Location Cloaking for Location Safety Protection of Ad Hoc Networks
-
Upload
byron-buckner -
Category
Documents
-
view
22 -
download
1
description
Transcript of Location Cloaking for Location Safety Protection of Ad Hoc Networks
Location Cloaking for Location Safety Protection of Ad Hoc Networks
CS587x LectureDepartment of Computer Science
Iowa State University
Outline
What is location safety How to achieve location safety
Stationary ad hoc networks Mobile ad hoc networks
Performance evaluation Closely related work Conclusion
Why disclosing location information Location information adds a new dimension
to ad hoc networking Location-based routing
Leverage nodes’ location information in path discovery and packet forwarding
Much more efficient and scalable than topology-based routing
Location-oriented applications e.g., enemy detection in battlefield
Dilemma
Disclosing location information presents a major threat to network safety Knowing the position of a node allows an
adversary to locate and destroy it physically
Location Safety Protection
Goal Allow nodes to reveal their location Yet make it practically infeasible for one to
locate them based on such information
Location Safety Protection
Goal Allow nodes to reveal their location Yet make it practically infeasible for one to
locate them based on such information
Observation An adversary can always comb through a whole
region to locate all nodes inside it However, if the region is too large, the cost can
be prohibitively high
Location Safety Protection
Key Idea Instead of its exact position, a node can report it is
inside some spatial region, called a cloaking box Reducing location resolution to achieve a desired
level of safety protection
Location Safety Protection
Key Idea Instead of its exact position, a node can report it is
inside some spatial region, called a cloaking box Reducing location resolution to achieve a desired
level of safety protection
Location Safety Protection
Key Idea Instead of its exact position, a node can report it is
inside some spatial region, called a cloaking box Reducing location resolution to achieve a desired
level of safety protection
Lower node density less attractive for the adversary to locate/destroy the nodes inside higher safety level
Safety Level
Safety level of a cloaking box The ratio of the box’s area and the number of
nodes inside
Safety Level
Safety level of a cloaking box The ratio of the box’s area and the number of
nodes inside
Safety level of a network A network is protected at a safety level θ, if the
adversary cannot find any region whose safety level is less than θ based on nodes’ disclosed location
How to compute cloaking box For safety protection
Each cloaking box must satisfy the safety level requirement
How to compute cloaking box For safety protection
Each cloaking box must satisfy the safety level requirement
A sequence of cloaking boxes must not be correlated to identify an area with a safety level less than θ
Correlation attack
How to compute cloaking box For safety protection
Each cloaking box must satisfy the safety level requirement
A sequence of cloaking boxes must not be correlated to identify an area with a safety level less than θ
For network performance Each cloaking box needs to be as
small as possible
Correlation attack
A Naïve approach
A node broadcasts to query its nearby nodes’ location, and then identify the smallest region that meets the safety requirement
Problems1. Require nodes to report their exact location
2. Difficult to determine the query broadcast region
The node actually reveals it is inside the broadcast region What if the safety level of the region is not enough?
Proposed Technique
Basic idea Partition network domain recursively into a set of
subdomains, each with a safety level at least θ Each node uses its containing subdomain as its
cloaking box
Proposed Technique
Basic idea Partition network domain recursively into a set of
subdomains, each with a safety level at least θ Each node uses its containing subdomain as its
cloaking box
Challenges1. Partitioning needs to be done in a fully distributed manner
2. No node shall reveal its exact position
Stationary Ad Hoc Networks
Nodes are deployed in a domain D Area(D)/#Nodes is no less
than θ Nodes start to do
partitioning at time t0
Partitioning is done round by round
Each round has a fixed time duration
D
Each node sets its partition P to D
Refine P round by round Broadcast a packet PLUS(NID, P)
within P Collect the PLUS packets from
nodes in P during a time period T Calculate the safety level S(P)
If S(P)≥2θ Divide P into two equal halves Set P as the one containing the
node’s current position Go to the next round of partitioning
If S(P)<2θ Take P as its cloaking box Stop partitioning
Partitioning Algorithm
D
Each node sets its partition P to D
Refine P round by round Broadcast a packet PLUS(NID, P)
within P Collect the PLUS packets from
nodes in P during a time period T Calculate the safety level S(P)
If S(P)≥2θ Divide P into two equal halves Set P as the one containing the
node’s current position Go to the next round of partitioning
If S(P)<2θ Take P as its cloaking box Stop partitioning
Partitioning Algorithm
D
Each node sets its partition P to D
Refine P round by round Broadcast a packet PLUS(NID, P)
within P Collect the PLUS packets from
nodes in P during a time period T Calculate the safety level S(P)
If S(P)≥2θ Divide P into two equal halves Set P as the one containing the
node’s current position Go to the next round of partitioning
If S(P)<2θ Take P as its cloaking box Stop partitioning
Partitioning Algorithm
D
Each node sets its partition P to D
Refine P round by round Broadcast a packet PLUS(NID, P)
within P Collect the PLUS packets from
nodes in P during a time period T Calculate the safety level S(P)
If S(P)≥2θ Divide P into two equal halves Set P as the one containing the
node’s current position Go to the next round of partitioning
If S(P)<2θ Take P as its cloaking box Stop partitioning
Partitioning Algorithm
D
Each node sets its partition P to D
Refine P round by round Broadcast a packet PLUS(NID, P)
within P Collect the PLUS packets from
nodes in P during a time period T Calculate the safety level S(P)
If S(P)≥2θ Divide P into two equal halves Set P as the one containing the
node’s current position Go to the next round of partitioning
If S(P)<2θ Take P as its cloaking box Stop partitioning
Partitioning Algorithm
D
Is Partitioning Safe? A node reveals its location P when it
broadcasts a PLUS packet in P It is guaranteed P’s safety level is no less than θ
Recursive partitioning makes the correlation attack impossible Any two partitions P1 and P2
o either do not overlap at all, oro one contains the other completely
o Situation like never happens
Some Concerns A node may be compromised
Inject multiple PLUS packets to enlarge cloaking boxes
This attack can be prevented using authentication techniques Add a certificate field in PLUS packet Allow a node to verify the sender of a packet
Mobile ad hoc networks Initialization
Each node finds its cloaking box right after the deployment
Adjust partitioning when necessary Each node monitors its
movement against its current partition P
If a node moves into a new partition P’• Broadcast a LEAVE packet in P• Broadcast a JOIN packet in P’ D
Performance Study● Performance metrics
Cloaking area Communication overhead
Simulate a mobile ad hoc network Nodes initiate partitioning right after deployment. (overhead Cinit)
Nodes move following a random walk, and adjust partitioning when necessary (overhead Cupdate)
Node distribution follows a Normal distribution Variance v is smaller, distribution is more skewed v = 0.5, 0.1, 0.05
Evaluation Results A more skewed distribution results in
a larger cloaking area in average a smaller Cinit a larger Cupdate (most cases)
Related 1: Encryption Encrypt location information to make it
intelligible only to certain node
Problems The destination node may be compromised In some cases, location information cannot be
encrypted
Related 2: Anonymous Routing
Make routes untraceable to protect important nodes
Problems Do not provide location
safety protection A node can be destroyed
whenever it is located, regardless of its importance
Related 3: Privacy-aware LBS
Location disclosed in LBS may be correlated with restricted spaces for subject identification Service anonymity protection Location privacy protection
Problems Assume some central server for location
depersonalization Location privacy is different from location safety
Conclusion
We define the concept of location safety protection
We propose to reduce location resolution to achieve a desired level of safety protection
We present a novel distributed technique for location cloaking
Thanks!