320 likes | 462 Views
Localization privacy. Mike Burmester, Florida State University, USA MITACS International Focus Period Advances in Network Analysis and its Applications. Talkthro ugh. His Late Master’s Voice: private localization Motivation: device discovery and sensor deployments in hostile territory
E N D
Localization privacy Mike Burmester, Florida State University, USA MITACS International Focus Period Advances in Network Analysis and its Applications
Talkthrough • His Late Master’s Voice: private localization • Motivation: device discovery and sensor deployments in hostile territory • RFID technology • Private localization protocols with • with temporal and location mechanisms • with temporal mechanisms only • with location mechanisms only • Private localization is not possible without some kind of temporal or location information. • Threat model and security issues. MITACS International Focus Period
His Late Master’s Voice ..A motivating paradigm • Bob died suddenly leaving his treasure to sister Alice • Moriarty will do anything to get the treasure. • Alice hides it together with Nipper, and promptly departs. (Nipper is a low-cost RFID device that responds only to her calls) • Alice can find the hidden treasure later when Moriarty is not around. Nipper listening to a recording of his late master painted by Francis Barraud who inherited from his late brother: Nipper, a phonograph and some recordings MITACS International Focus Period
His Late Master’s Voicem.Wrong painting!mnnnnmmNot a cylinder phonographbut a gramophone • Each RFID tag must only respond to authorized readers • Each authorized RFID reader must be authenticated without being challenged by the tag: any challenge by the tag will reveal its presence/position. • Localization privacy captures a novel aspect of privacy extending the traditional privacy notions of anonymity and unlinkability to private localization. MITACS International Focus Period
Localization privacy . Barking for privacy • Anonymity and unlinkability are slightly weaker notions: • Even though the adversary may not be able to recognize a tag, or link the tag's interrogation sessions, by knowing its location it can identify that tag to some degree. • Localization privacy is essentially a steganographic attribute. • The goal of steganography is to hide data in such a way that the adversary cannot detect its existence, while • The goal of private localization is to hide a device in such a way that its presence cannot be detected. MITACS International Focus Period
Localization privacy m. • Because localization privacy is essentially a steganographic attribute one would expect that any knowledge needed to enforce it is based on physical/environmental knowledge. • We shall see that localization privacy can only be achieved by using non-application layer data such as • Temporal or • Locational information. MITACS International Focus Period
Sensor deployments. Motivation • Suppose we want to deploy 10,000 sensors in a 100 km2 for passive monitoring in a hostile territory. • The lifetime of the system is expected to be at least 10 years. • Attached to the sensors are RFID tags which are their communication interface • The tags are not networked to prevent detection. • Robotic armored vehicles collect the monitored data at regular intervals. MITACS International Focus Period
Sensor deployments.in untrusted territory Monitoring environmental data and surveillance. Deployment is not necessarily uniform MITACS International Focus Period
Path of armored RFID reader.multiple interrogations MITACS International Focus Period
Device discovery,,,,,.one-time interrogations MITACS International Focus Period
RFID systems • RFID tags • a discardable technology? • low cost • replaceable • typically short-lived, but durable • Other RFID system components, RFID readers and a backend server: • Not necessarily low-cost • upgradeable • mid- to long-term life • Both: May protect high-value assets MITACS International Focus Period
RFID tags • Attached to, or embedded in, host objects to be identified. • Each tag is a transponder with an RF coupling element and may also have a microprocessor. • The coupling element has an antenna coil to capture RF power, clock pulses and data from the RFID reader. • The microprocessor has small amounts of ROM for storing, among other information, the tag's identification, volatile RAM and (potentially) nonvolatile EEPROM. MITACS International Focus Period
Types of passive tags • Smart label. Class 1 memory devices, typically Read-Only. Low cost replacements for bar codes. • Re-writable tags. Class 1 re-writable memory. Subject to unauthorized cloning, disabling, tracking. • IC tags. Class 2 tags with CMOS integrated circuit and non volatile EEPROM. Will defeat most attacks. • BAP tags. Battery assisted IC tags with an extended read range MITACS International Focus Period
RFID readers • An RFID reader is a device with storage, computing, and communication resources comparable to at least those of a powerful PDA. • It is equipped with a transceiver consisting of an RF module, a control unit, and an RF coupling element to interrogate the tags. • RFID readers implement a radio interface to the tags and also a high level interface to the Server that processes captured data. MITACS International Focus Period
Backend Server • A trusted entity that maintains a database with all the information needed to identify tags, including their identification numbers. • Since the integrity of an RFID system is entirely dependent on the proper behavior of the Server, it is assumed that the Server is physically secure and not subject to attacks. • As far as resources the Server is a powerful computing device with ample disk, memory, communication, and other resources. MITACS International Focus Period
Reader-tag coupling Affects the tag's reading range & the frequencies needed. • RFID capacitive (electric) coupling short ranges (subcentimeter for UHF near-field ) • RFID inductive (magnetic) coupling slightly longer ranges (submeter for UHF) • RFID backscatter coupling range: 10m--100m+ For localization privacy apps use backscatter coupling MITACS International Focus Period
Fine grained …. localization • Localization is based on analyzing RF signals emitted by the target. • The RF waveform is influenced by the paths traveled by the signal. • For fine granularity the raw signal waveform must be passed to the upper layers and processed using algorithms that understand that the intricate relations the wireless environment and the signal. MITACS International Focus Period
Localization algorithms Based on modeling the variations of RF signals in the environment. There are two types of algorithms. Those that: • Calibrate the RF signal distribution and then estimate the location. • Multilateration algorithms • Bayesian inference algorithms • Directly compute the location • Nearest-eighbor algorithms • Proximity algorithms • Kernel-based learning algorithms. MITACS International Focus Period
NLJ detectors • Non-Linear Junction detectors detect covert devices based on the fact that subjecting a NLJ to a strong high frequency spectrally pure microwave (888 or 915 MHz) will cause the junction to emit the lower harmonics of the signal. • A NLJ detector floods the target area with high frequency energy and detects the emitted harmonics from the target. • Will detect any electronic device that is not shielded, even if it is switched off. MITACS International Focus Period
Protocol 1…...................…………..bbb..……...………. TagTag knows its location & the time • The RFID reader sends: timer , locr;x =MACk(timer , locr) • The tag check it. If the values timer , locrare close enough to the locally measured values then it responds with: y =MACk(x) If this is correct the RFID reader accepts (the tag as authentic). Here kis a secret key that the RFID reader shares with the tag. Step 1 authenticates the reader to the tag This step can be thought of as a `response’ to the location & time challenge MITACS International Focus Period
Protocol 1…..on….,,,,,bon bab.on Tag knows its location & time Localization • The actual location of the tag is determined by analyzing the RF signal waveform of its response yin Step 2 by using a localization algorithm. MITACS International Focus Period
Protocol 1…..on….,,,,,bon bab.on Tag knows its location & time Problem Scalability The RFID reader must send a different challenge to each one of the tags, if it does not know an approximate location of the tags. [Public Key cryptography will address this issue---use ECC] MITACS International Focus Period
Protocol 2…..….,,,,,bon bab.on Tag knows the time only • The RFID reader sends: timer , x =MACk(timer) • The RFID tag check this. If it is correct it responds with: y =MACk(x) If this is correct the RFID reader accepts . Step 1 authenticates the reader to the tag. This step can be thought of as a `response’ to the time challenge MITACS International Focus Period
Protocol 2…..nm.,,,,,bon bab.on …Tag knows the time only Problem: Clocks must be synchronized. This problem cannot be solved for lightweight applications! MITACS International Focus Period
Protocol 3….……..m.,,,,,bon bab.on …Tag knows its location only Suppose the tag and reader share a synchronized counter ct • The reader sends: ct, locr;x =MACk(ct, locr) • If this is correct the tag responds with: y =MACk(x) and updates the counter. If y is correct the reader accepts the tag. MITACS International Focus Period
Protocol 3….….…..m.,,,,,bon bab.on …Tag knows its location only Problem: Counter values must be synchronized Can be done: the tag must always stores the one but last value of the counter and update it only the reader sends the current value of the counter in Step 2. . [Update at tag in Step 2 ifct = ctcur: ctoldctcur ctcur next (ctcur)] MITACS International Focus Period
….…….,,,,,bon babThe tag does not knowthe time or its location Localization privacy cannot be achieved when the tags are static and neither temporal nor location information is available. MITACS International Focus Period
The adversary A • A can eavesdrop on, and schedule, all communication channels • Adapt model to allow for localization technologies and radio jamming technologies • A must eavesdrop on at least one complete localization to localize a tag • Tag must backscatter, they cannot be capacitive or inductive. MITACS International Focus Period
The adversary A • A can be ubiquitous or local • With ubiquitous adversaries we can only have localization privacy for the first interrogation only • With local adversaries we can have localization privacy for multiple tag interrogations---but model is weak MITACS International Focus Period
Theorems….……. • Protocol 1 provides implicit mutual authentication with localization privacy for one-time tag interrogation applications against a ubiquitous adversary. For applications where the tags may be interrogated several times we only get weak localization privacy. • Protocol 2 provides implicit mutual authentication with localization privacy for one-time tag interrogation applications against a ubiquitous adversary. For applications where the tags may be interrogated several times we only get weak localization privacy. • Protocol 3 provides only implicit mutual authentication with weak localization privacy, unless highly synchronized clocks are available. • Localization privacy cannot be achieved when the tags are static if neither temporal nor location information is available. MITACS International Focus Period
Secure localization • Privacy --- unlinkability • Integrity --- the effect of radio jamming attacks and localization /NLJ attacks • Availability --- the effect of radio jamming and localization /NLJ attacks attacks MITACS International Focus Period
Any questions? Publications http://www.cs.fsu.edu/~burmeste/pubs.html MITACS International Focus Period