Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download The Limits of Localization Using Signal Strength: A
Document related concepts
Network tap wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Airborne Networking wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Distributed firewall wikipedia , lookup
Wireless security wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Transcript
The Robustness of Localization Algorithms to Signal Strength Attacks A Comparative Study Yingying Chen, Konstantinos Kleisouris, Xiaoyan Li, Wade Trappe, and Richard P. Martin Dept. of Computer Science Wireless Information Network Laboratory Rutgers University May 16th, 2006 Network/Computer Security Workshop, May 06 Background Localizing sensor nodes is the building block for high-level applications: Tracking, monitoring, and geometric-based routing Location-based services become more prevalent Received Signal Strength (RSS) is an attractive basis for indoor localization algorithms: Reuse the existing communication infrastructure 802.11, 802.15.4, Bluetooth support the technology Tremendous cost saving Network/Computer Security Workshop, May 06 Motivation Localization infrastructure became the target of malicious attacks (non-conventional security threats) Important to understand how localization is affected by non-cryptographic attacks Study the susceptibility of RSS-based localization algorithms to signal strength attacks: Unanticipated power losses and gains Attacks to the transmitting device or individual landmarks. Network/Computer Security Workshop, May 06 Goal Study the behavior of RSS-based localization algorithms to signal strength attacks Generate attack detection mechanisms for localization algorithms Improve the current algorithms to tolerant attacks Develop attack resistant algorithms Network/Computer Security Workshop, May 06 High Level Results The average performance of all the algorithms in response to an attack is about the same General rule of thumb: easy to conduct attack by 15 dB and cause the localization error of 20-30 feet Need to make localization more robust to signal strength attacks Preliminary work shows possibility of attack detection Network/Computer Security Workshop, May 06 Outline Background and motivation RF-based localization algorithms Conducting signal strength attacks Measuring attack susceptibility Experimental study Analysis and discussion Conclusion Related work Future research Network/Computer Security Workshop, May 06 Summary of Algorithms under Study Area-based Point-based 1.Simple Point Matching (SPM) 2. Area Based Probability (ABP) 3. Bayesian Networks (BN) 4. RADAR (R1) 5. Averaged RADAR (R2) 6. Gridded RADAR (GR) 7. Highest Probability (P1) 8. Averaged Highest Probability (P2) 9. Gridded Highest Probability (GP) • Offline and online phases (attack during online) • Matching vs. signal to distance Network/Computer Security Workshop, May 06 A Generalized Localization Model Physical Space (D) F Signal Space (R) Sn S2 S1 G : a single point or a region Network/Computer Security Workshop, May 06 Outline Background and motivation RF-based localization algorithms Conducting signal strength attacks Measuring attack susceptibility Experimental study Analysis and discussion Conclusion Related work Future research Network/Computer Security Workshop, May 06 Signal Strength Attacks Materials – easy to access Attacks – simple to perform with low cost Linear relationship linear attack model Two approaches: Attack on the entire set of landmarks Attack on a single landmark Network/Computer Security Workshop, May 06 Outline Background and motivation RF-based localization algorithms Conducting signal strength attacks Measuring attack susceptibility Experimental study Analysis and discussion Conclusion Related work Future research Network/Computer Security Workshop, May 06 Attack Susceptibility Metrics Estimator distance error Estimator precision Hölder metrics Relates the magnitude of the perturbation in signal space to its effect on the localization results: Network/Computer Security Workshop, May 06 Outline Background and motivation RF-based localization algorithms Conducting signal strength attacks Measuring attack susceptibility Experimental study Analysis and discussion Conclusion Related work Future research Network/Computer Security Workshop, May 06 Experimental Setup (CoRE and Industrial Lab) - Floor plan: 200ft x 80ft (16000 ft2) - Deployment of 4 landmarks (somewhat co-linear) - 115 training points, 170 testing points Network/Computer Security Workshop, May 06 - Floor plan: 225ft x 144ft (32400 ft2) - Deployment of 5 landmarks (more evenly distributed) - 115 training points, 138 testing points Error Analysis CoRE - all landmarks attenuation attack (10/15/25 dB) Network/Computer Security Workshop, May 06 Error Analysis All landmarks amplification attack (10 dB) CoRE Network/Computer Security Workshop, May 06 Industrial Lab Linear Response Attenuation Attack - All landmarks; Landmark 1, 2 and 3 All landmarks: ~ 1.55 ft/dB, single landmark: ~ 0.64 ft/dB Network/Computer Security Workshop, May 06 Worst-case Error CoRE: attenuation attack BN, R1, R2: 4ft/dB P1, P2: 3ft/dB ABP, GP, GR, SPM: 2ft/dB Network/Computer Security Workshop, May 06 Exception: SPM ~ 0.61 Precision Study: Example of Localization Results in CoRE BN ABP SPM Normal Network/Computer Security Workshop, May 06 Attenuation attack (25dB) Landmark 1 Conclusion Localization error of all algorithms scales similarly under attack With single exception of Bayesian Networks algorithm to individual landmark attacks The average susceptibility to an attack is essentially identical In order to lessen the worst-case effect of a potential attack, desirable to employ algorithms that perform averaging Network/Computer Security Workshop, May 06 Conclusion (cont.) Degraded gracefully: linear scaling in localization error to attacks No algorithm “collapses” in response to an attack All landmarks attack: 1.3-1.8 ft/dB Single landmark attack: 0.5-0.8 ft/dB Rule of thumb: easy to attack by 15 dB, cause localization error of 20-30 ft Precision increased for all three area-based algorithms: A decrease and a spatial-shift in the returned area – bias is introduced ABP significantly shrank the returned areas in response to large changes in signal strength – attack detection Network/Computer Security Workshop, May 06 Related Work Category of localization algorithms: Range-based [hightower01design, GPS, nissanka00 ], range-free [shang03, niculescu01aps], scene matching [youssef03localization,roos02stat, battiti02stat, bahl00] Aggregate [dohertyl01, shang03] or singular (only refer to landmarks) Non-cryptographic attacks affect localization: Wormhole attacks [hu03packet] – shorten the distance between two nodes Compromised nodes [zang05robust]; compromised landmarks [liu05attack] Pursue for secure localization algorithms Distance bounding protocol [Capkun05] to upper-bound the distance between two nodes Hidden and mobile base stations [Capkun06] to verify location estimate Use directional antenna and distance bounding [lazos05] to achieve security Robust statistical methods [zang05robust] to achieve reliable localization Network/Computer Security Workshop, May 06 Future Research Study different attack models: Attacks performed by the directional antenna Develop attack detection mechanisms for RFbased localization algorithms Extend the current algorithms to tolerant attacks Derive attack resistant algorithms Goal: adversaries can not affect localization ! Network/Computer Security Workshop, May 06 Thank you & Questions Network/Computer Security Workshop, May 06
