location spoofing attack and its countermeasures in ...kexiong6/talks/curtis_cns.pdf ·...
TRANSCRIPT
Location Spoofing Attack and Its
Countermeasures in Database-Driven
Cognitive Radio Networks
Kexiong (Curtis) Zeng,
Sreeraksha Kondaji Ramesh,
Yaling Yang.
Outline
Background and Motivation
Our Works
Overview of GPS Spoofing Attack and Existing
Countermeasures
Attack Model
Countermeasures and Evaluations
Future Work
1
Background
Background of database-driven cognitive radio networks
Enforced by FCC.
Primary users (PUs) and secondary users (SUs).
Submit location information to query the database.
Database allocates available spectrum to SUs.
2
Motivation
3
Location Security Loophole
Outline
Background and Motivation
Our Works
Overview of GPS Spoofing Attack and Existing
Countermeasures
Attack Model
Countermeasures and Evaluations
Future Work
4
Our Works
First to study the impact of GPS spoofing
attacks in cognitive radio networks (CRNs).
Formulate attack models & examine the
impact.
Analyze various countermeasures.
5
Outline
Background and Motivation
Our Works
Overview of GPS Spoofing Attack and Existing
Countermeasures
Attack Model
Countermeasures and Evaluations
Future Work
6
Overview of GPS Spoofing Attack
and Existing Countermeasures
Civilian GPS can be easily spoofed:
Transmit counterfeit GPS signals.
Rebroadcast GPS signals.
Existing Countermeasures:
Self-check algorithms.
Smart antennas.
7
Outline
Background and Motivation
Our Works
Overview of GPS Spoofing Attack and Existing
Countermeasures
Attack Model
Countermeasures and Evaluations
Future Work
8
Single GPS Spoofing Attacker
9
Attack Model
Random attack model
No knowledge about the database and currently registered SUs information.
Spoof SUs to a random location in the cell.
Optimal attack model
Access to the database and currently registered SUs information.
Spoof SUs to an optimal location in the cell.
10
Our Settings
Round-robin scheduling and List-coloring spectrum allocation.
WhiteSpaceFinder developed by Microsoft.
A 16km-radius single cell in Blacksburg, Virginia with 100m *100m resolution.
SUs are uniformly distributed.
11
Evaluate the Impact
Random and optimal attacks
1 km transmission range
30 simulation runs
15
Random vs. Optimal
16
The performance of random and optimal attack in a 1260-SU network.
Outline
Background and Motivation
Our Works
Overview of GPS Spoofing Attack and Existing
Countermeasures
Attack Model
Countermeasures and Evaluations
Future Work
17
Countermeasures
Centralized Detection Scheme (CDS)
Environmental-radio-based Location
Verification (ELV)
Peer Location Verification (PLV)
18
Centralized Detection Scheme
Maintain location traces for all SUs.
Detect abnormal mobility patterns.
Limitations:
Misclassification.
Cannot restore network operations.
Privacy violations to SUs.
19
Environmental-radio-based
Location Verification
SUs are software defined radios.
WiFi signal
Television signal
FM signal
Location crosscheck.
20
Implementation of ELV
21
26 red balloons indicate the locations of test points.
Localization Performance
22
Localization performance using FM radio signals.
ELV has some error ranges.
Effectiveness of ELV
Undetected GPS spoofing attacks.
Spoofed locations inside the error ranges.
Model as attacks with distance constraints.
23
Effectiveness of ELV
24
The probability is calculated by 30 individual simulations in a 84-SU network.
Limitations of ELV
Blind spots of the environmental radio
signal database.
Performance depends on the number of
local channels.
25
Peer Location Verification
26
Spoofed
Parameters
Initial anchor ratio .
Anchors transmit 𝑟-radius beacon signals with
probability 𝛽.
27
Convergence Speed
Divide time into discrete slots.
𝑝𝑖,𝑡: the probability of an SU 𝑖 is verified at
time 𝑡.
𝐏𝐭 = 𝑝1,𝑡, 𝑝2,𝑡, . . . , 𝑝𝑛,𝑡𝑇.
28
Convergence Speed
Time evolution of the probability :
𝐏𝐭 = (𝐈 + 𝛽𝐀)𝐏𝐭−1 = 𝐁𝐏𝐭−1 = 𝐁𝑡𝐏0,
where 𝐁 = (𝐈 + 𝛽𝐀), 𝐈 is the identity matrix
and 𝐀 is the adjacency matrix.
29
Convergence Speed
Derive a lower bound for the increasing of
verified SU number:
where N𝑡 is the time evolution of verified SU
number, 𝜆1,𝐵 is the largest eigenvalue of 𝐁,
𝐶 is a constant.
30
Evaluation of PLV
Missed detection (false negative)
Isolated SUs
31
Missed Detection
32
False negative SU ratio = number of non−detected victim SUsTotal number of non−anchor SUs
.
Evaluation of PLV
Missed detection (false negative)
Isolated SUs
False alarm (false positive)
Malicious anchor nodes
Majority Voting
33
False Alarm
34
False positive SU ratio=Number of SUs reporting false alarms
Total number of non−anchor SUs.
Discussion of PLV
Require some small initial anchor ratio and
SU density.
Good news:
Attackers are less likely to spoof extremely
sparse SU networks.
• Can hardly spoof enough SUs to cause serious PU
interference.
35
Outline
Background and Motivation
Our Works
Overview of GPS Spoofing Attack and Existing
Countermeasures
Attack Model
Countermeasures and Evaluations
Future Work
36
Future Work
Hybrid Countermeasure.
Independent of wireless signals.
A framework of sensing-based secure
location verification system for mobile
devices.
37