Secure Localization using Dynamic Verifiers

Nashad A. SafaJoint Work With

S. Sarkar, R. Safavi-Naini and M.Ghaderi

2/23

Importance of Secure Localization Location-based Secret

communication– Communication between different

military establishments

Position-based Access control– Limit access to resources (e.g.

printer) from some specific location– Pizza-delivery company may want

to be sure the order actually came from the claimed position.

Location based routing in wireless sensor network

3/23

Outline

Problem Description Model and Assumptions Contributions Protocol View ResultsConclusion and Future Works

4/23

Problem Description Two Variants of Secure Localization Protocols– Positioning

• Provide relative or absolute location of nodes within a network• Can be Node centric or Infrastructure centric

– Distance Bounding• Determine an upper bound for the physical distance between

two parties• Prevent two parties from appearing closer together than they

actually are• Can be Node centric or Infrastructure centric

– Proposed Protocol is for secure positioning

5/23

Secure Positioning

Verifiers(V)

Adversaries (A)

Prover( at position P)

6/23

Common Distance Measurement Techniques

• Available techniques– Received Signal Strength (RSS): • Exploits the inverse relationship between signal

strength and distance to estimate the distance of the transmitter

– Time-of-Flight (ToF): • Measures elapsed time for a message exchange to

estimate distance based on communication medium’s propagation speed.• Time-of-Arrival (ToA)

7/23

Model and Assumptions

Multiple VerifiersMultilateration/Triangulation

Capabilities of Adversary Directional Antenna Jam CommunicationCreate wormhole

Strongest attack model Collusion Attack

o A set of nodes are corrupted o Colluding nodes share a

secret channelo No known localization protocol is

secure against this attack

P

Colluding Nodes

False Claim

8/23

Collusion Attack

P

Ai

r A2

A3

A1

V3

V1

Vi

V2

Time required for travelling a message from Vi to P is Ti

Time required for travelling a message from P to any Ai is α

dist(1,2)

Vi sends message at time t

Ai receives Message at time t+Ti -α

Attack Scenario

Vi accepts response at t+2Ti

V3 accepts response at t+Ti +T3

V2 accepts response at t+Ti +T2

V1 accepts response at t+Ti +T1

Ai waits for time 2α-(dist(Ai ,Aj )/c) for adversary Aj , then send it to Aj

A1 receives message and sends response at t+Ti +α

A2 receives message and sends response at t+Ti +α

A3 receives message and sends response at t+Ti +α

Ai sends response at t+Ti +α

9/23

Related Work• “Secure localization with hidden and mobile

base stations”- Capkun et al, INFOCOM (2006)-– Hidden/Mobile base stations– Node centric/Infrastructure centric positioning

• “Position-based Cryptography”-N. Chandran et al, CRYPTO (2009)– Impossibility of security against collusion attack– Bounded Retrieval Model– No pre-sharing of keys

10/23

ContributionsSecure location verification protocol (SLDV)

Use user nodes as dynamic verifiers Assume Majority of the users are honest Random Selection of users

No pre-shared key between prover and verifiers Key is established after successful verification

Secure against collusion attack Probability of detecting collusion attack Simulation

Hybrid approach with hidden based stations

11/23

Receive challenge ch at time tp

Protocol SLDV

Broadcast {ID1 ,ID2, ..}

Send random nonce ch and Sign(ch)–at time t

User List1. ID,location,skey,IV 2. ID,location,skey,IV

3. -------------------------

Receive response at time tv2Receive response

at time tv1

Receive response at time tv3

Receive response at time t1

Check correctness of tv1 and response

Check correctness of tv2

and response

Check correctness of tv3

and response

Send

Broadcast response: (ch, PubE(IV,k))

Select dynamic verifiers : { ID1

,ID2 ,.. }IDi (new)= IDi (prev) xor SymE(IVi, ki )

DV

Prover

Selected DV

Send Verification Result

Claim location p

Receive response at time t2

Check nonce correctness and send response times and own locations

Share correctness results

Take majority decision from all DV and threshold decision from Verifiers

12/23

Security Properties: SLDV• Case-1: Adversary does not know locations of usersProbability of Detecting collusion attack:

,where,

• Case-2: Adversary knows locations of usersProbability of Detecting collusion attack:

))2)1(/

809.0)(1((1 2/k

pdhdhSLDV hNrPPP

])1[(

2/

ikp

ip

k

kidh hh

ik

P

))2)1(/

809.0)(1((1' 2/k

pdhmdhmSLDV hNrPPP

13/23

Security: SLDV (Location is unknown)

14/23

Security: SLDV (Location is known)

15/23

Simulation Results (Location is unknown)

16/23

Simulation Results (Location is known)

17/23

Hybrid Approach

Combine hidden base station & dynamic verifier system Use a subset of the hidden base stations Require less dynamic verifiers Save on infrastructure Better performance with less trust on users

18/23

Hybrid Approach

19/23

Hybrid Approach

hp =0.7

20/23

Security Analysis

Security

Protection offered by Cryptographic

Constructs

Protection offered by Positioning of dynamic

verifiers

xA xColluder’s locationClaimed location

Dynamic verifier

Single Colluder

DV can not detect false claim when xA =x

21/23

Security Analysis

xA x

yyA

Single Colluder- Multiple DVMultiple

Colluders- Multiple DV

Colluder’s locationClaimed location

Dynamic verifier

Can not Detect when xA =x &

yA = y

22/23

Future Works

• Adding a reputation system to enhance the dynamic verifier selection process.

• Implementation of the protocol in real wireless environment.

• Extension of the protocol when prover and verifier has pre-shared key

23/23

Questions?