No Matter Where You Go, There You Are: Secure Localization Techniques for Mobile Wireless NetworksSeminar on Applications of MathematicsUVa Institute of Mathematical Science2 December 2004http://www.cs.virginia.edu/evans/talks/sam/

David EvansUniversity of Virginia

Computer Science

2

Computing is Entering Real World

Desktop PCProtected BoxNarrow Interface1 Machine per

User-Admin

Sensor NetworkUnprotected NodesRich InterfaceThousands of Nodes

per Admin

3

Sensor NodesMICA2 Typical 2004

Desktop

Memory 644 KB(128 K program flash memory /4 K config EEPROM / 512 K data)

400 x (just RAM)130 000 x (hard drive)

Processor Speed

7 MHz 500 x

Electrical Power

~40mW2 AA batteries

2000 x~100W (CPU only)

Mass 18 grams (+ batteries)

167 x3kg

MICA2 Mote (UCB/Crossbow)

4

MICA2 Typical 2004 Desktop

Memory 0.01 x(4K 14-bit words)

644 KB(128 K program flash memory /4 K config EEPROM / 512 K data)

400 x (just RAM)130 000 x (hard drive)

Processor Speed

0.007 x(add in 20s)

7 MHz 500 x

Electrical Power

1500 x~70W

~40mW2 AA batteries

2000 x~100W (CPU only)

Mass 1667 x30kg

18 grams (+ batteries)

167 x3kg

MICA2 Apollo Apollo Guidance Guidance ComputerComputer

Photo: http://ed-thelen.org/comp-hist/

Typical 2004 Typical 2004 DesktopDesktop

5

MICA2 Typical 2004 Desktop

Memory 0.01 x(4K 14-bit words)

644 KB(128 K program flash memory /4 K config EEPROM / 512 K data)

400 x (just RAM)130 000 x (hard drive)

Processor Speed

0.007 x(add in 20s)

7 MHz 500 x

Electrical Power

1500 x~70W

~40mW2 AA batteries

2000 x~100W (CPU only)

Mass 1667 x30kg

18 grams (+ batteries)

167 x3kg

MICA2 Apollo Apollo Guidance Guidance ComputerComputer

Photo: http://ed-thelen.org/comp-hist/

Typical 2004 Typical 2004 DesktopDesktop

6

Sensor Network Applications

Reindeer Tracking (Sámi Network Connectivity Project)

Battlefield Event Tracking

Volcano Monitoringhttp://www.eecs.harvard.edu/~werner/projects/volcano/

Photo: http://news.bbc.co.uk/1/hi/technology/2491501.stm

7

This Talk

• Location Matters– How do nodes know where they are?

• Security (Sometimes) Matters

L. Hu and D. Evans. Localization for Mobile Sensor Networks. MobiCom 2004.

L. Hu and D. Evans. Using Directional Antennas to Prevent Wormhole Attacks. NDSS 2004.

8

Determining Location• Direct approaches

– Configured manually• Expensive• Not possible for ad hoc, mobile networks

– GPS• Expensive (cost, size, energy)• Only works outdoors, on Earth

• Indirect approaches– Small number of seed nodes

• Seeds are configured or have GPS

– Other nodes determine location based on messages received

9

Hop-Count TechniquesDV-HOP [Niculescu & Nath, 2003]Amorphous [Nagpal et. al, 2003]

Works well with a few, well-located seeds and regular, static node distribution. Works poorly if nodes move or are unevenly distributed.

r

1

1

2

23

3

33

4

4

4

44

5

5

6

7

8

10

Local TechniquesCentroid [Bulusu, Heidemann, Estrin, 2000]:Calculate center of all heard seed locations

APIT [He, et. al, Mobicom 2003]:Use triangular regionsDepend on a high density of

seeds (with long transmission ranges)

11

Our Goal

• (Reasonably) Accurate Localization in Mobile Networks

• Low Density, Arbitrarily Placed Seeds

• Range-free: no special hardware • Low communication (limited

addition to normal neighbor discovery)

12

Scenarios

NASA Mars TumbleweedImage by Jeff Antol

Nodes moving, seeds stationary

Nodes and seeds moving

Nodes stationary, seeds moving

13

Our Approach: Monte Carlo Localization

• Adapts an approach from robotics localization

• Take advantage of mobility:– Moving makes things harder…but

provides more information– Properties of time and space limit

possible locations; cooperation from neighbors

Frank Dellaert, Dieter Fox, Wolfram Burgard and Sebastian Thrun. Monte Carlo Localization for Mobile Robots. ICRA 1999.

14

MCL: Initialization

Initialization: Node has no knowledge of its location.

L0 = { set of N random locations in the deployment area }

Node’s actual position

15

MCL Step: Predict

Node’s actual position

Predict: Node guesses new possible locations based on previous possible locations and maximum velocity, vmax

Filter

Filter: Remove samples that are inconsistent with observations

Seed node: knowsand transmits location

rp(lt | lt-1) =

c if d(lt, lt-1) < vmax

0 if d(lt, lt-1) ≥ vmax

16

Observations

Indirect SeedIf node doesn’t hear a seed, but one of your neighbors hears it, node must be within distance (r, 2r] of that seed’s location.

Direct SeedIf node hears a seed,the node must (likely) bewith distance r ofthe seed’s location

S S

17

Resampling

Use prediction distribution to create enough sample points that are consistent with the observations.

N = 20 is good,N = 50is plenty

18

Recap: AlgorithmInitialization: Node has no knowledge of its location. L0 = { set of N random locations in the deployment area }

Iteration Step: Compute new possible location set Lt based on Lt-1, thepossible location set from the previous time step, and the new observations. Lt = { } while (size (Lt) < N) do R = { l | l is selected from the prediction distribution } Rfiltered = { l | l where l R and filtering condition is met } Lt = choose (Lt Rfiltered, N)

19

Convergence

Node density nd = 10, seed density sd = 1

Localization error converges in first 10-20 steps

0

0.2

0.4

0.6

0.8

1

1.2

1.4

1.6

1.8

2

0 5 10 15 20 25 30 35 40 45 50

Avera

ge E

stim

ate

Err

or

(r)

Time (steps)

vmax=.2 r, smax=0

vmax=r, smax=0

vmax=r, smax=r

20

Speed Helps and Hurts

Increasing speed increases location uncertainty ̶Y but provides more observations.

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

0.10.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2

Est

imat

e E

rror

(r)

vmax (r distances per time unit)

sd=1, smin=0, smax=vmax

sd=1, smax=smin=r

sd=2, smax=vmax

sd=2, smax=smin=r

Node density nd = 10

21

00.20.40.60.81

1.21.41.61.82

2.22.42.62.83

0.1 0.5 1 1.5 2 2.5 3 3.5 4

Est

imate

Err

or

(r)

Seed Density

MCL

Centroid

Amorphous

Seed Density

nd = 10, vmax = smax=.2r

Better accuracy than other localization algorithms over range of seed densities

Centroid: Bulusu, Heidemann and Estrin. IEEE Personal Communications Magazine. Oct 2000.

Amorphous: Nagpal, Shrobe and Bachrach. IPSN 2003.

22

Questionable Assumption:Radio Transmissions

r

Model: all nodeswith distance r heartransmission, no nodesfurther away do

r

Reality: radio tranmissionsare irregular

23

Radio Irregularity

nd = 10, sd = 1, vmax = smax=.2r

Insensitive to irregular radio pattern

0

0.2

0.4

0.6

0.8

1

1.2

1.4

1.6

1.8

2

0 0.1 0.2 0.3 0.4 0.5

Est

imate

Err

or

(r)

Degree of Irregularity (r varies ±dr)

MCL

Centroid

Amorphous

24

Questionable Assumption:Motion is Random

Model: modified random waypoint

Reality: environment creates motion

25

Motion

nd=10, vmax=smax=r

Adversely affected by consistent group motion

00.51

1.52

2.53

3.54

4.55

5.56

0 0.5 1 2 4 60

0.51

1.52

2.53

3.54

4.55

5.56

0 0.5 1 2 4 6

Est

imate

Err

or

(r)

Maximum Group Motion Speed (r units per time step)

sd =.3

sd =1

sd =2

0

1

2

3

4

0 20 40 60 80 100 120 140 160 180 200Est

imate

Err

or

(r)

Time

Random, vmax=smax=.2r

Area Scan

Random, vmax=0, smax=.2r

Scan

Stream and Currents Random Waypoint vs. Area Scan

Controlled motion of seeds improves accuracy

26

What about

security?

27

Localization Security Issues

• Denial-of-Service: prevent node from localizing– Global: jam GPS or radio transmissions– Local: disrupt a particular nodes localization

• Confidentiality: keep location secret• Verifiability: prove your location to others• Integrity

– Attacker makes node think it is somewhere different from actual location

28

MCL Advantages• Filtering

– Bogus seeds filter out possible locations– As long as one legitimate observation is

received, worst attacker can do is denial-of-service

• Direct– Does not require long range seed-node

communication

• Historical– Current possible location set reflects history of

previous observations

29

Authenticating Announcements(Simple, Insecure Version)

1. S region IDS Broadcast identity2. N S IDN Send identity3. S N EKNS

(LS ) Respond with location encrypted

with shared key

S N

1. IDS2. IDN

3. EKNS

(LS)

KNS is a pre-loaded pairwise shared key

Vulnerable to simple replay attacks

30

Authenticating Announcements

1. S region IDS Broadcast identity2. N S RN | IDN Send nonce challenge3. S N EKNS

(RN | LS ) Respond with location

S N

1. IDS2. RN | IDN

Prevents simple replay attacks (but not wormhole attacks)

3. EKNS(RN |

LS)

31

Broadcast Authentication

• Requires asymmetry:– Every node can verify message– Only legitimate seed can create it

• Traditional approach: asymmetry of information (public/private keys)– Requires long messages: too

expensive for sensor nodes

• Instead use time asymmetry

32

Using Time Asymmetry

Time n Time n + 1

Based on Tesla: Perrig, et. al. 2002

KSn-1 | Sign (IDS | LS , KSn)

f is a one-way function (easy to compute f(x), hard to invert)Initially: nodes know KS0 = f max(x) for each seed seed knows x, calculates KSn = f max-n (x)Nodes verifies each key as it is received f (KS0) = KS1

Requires loose time synchronizationSaves node transmissions, multiple seed transmissions

KSn | Sign (IDS | LS , KSn + 1)

33

Wormhole Attack

X

Y

Attacker uses transceivers at two locations in the network to replay (selectively) packets at different

location

34

Protocol Idea

• Wormhole attack depends on a node that is not nearby convincing another node it is

• Periodically verify neighbors are really neighbors

• Only accept messages from verified neighbors

35

Previous Solutions: Light Speed is Slow

• Distance Bounding– Light travels 1 ft per nanosecond (~4

cycles on modern PC!)

• Packet “Leashes”• Use distance bounding to perform

secure multilateration• Need special hardware to instantly

respond to received bits

Yih-Chun Hu, Perrig and Johnson. INFOCOM 2003

Brands and Chaum, EUROCRYPT 1993

Capkun and Hubaux, 2004

36

Our Approach: Use Direction

Model based on [Choudhury and Vaidya, 2002]General benefits: power saving, less collisionsImprove localization accuracy

1

23

4

5 6

North

Aligned to magnetic North, so zone 1 alwaysfaces East

Omnidirectional TransmissionDirectional Transmission from Zone 4

37

Directional Neighbor Discovery A

1. A Region HELLO | IDA

Sent by all antenna elements (sweeping)

2. B A IDB | EKBA (IDA | R | zone (B, A))Sent by zone (B, A) element, R is

nonce3. A B R

Checks zone is opposite, sent by zone (A, B)

B

zone (B, A) = 4is the antennazone in whichB hears A

1

23

4

5 6

38

1

23

4

5 6

A Bzone (B, A[Y]) = 1

zone (A, B [X]) = 1 False Neighbor:

zone (A, B) should be opposite zone (B, A)

Detecting False Neighbors

X Y

39

A B

zone (B, A[Y]) = 4

zone (A, B [X]) = 1

Undetected False Neighbor: zone (A, B) = opposite of zone (B, A)

Not Detecting False Neighbors

1

23

45 6

X Y

Directional neighbor discovery prevents 1/6 of false direct links…but doesn’t prevent disruption

40

Observation: Cooperate!

• Wormhole can only trick nodes in particular locations

• Verify neighbors using other nodes• Based on the direction from which

you hear the verifier node, and it hears the announcer, can distinguish legitimate neighbor

41

Verifier Region

v

zone (B, A) = 4zone (V, A) = 3

1

23

4

5 6

A verifier must satisfy these two properties:1. B and V hear A in different zones:

zone (B, A) ≠ zone (V, A) proves B and V don’t hear A through wormhole2. Be heard by B in a different zone:

zone (B, A) ≠ zone (B, V) proves B is not hearing V through wormhole

zone (B, A) = 4zone (B, V) = 5(one more constraint will be explained soon)

42

Worawannotai Attackv

B

A

Region 1

Region 2

X

1

23

5 6

23

4

5 6

V hearsA and B directly

A and B hear V directly

But, A and B hear each other only through repeated X

43

Preventing Attack

1. zone (B, A) zone (B, V) 2. zone (B, A) zone (V, A)3. zone (B, V) cannot be both adjacent to zone (B, A) and adjacent to zone (V, A)

44

V

Verified Neighbor Discovery

1. A Region Announcement, done through sequential sweeping2. B A Include nonce and zone information in the

message3. A B Check zone information and send back the

nonce

A B 4. INQUIRY | IDB | IDA | zone (B, A)

5. IDV | EKBV (IDA | zone (V, B))

Same asbefore

4. B Region Request for verifier to validate A5. V B If V is a valid verifier, sends confirmation6. B A Accept A as its neighbor and notify A

45

Cost Analysis• Communication Overhead

– Adds messages for inquiry, verification and acceptance

– Minimal for slow-changing networks

• Connectivity– How many legitimate links are lost

because they cannot be verified?

46

Lose Some Legitimate Links

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Link

Dis

covery

Pro

babili

ty

Node Distance (r)

Verified Protocol

Strict Protocol(Preventing

Worawannotai Attack)

Network Density = 10

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1Node Distance (r)

0

Verified Protocol

Strict Protocol(Preventing

Worawannotai Attack)

Network Density = 3

47

…but small effect on connectivity and routing

0

1

2

3

4

5

6

7

8

9

10

4 6 8 10 12 14 16 18 20

Avera

ge P

ath

Length

Omnidirectional Node Density

Strict Protocol

Trust All

Verified Protocol

Network density = 10

Verified protocol: 0.5% links are lost no nodes disconnectedStrict protocol: 40% links are lost 0.03% nodes

disconnected

48

Dealing with Error

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

0 10 20 30 40 50 60

Rati

o

Maximum Directional Error Degree

Lost Links, Strict Protocol

Disconnected Nodes, Strict Protocol

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

0 10 20 30 40 50 60Maximum Directional Error Degree

Lost Links, Strict Protocol

Disconnected Nodes

Network Density = 10Network Density = 3

Even with no control over antenna alignment, few nodes are

disconnected

49

Vulnerabilities

• Attacker with multiple wormhole endpoints– Can create packets coming from different

directions to appear neighborly

• Antenna, orientation inaccuracies– Real transmissions are not perfect

wedges

• Magnet Attacks– Protocol depends on compass alignment

50

Conclusion• Computing is moving into the real

world:– Rich interfaces to environment– No perimeters

• Simple properties of physical world are useful:– Space and time can be used to achieve

accurate localization cheaply– Space consistency requirements can

prevent wormhole attacks

51

Thanks!

Students: Lingxuan Hu, Chalermpong Worawannotai Nathaneal Paul, Ana Nora Sovarel, Jinlin Yang, Joel Winstead

Funding: NSF ITR, NSF CAREER, DARPA SRS

For slides and paper links: http://www.cs.virginia.edu/evans/talks/sam/