240 likes | 387 Views
The Robustness of Localization Algorithms to Signal Strength Attacks A Comparative Study. Yingying Chen, Konstantinos Kleisouris, Xiaoyan Li, Wade Trappe, and Richard P. Martin Dept. of Computer Science Wireless Information Network Laboratory Rutgers University May 16 th , 2006. Background.
E N D
The Robustness of Localization Algorithms to Signal Strength AttacksA Comparative Study Yingying Chen, Konstantinos Kleisouris, Xiaoyan Li, Wade Trappe, and Richard P. Martin Dept. of Computer Science Wireless Information Network Laboratory Rutgers University May 16th, 2006 Network/Computer Security Workshop, May 06
Background • Localizing sensor nodes is the building block for high-level applications: • Tracking, monitoring, and geometric-based routing • Location-based services become more prevalent • Received Signal Strength (RSS) is an attractive basis for indoor localization algorithms: • Reuse the existing communication infrastructure • 802.11, 802.15.4, Bluetooth support the technology • Tremendous cost saving Network/Computer Security Workshop, May 06
Motivation • Localization infrastructure became the target of malicious attacks (non-conventional security threats) • Important to understand how localization is affected by non-cryptographic attacks • Study the susceptibility of RSS-based localization algorithms to signal strength attacks: • Unanticipated power losses and gains • Attacks to the transmitting device or individual landmarks. Network/Computer Security Workshop, May 06
Goal • Study the behavior of RSS-based localization algorithms to signal strength attacks • Generate attack detection mechanisms for localization algorithms • Improve the current algorithms to tolerant attacks • Develop attack resistant algorithms Network/Computer Security Workshop, May 06
High Level Results • The average performance of all the algorithms in response to an attack is about the same • General rule of thumb: easy to conduct attack by 15 dB and cause the localization error of 20-30 feet • Need to makelocalization more robust to signal strength attacks • Preliminary work shows possibility of attack detection Network/Computer Security Workshop, May 06
Outline • Background and motivation • RF-based localization algorithms • Conducting signal strength attacks • Measuring attack susceptibility • Experimental study • Analysis and discussion • Conclusion • Related work • Future research Network/Computer Security Workshop, May 06
Summary of Algorithms under Study • Offline and online phases (attack during online) • Matching vs. signal to distance Network/Computer Security Workshop, May 06
A Generalized Localization Model Signal Space (R) Physical Space (D) F Sn S2 S1 G : a single point or a region Network/Computer Security Workshop, May 06
Outline • Background and motivation • RF-based localization algorithms • Conducting signal strength attacks • Measuring attack susceptibility • Experimental study • Analysis and discussion • Conclusion • Related work • Future research Network/Computer Security Workshop, May 06
Signal Strength Attacks • Materials – easy to access • Attacks – simple to perform with low cost • Linear relationship -linear attack model • Two approaches: • Attack on the entire set of landmarks • Attack on a single landmark Network/Computer Security Workshop, May 06
Outline • Background and motivation • RF-based localization algorithms • Conducting signal strength attacks • Measuring attack susceptibility • Experimental study • Analysis and discussion • Conclusion • Related work • Future research Network/Computer Security Workshop, May 06
Attack Susceptibility Metrics • Estimator distance error • Estimator precision • Höldermetrics • Relates the magnitude of the perturbation in signal space to its effect on the localization results: Network/Computer Security Workshop, May 06
Outline • Background and motivation • RF-based localization algorithms • Conducting signal strength attacks • Measuring attack susceptibility • Experimental study • Analysis and discussion • Conclusion • Related work • Future research Network/Computer Security Workshop, May 06
Experimental Setup(CoRE and Industrial Lab) - Floor plan: 200ft x 80ft (16000 ft2) - Deployment of 4 landmarks (somewhat co-linear) - 115 training points, 170 testing points - Floor plan: 225ft x 144ft (32400 ft2) - Deployment of 5 landmarks (more evenly distributed) - 115 training points, 138 testing points Network/Computer Security Workshop, May 06
Error AnalysisCoRE - all landmarks attenuation attack (10/15/25 dB) Network/Computer Security Workshop, May 06
Error AnalysisAll landmarks amplification attack (10 dB) CoRE Industrial Lab Network/Computer Security Workshop, May 06
Linear ResponseAttenuation Attack - All landmarks; Landmark 1, 2 and 3 All landmarks: ~ 1.55 ft/dB, single landmark: ~ 0.64 ft/dB Network/Computer Security Workshop, May 06
Worst-case ErrorCoRE: attenuation attack BN, R1, R2: 4ft/dB P1, P2: 3ft/dB ABP, GP, GR, SPM: 2ft/dB Exception: SPM ~ 0.61 Network/Computer Security Workshop, May 06
Precision Study: Example of Localization Results in CoRE Normal Attenuation attack (25dB) Landmark 1 SPM ABP BN Network/Computer Security Workshop, May 06
Conclusion • Localization error of all algorithms scales similarly under attack • With single exception of Bayesian Networks algorithm to individual landmark attacks • The average susceptibility to an attack is essentially identical • In order to lessen the worst-case effect of a potential attack, desirable to employ algorithms that perform averaging Network/Computer Security Workshop, May 06
Conclusion (cont.) • Degraded gracefully: linear scaling in localization error to attacks • No algorithm “collapses” in response to an attack • All landmarks attack: 1.3-1.8 ft/dB • Single landmark attack: 0.5-0.8 ft/dB • Rule of thumb: easy to attack by 15 dB, cause localization error of 20-30 ft • Precision increased for all three area-based algorithms: • A decrease and a spatial-shift in the returned area – bias is introduced • ABP significantly shrank the returned areas in response to large changes in signal strength – attack detection Network/Computer Security Workshop, May 06
Related Work • Category of localization algorithms: • Range-based[hightower01design, GPS, nissanka00 ], range-free [shang03, niculescu01aps],scene matching[youssef03localization,roos02stat, battiti02stat, bahl00] • Aggregate[dohertyl01, shang03]or singular (only refer to landmarks) • Non-cryptographic attacks affect localization: • Wormhole attacks[hu03packet]– shorten the distance between two nodes • Compromised nodes[zang05robust];compromised landmarks[liu05attack] • Pursue for secure localization algorithms • Distance bounding protocol [Capkun05] to upper-bound the distance between two nodes • Hidden and mobile base stations [Capkun06] to verify location estimate • Use directional antenna and distance bounding [lazos05] to achieve security • Robust statistical methods [zang05robust] to achieve reliable localization Network/Computer Security Workshop, May 06
Future Research • Study different attack models: • Attacks performed by the directional antenna • Develop attack detection mechanisms for RF-based localization algorithms • Extend the current algorithms to tolerant attacks • Derive attack resistant algorithms Goal:adversaries can not affect localization ! Network/Computer Security Workshop, May 06
Thank you & Questions Network/Computer Security Workshop, May 06