1 / 12

Location Measurements

Location Measurements. Target. Martin Thomson, IETF-77 draft- thomson-geopriv-held-measurements. Device. Location Generator. Location Server. Rule Maker. Location Recipient. Geopriv /Internet Location. Options for positioning are limited in the current architecture

dore
Download Presentation

Location Measurements

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Location Measurements Target Martin Thomson, IETF-77 draft-thomson-geopriv-held-measurements Device Location Generator Location Server Rule Maker Location Recipient

  2. Geopriv/Internet Location • Options for positioning are limited in the current architecture • HELD, DHCP provide purely network-based positioning • Wiremap tracing • Network based timing • Device-based positioning is purely autonomous • GPS • User-provided location

  3. Co-operative Positioning Access Network Location Generator Device The LG has knowledge of the network topology The Device can take measurements The LG can retrieve information from the network Cooperation between LIS/LG and Device enables more positioning options: A-GPS, radio timing (RTT, TDOA), radio camera

  4. Security Problems • Using measurements to: • gain someone else’s location • extract information about network topology • indirectly spoof location

  5. Problem A:Get Someone Else’s Location • Attacker somehow gets measurements for a victim • The LIS authorizes a request based on identity • The LIS does not check that the measurement is valid and produces the victim’s location • Limitations: in most cases, it’s quite hard to get measurements for someone else • This is easy only if you know the victim’s location • Additional measures might be necessary for some cases • e.g. LLDP exposes information that might be used

  6. Problem B:Network Topology Mapping • Based on the previous method • By repeatedly guessing measurements an attacker might acquire a map of the network • Matching measurements to locations • Determining network coverage and other potentially sensitive information • Limited by the same mechanisms • Place a rate limit on requests from clients

  7. Problem C:Lying by Proxy • It’s one thing to lie about your location • It’s another thing entirely to get someone else to do your lying for you • Measurements can be spoofed to coerce a LIS/LG to provide a falsified location • Any credibility granted to the LIS/LG above that of the Device is thereby gained • It’s straightforward to spoof measurements

  8. Option 1:“We don’t need no water…” • Existing location systems are trivially spoofed…and no one seems to care • Location information is largely produced for ultimate use by Targets (navigation, etc…) • There is no gain in spoofing for these applications • These systems aren’t a fair comparison • A number of factors limit the feasibility of spoofing in existing systems • Locked hardware, difficulty of implementation, advanced knowledge, limited and controlled device deployments • The Internet community is resourceful enough to overcome these inconveniences

  9. Option 2:Check your inputs • Measurements can be checked • Just as we have mandated for identifiers • Works for A, B, and C • Doesn’t work for all types of measurements • A network-based location service cannot check every type of measurement • Would invalidate many methods • …and severely constrain others

  10. Option 3:Sanity check outputs LG determined location Bad: outside uncertainty Probably ok Compare the result of using measurements with an independently obtained location It’s only possible to get a more accurate result if you can tolerate some uncertainty Limits scope of attacks, doesn’t prevent them

  11. Option 4:Assign blame • Make it clear when location information is based on information that wasn’t checked • Create new labels for PIDF-LO that identify the nature of the source (LIS/Device/Other) • Could be used to address shortcomings of the previous option • Could also include verified data that is appropriately labelled • Decisions on trust are handled by recipients • Recipients exercise option 1 at their discretion • More accurate location is available

  12. Actions Device Location Generator • draft-thomson-geopriv-held-measurements • Describes one protocol mechanism for exchanging measurements • A framework for providing measurements • Aside from the problem presented today • The set of measurements and the protocol interactions need definition • Is this work headed in the right direction?

More Related