two equations …

    • which is a linear LS problem

    Non linear and linear least squares26 l.jpg
    Non-linear and Linear Least Squares

    • Linear LS has less computational complexity

    • Starting with a linear estimate can avoid local minimum

      Linear LS and nonlinear LS starting from the linear estimate

    Simulation threat model l.jpg
    Simulation – Threat Model

    • Contamination Ratio Є< 50%, the fraction of distance measurements compromised

    • Coordinated corruption of data rather than random perturbations

    • Adversary tries to modify NЄ values so that they all “vote” for (xa, ya)

      (xa, ya)


      Greater the da, stronger is the attack


    Simulation l.jpg

    • Linear LS used

    • mean square error of an estimator (quantity to be measured), according to wikipedia is:

    • In simple words, it is the estimation error, i.e. how much the experimental value differs from the mathematical value

    • Experiments conducted with different contamination ratio Є and measurement noise level

    • Implemented system robust to 30 percent contamination

    Results l.jpg

    • Each point represents average over 2000 trials

    Results30 l.jpg

    • Impacts of Є and :

      • Severe performance degradation observed at Є = .35

    Switched ls lms localization scheme l.jpg
    Switched LS-LMS Localization Scheme

    For 50 samples: x = 31… 50 represents outliers

    y represents values

    Switched ls lms localization scheme32 l.jpg
    Switched LS-LMS Localization Scheme

    • Inliers and outliers well separated – LMS performs good

    • Inliers and outliers pretty close, LMS cannot differentiate and messes up – fits partly inlier and partly outlier data giving a worse estimate

    • A threshold T is selected and is compared with where is the observed noise level and normal measurement noise level is known

    • If T < LMS is used, else LS

    Rf based fingerprinting l.jpg
    RF-Based Fingerprinting

    • Multiple anchor points deployed

    • Signal strengths at each anchor point recorded as {x, y, ss1,…ssN} where ss are the corresponding signal strengths; x,y is the position, N is number of anchor nodes (at least 3)

    • Beacons are broadcasted and signal strengths measured at each anchor node

    • The signal strengths ss’ (observed) are compared with the ones recorded by the central anchor node

    • The closest match is selected as the estimated location (minimum value of )

    Robust methods for rf based fingerprinting l.jpg
    Robust Methods for RF-Based Fingerprinting

    • A single corrupted signal strength at an anchor node will affect the location. This can be easily done by:

      • Using an absorbing barrier between the node and anchor node

      • Turning a microwave on

  • Instead of finding minimized Euclidean distance we can find the minimized median - to find the location

  • Conclusions l.jpg

    • Finding a correct estimate of the location is important

    • Adversaries will always be there, so live in harmony – rather than trying to eliminate all the attacks, tolerate them

    • Both LS and LMS have their pros and cons

    • Switched LS-LMS does the trick!

    • Median based distance metric is good for RF based fingerprinting

    Limitations l.jpg

    • LS-LMS scheme fails when the contamination ratio increases more than 50%

    • For large number of compromised nodes, median may be far different from the average value

    Future work l.jpg
    Future Work

    • Limited attacker capabilities considered. That is, the attacker can compromise only a limited number of percentage of nodes.

    • Errors caused by malicious users considered. They have not considered errors caused due to limitations of ranging methods like signal attenuation, multipath signals, etc.