320 likes | 501 Views
Secure Localization : Location Verification and detection of Malicious nodes in WSN. Advisor: Dr. Tricia Chigan Presenter: Solomon Ayalew. Outline. Introduction and Background Location discovery in wireless sensor networks Localization systems Detection of malicious nodes
E N D
Secure Localization: Location Verification and detection of Malicious nodes in WSN Advisor: Dr. Tricia Chigan Presenter: Solomon Ayalew
Outline • Introduction and Background • Location discovery in wireless sensor networks • Localization systems • Detection of malicious nodes • Types of attacks on WSN’s • Cryptography in secure localization • Revocation of malicious nodes • Comparison of Secure Localization Algorithms
Introduction & background (I) • Wireless Sensor Ntk’s • Low cost, • Low power, • mobility of nodes dynamic topology, • withstand harsh environment • unattended operation, • ability to cope with node failure • Autonomous systems randomly deployed in remote hostile environments.
Introduction & background (II) • Multi functional • Applications • battlefield surveillance • enemy tracking • Environmental • medical and industrial fields • Their location play’s a very important role in their application • localization systems are target of attack • Wrong location:- wrong military plan, wrong decision
source of Pictureshttp://www.decentlab.com/index.php?id=2http://www.indefia.com/products/hardware/wsn/http://www.sics.se/~luca/profile.html
Cont… • Official terminologies • GPS is expensive. So new protocols come: • use special nodes called Beacon Nodes (landmarks, anchors, locators) • They Know their own location through GPS receivers or Manual configuration • Regular (unknown/free/dumb) nodes will learn from the beacons. • How???? • Detecting beacon node:- node performing detection on received signal • Target node:- node being detected • Node ID: - Id used by a detecting beacon node to make a target beacon node believe that a non-beacon node wants to communicate.
cont Deployment of sensor nodes. Ref [1]
Location discovery in WSN nodes. • Stage 1 • Non beacon nodes receive radio signal called Beacon Signal/Beacon Packet form Beacon nodes. • Beacon Packet = f (RSSI, ToA, TDoA, AoA, (x,y)) where • RSSI is Received Signal Strength Indicator. • ToA :- Time of Arrival. • TDoA Time Difference of Arrival. Location References • AoA:- Angle of Arrival • Stage 2 • Based on different References', nodes determine their own location with minimum estimation error. But if some beacon nodes r malicious???
Localization systems • Distance/angle estimation:- • Estimate regarding distance &/or angle b/n 2 nodes. • Based on RSSI, ToA, or hop count analysis. • This values are affected by Δ signal power or introduce noise obstacles or magnet to the sensor field. • Position computation:- • Compute the position of a node based on the received signal. • Some techniques use trilateration, multilateration or triangulation.
Cont… • Localization algorithms:- • Main component of the localization system • Distributed and multi-hop algorithms • Info manipulated; WSN nodes know their positions. • rref [6] Fig xx the division of localization systems in to 3 distinct components
Detection of malicious nodes Example. [1] ref [1] • Detecting node N sends request message to the target node NA. • Target node reply a Beacon Packet (beacon signal) that includes its own location (x’, y’). • Then the detecting node will do calculations • Estimates the distance between them based on Beacon signal.
Cont.. • Calculate the distance between them from (x’,y’)& (x,y) • If | - measured distance| > maximum measurement error, the node is Malicious • can’t be a node Malicious by satisfying the above condition ???? .... • Condition not satisfied mean this node is Malicious??? • Consider an attacker reply a previously captured signal. • DRBTS[7] (distributed reputation based beacon trust system):- each beacon node monitors its neighborhood for suspicious beacon nodes. • Build a trustworthy table so that other nodes will chose highly trustworthy nodes.
Types of Attack’s ref [8] • Distance fraud attack • Mafia fraud attack • Terrorist fraud attack • Wormhole attack • Sybil attack • Spoofing attack • Jamming • Overshadowing • Manipulation and Replay
Attacks against Location discovery beacon node NB attacking node NA Malicious node NB (x,y) (x’, y’) (x, y) I am NB location I am NB & my location is (x, y) (x’, y’) N N a) Masquerade beacon b) compromised beacon node Beacon node NB I am NB my location attacking node NA (x, y) is (x, y) (x’,y’) Malicious/ attacking node is a node that have access to a compromised cryptographic keys . I am NB @ (x,y) N c) Replay attack ref [1]
Cont… a) Sybil attack b) reply attack c) wormhole attack Ref [6]
Cont… • Sybil attack:- • Malicious node appears in different poistions. • Reply attacks:- • Store a received packet(from a beacon node) & respond it later. • Estimated distance & calculated distance are different. Cant be the some????
Cont… C ) Wormhole attack:- • Received signal by malicious node in 1 side of the ntk is sent and replicated by other side of the ntk. • Developed algorithms: Geographical Leashes, Directional antenna works if two nodes are neighbors. Temporal Leashes needs synchronization and large mem space to save auth. Keys. • Round trip time:- doesn’t need synchronization. • Assumption, all nodes are equipped with Wormhole detectors. RTT = [(R4-R1)-(R3-R2)] where t1: time to finish sending first byte of request t2: time to finish receiving first byte of request t3: time to finish sending first byte of reply t4: time to finish receiving first byte of reply
Cryptography in secure localization • Cryptograph is against externally deployed hostile nodes. • But here we are talking about compromised nodes. Attackers have access to secret keys and passwords • So most secure localization algorithms use non-cryptographic security techniques. • Cryptography is 2nd Line of defense. E.gHiRLoc, ROUPE, SeRLoc • Communication between beacon nodes &BS and some algorithms use cryptography. • E.gSPINe
Revocation of Malicious Nodes • A Beacon node will report its detection to the base station securely. ==>they use shared key. • Alert [detecting node ID, target node ID]. • Base station maintains alert counter & report counter. • Alert counter :- suspiciousness of this node. • Report counter:- # of alerts this node reported. • Why?? If malicious node repots against Benign B. nodes
Cont… • HiRloc/SeRloc • Rope • Liu et al • Based on Distance estimation • RTT (round trip time) • WRBTS • Keeps neighbor- reputation table • Trustworthiness by voting
Cont… • HiRloc (High resolution range independent localization) • Extended version of SerLoc (secure range independent localization) • doesn’t perform range measurment • Sensors don’t interact to determine their location • Beacon nodes called locaters • Locatorsknow their location and orientation (antenna) • Sensors determine their position Passively.
Location determination • Each locator transmits • Locators coordinate • Angel of sector boundary • Locators communication range • Sensors don’t perform • Signal strength measurement • angle of arrival measurement or time of flight • HirLoc and SeRloc are range independent
Cont… • Region of intersection (ROI) • Is the region formed by intersection of the locators signal • Location determination perfection • Varying the antenna orientation or rotation • Varying the communication range. • SeRloc do this by • Increasing the locator density • Narrower antenna sectors • hardware complexity, expensive • Weakness of HiRloc and SeRloc, assumption no Jamming
ROPE • ROPE (RObust Position Estimation) • Resistant to jamming • Accept the existence of malicious nodes • Assuming Benign nodes outnumber malicious nodes • Statistical and outlier filtering techniques • Sensors request update of their position • Assumption:- • Sensors share a pair wise key. • DBIR (Distance Bounding Intersection Region)
Location estimation in ROUPE • Sensor broadcasts it ID and nonce Ns • Locator that is in range performs distance bounding • Sensor defines its LDB • If LDB>=3 perform Verifiable Multilateration (VM) • Computes it location • Notify this to locators • Terminate the algorithm • If locator didn’t receive notification==> sensor don’t know his position. Do more specific steps looks like the above. • Weakness of ROPE, needs at least 3 locators unlike 2 for HiRloc/SeRloc
. ?
References • D.Liu, P.Ning, and W.Du “”Detecting Malicious beacon Nodes fir Secure Location Discovery in Wireless Sensor Networks” 25th ICDCS, 2005,pp.609-19. • L.lazos, R. Poovendran, and S.Capkun “Rope: Robust Position Estimation in Wireless sensor Networks” Proc IPSN, Apr. 2005 pp. 324-31 • L.lazos, and R. Poovendran, “Hirloc: High-Resolution Robust Localization for Wireless Sensor Networks ” IEEE JSAC Vol. 24, Feb 2006, pp. 233-46 • L.lazos, and R. Poovendran, “Serloc: Secure Range-independent Localization for Wireless Sensor Networks” IPSN, Apr. 2005, pp.324-31. • S.Capkun and J. Hubaux “Secure Positioning in Sensor Networks” … • A.Boukerche, H. Oleiveira, E. Nakamura and A. Loureio “Secure Localization Algorithms for Wireless Sensor Networks” … • Z. Li et al., “Robust Statistical Methods for Securing Wireless Localization in Sensor Networks” IPSN ’05, p. 12 • W. Ammar, A. ELDawy, M. Youssef “ Sensor Localization in a Wireless Sensor Networks” June 2007