260 likes | 418 Views
Location Privacy Preservation in Collaborative Spectrum Sensing. Shuai Li, Haojin Zhu, Zhaoyu Gao , Xinping Guan, Shanghai Jiao Tong University Kai Xing University of Science and Technology of China and Xuemin (Sherman) Shen University of Waterloo. Presenter: Haojin Zhu
E N D
Location Privacy Preservation in Collaborative Spectrum Sensing Shuai Li, Haojin Zhu, ZhaoyuGao, XinpingGuan, Shanghai Jiao Tong University Kai Xing University of Science and Technology of China and Xuemin (Sherman) Shen University of Waterloo Presenter: Haojin Zhu Associate Professor Computer Science & Engineering Department Shanghai Jiao Tong University
Outline • Background • Cognitive Radio Networks • Spectrum Sensing • Collaborative Spectrum Sensing • Existing Researches on Spectrum Sensing Security • Location Privacy Leaking Problem • Privacy Preserving Collaborative Spectrum Sensing • Experiment Results • Conclusion
Cognitive Radio Cognitive Radio:access the spectrum dynamically Traditional Spectrum Allocation Primary User (PU) PU uses the spectrum exclusively Cognitive Radio Secondary User (SU) SUs can access the idle spectrum Cognitive Radio is proposed to increase the efficiency of channel utilization under the current static channel allocation policy.
Spectrum Sensing Spectrum Sensing:In order to identify the idle spectrum, secondary users should sense the spectrum first. Spectrum 1 Spectrum 2 Which one is idle? …………………. Spectrum n
Collaborative Spectrum Sensing But, spectrum sensing accuracy is often degraded by: □Fading □Shadowing □Receiver Uncertainty Collaborative Spectrum Sensing is proposed to overcome these challenges. Step1: SUs sense the spectrum individually Step2: SUs submit the sensing reports to a fusion center Step3: Fusion center combines these reports Collaborative sensing is also facing a series of security threats!
Existing Research in Spectrum Sensing Security • 1 Attack: Primary Emulation Attack (JSAC'08, Oakland S&P'10, ) • 2 Attack: Sensing Data Falsification Attack (INFOCOM'08, TMC 2011, NDSS 2011) • 3 Attack: Selfishness in Collaborative Sensing (ACM MC2R) None of existing works consider the privacy issues in CR networks before!
Outline • Background • The Location Privacy Leaking Problem • Privacy Preserving collaborative Spectrum Sensing • Privacy Preserving Sensing Report Aggregation • Distributed Dummy Report Injection Protocol • Experiment Results • Conclusion
Exploiting Spectrum Sensing Reports for Involuntary Geo-localization- An Attacker Point of View The Good Side: Exploit spatial diversity for spectrum sensing SU SU Different Locations Correspond to Different Sensing Reports due to Spatial Diversity. SU A Converse Question: Could we exploit correlation of CR sensing reports and their physical location to make an involuntary geo-localization of SU. SU
Attack I: Single Report LocationPrivacy (SRLP) Attack Test bed Setup and Experiment Approach: Using USRP to detect the TV radio signal of 13 sampling regions. The attacker using classification algorithm to obtain spectrum characteristics of each region (the cluster centroids). Geo-localization a user by comparing the distance of the sensing data and the various cluster centroids. Single Report Location Privacy (SRLP) Attack:the adversary tries to compromise the location privacy of a CR user by correlating his sensing report and physical location.
Attack II: Differential Location Privacy Attack in Aggregation Mode Inspired from database security concept, differential privacy. In the context of CR security: Untrusted Fusion Center (Aggregator), secondary users may frequently join or leave the networks Even under the presence of privacy preserving aggregation solution Aggregation Result: Aggregation Result: We could get , then based on SRLP attack, we could infer its location.
Experimental Results for the Attack Result I: Significant location-dependent fluctuation in the RSS sensing of three Digital TV (DTV) channels. Result II: the attackers could localize a user within 10-50 meters accuracy with 90% successful rate by choosing a proper parameter How to enable the collaborative spectrum sensing without location privacy leaking?
Formal Definition on Location Privacyin Collaborative Spectrum Sensing We define the uncertainty of the adversary and thus the location privacy level of a node involved in a successful privacy preserving spectrum sensing by adopting the entropy concept as follows: the probability that user a is located in the region b Total number of regions • If the attacker could uniquely identify the location of the user, we can get and . • Otherwise, the entropy is maximum for a uniform probability distribution .
Outline • Background • The Location Privacy Leaking Problem • Privacy Preserving collaborative Spectrum Sensing • Privacy Preserving Sensing Report Aggregation • Distributed Dummy Report Injection Protocol • Experiment Results • Conclusion
Privacy Preserving collaborative Spectrum Sensing (PPSS) Distributed Dummy Report Injection protocol (DDRI) Privacy Preserving Sensing Report Aggregation Protocol (PPSRA) Conceal the user’s sensing reports when he leaves or joins the aggregation (thwarting the DLP attack) Conceal each user’s sensing reports in aggregation (thwarting SRLP attack)
Protocol I: PPSRA • Objective: Allowing the aggregator to obtain the aggregation results without knowing the individual sensing report. • E() is an homomorphic encryption such as Paillier or NDSS’11[1]. • Each data is encrypted by multiplying to prevent aggregator from recovering the individual data. By letting , we obtain . Aggregation Result … … Decrypt it for the aggregation result. Phase III: Decryption for the result Phase II: Multiplying the encrypted data Phase I: Individual Encryption • E. Shi, T. Chan, E. Rieffel, R. Chow, and D. Song, “Privacy-preserving aggregation of time-series data,” in Proc. of NDSS’11, 2011.
Protocol II: Distributed DummyReport Injection protocol (DDRI) Differential Location Privacy Attack: Traditional differential privacy protection approach needs to add a large noise to the sensing reports, which will seriously degrade the collaborative sensing performance, obviously deviating from the original goal of collaboration.
Distributed DummyReport Injection protocol Our Approach: LEAVE/JOIN Using some public available sensing data (dummy report) to replace the noises Broadcast the fusion center’s sensing results Send his own sensing results Send the center’s sensing results Our dummy report based approach will not pollutethe aggregation result.
Distributed DummyReport Injection protocol The introduced randomness in aggregation result can successfully confuse the attacker.
Distributed DummyReport Injection protocol Question1:How much randomness has been introduced? Question 2: What’s the impact introduced to collaborative sensing (the actual number of the sensing nodes)?
Distributed DummyReport Injection protocol Question 3: What’s the impact introduced to collaborative sensing (the weight of the dummy report)? In general, we will demonstrate that • our scheme can generate sufficient randomness to protect the user’s differential location privacy. • It has limited impact on collaborative sensing performance
Outline • Background • The Location Privacy Leaking Problem • Privacy Preserving collaborative Spectrum Sensing • Privacy Preserving Sensing Report Aggregation • Distributed Dummy Report Injection Protocol • Experiment Results • Conclusion
Experimental Results After executing our PPSS protocol, the entropy rises to a high level. This demonstrate that PPSS can well protect the user’s location privacy.
Experimental Results It demonstrates that a small is enough to protect the user’s location privacy. Meanwhile, a small means little impact on collaborative sensing.
Experimental Results This experiment result further demonstrates the practicality of our PPSS protocol.
Outline • Background • The Location Privacy Leaking Problem • Privacy Preserving collaborative Spectrum Sensing • Privacy Preserving Sensing Report Aggregation • Distributed Dummy Report Injection Protocol • Experiment Results • Conclusion
Conclusion and Future Work • We identify and formulate a new security threat in collaborative sensing • We introduce PPSS to protect secondary users’ location privacy in collaborative sensing. • We evaluate the effectiveness and efficiency of PPSS by implementation in a real experiment. • Our future work includes investigating the privacy issues in database-driven CR networks.