No Matter Where You
Go, There You Are:
Secure Localization
Techniques for Mobile
Wireless Networks
Seminar on Applications of Mathematics
UVa Institute of Mathematical Science
2 December 2004
http://www.cs.virginia.edu/evans/talks/sam/
David Evans
University of Virginia
Computer Science
Computing is Entering Real World
Desktop PC
Protected Box
Narrow Interface
1 Machine per UserAdmin
Sensor Network
Unprotected Nodes
Rich Interface
Thousands of Nodes
per Admin
2
MICA2 Mote
(UCB/Crossbow)
Sensor Nodes
MICA2
Typical 2004
Desktop
644 KB
400 x (just RAM)
(128 K program flash
memory /
4 K config EEPROM / 512 K
data)
130 000 x (hard drive)
Processor
Speed
7 MHz
500 x
Electrical
Power
~40mW
2 AA batteries
2000 x
~100W (CPU only)
Mass
18 grams
(+ batteries)
167 x
3kg
Memory
3
Apollo
Guidance
Computer
MICA2
MICA2
Typical 2004
Desktop
Typical 2004
644 KB
400 x (just RAM)
(128 K program flash
memory /
4 K config EEPROM / 512 K
data)
130 000 x (hard drive)
Processor 0.007 x
(add in 20s)
Speed
7 MHz
500 x
Electrical
Power
1500 x
~70W
~40mW
2 AA batteries
2000 x
~100W (CPU only)
Mass
1667 x
30kg
18 grams
(+ batteries)
167 x
3kg
Memory
0.01 x
(4K 14-bit words)
Photo: http://ed-thelen.org/comp-hist/
Desktop
4
Apollo
Guidance
Computer
MICA2
MICA2
Typical 2004
Desktop
Typical 2004
644 KB
400 x (just RAM)
(128 K program flash
memory /
4 K config EEPROM / 512 K
data)
130 000 x (hard drive)
Processor 0.007 x
(add in 20s)
Speed
7 MHz
500 x
Electrical
Power
1500 x
~70W
~40mW
2 AA batteries
2000 x
~100W (CPU only)
Mass
1667 x
30kg
18 grams
(+ batteries)
167 x
3kg
Memory
0.01 x
(4K 14-bit words)
Photo: http://ed-thelen.org/comp-hist/
Desktop
5
Sensor Network Applications
Volcano Monitoring
http://www.eecs.harvard.edu/~werner/projects/volcano/
Reindeer Tracking
(Sámi Network Connectivity Project)
Photo: http://news.bbc.co.uk/1/hi/technology/2491501.stm
Battlefield Event Tracking
6
This Talk
• Location Matters
– How do nodes know where they are?
L. Hu and D. Evans. Localization for Mobile
Sensor Networks. MobiCom 2004.
• Security (Sometimes) Matters
L. Hu and D. Evans. Using Directional Antennas
to Prevent Wormhole Attacks. NDSS 2004.
7
Determining Location
• Direct approaches
– Configured manually
• Expensive
• Not possible for ad hoc, mobile networks
– GPS
• Expensive (cost, size, energy)
• Only works outdoors, on Earth
• Indirect approaches
– Small number of seed nodes
• Seeds are configured or have GPS
– Other nodes determine location based on
messages received
8
Hop-Count Techniques
r
4
1
2
3
1
3
4
4
5
2
3
7
4
3
8
6
DV-HOP
[Niculescu & Nath,
2003]
Amorphous
[Nagpal et. al,
2003]
4
5
Works well with a few, well-located seeds and
regular, static node distribution. Works poorly if
nodes move or are unevenly distributed.
9
Local Techniques
Centroid [Bulusu,
Heidemann, Estrin,
2000]:
Calculate center of all
heard seed locations
Depend on a high density of seeds
(with long transmission ranges)
APIT [He, et. al,
Mobicom 2003]:
Use triangular
regions
10
Our Goal
• (Reasonably) Accurate Localization in
Mobile Networks
• Low Density, Arbitrarily Placed Seeds
• Range-free: no special hardware
• Low communication (limited addition to
normal neighbor discovery)
11
Scenarios
Nodes stationary, seeds moving
NASA Mars Tumbleweed
Image by Jeff Antol
Nodes moving, seeds stationary
Nodes and seeds moving
12
Our Approach:
Monte Carlo Localization
• Adapts an approach from robotics
localization Frank Dellaert, Dieter Fox, Wolfram
Burgard and Sebastian Thrun. Monte Carlo
Localization for Mobile Robots. ICRA 1999.
• Take advantage of mobility:
– Moving makes things harder…but provides
more information
– Properties of time and space limit possible
locations; cooperation from neighbors
13
MCL: Initialization
Node’s actual position
Initialization: Node has no knowledge of its location.
L0 = { set of N random locations in the deployment area }
14
MCL Step: Filter
Predict
Node’s actual position
p(lt | lt-1) =
c if d(lt, lt-1)
< vmax
0 if d(lt, lt-1)
≥ vmax
r
Seed node:
knows
and transmits
location
Predict:Remove
Node guesses
locationswith
based on
Filter:
samplesnew
thatpossible
are inconsistent
previous
possible locations and maximum velocity, vmax
observations
15
Observations
S
Direct Seed
If node hears a seed,
the node must (likely) be
with distance r of
the seed’s location
S
Indirect Seed
If node doesn’t hear a seed,
but one of your neighbors
hears it, node must be within
distance (r, 2r] of that seed’s
location.
16
Resampling
N = 20 is
good,
N = 50
is plenty
Use prediction distribution to create enough sample
points that are consistent with the observations.
17
Recap: Algorithm
Initialization: Node has no knowledge of its location.
L0 = { set of N random locations in the deployment area }
Iteration Step:
Compute new possible location set Lt based on Lt-1, the
possible location set from the previous time step, and
the new observations.
Lt = { }
while (size (Lt) < N) do
R = { l | l is selected from the prediction distribution }
Rfiltered = { l | l where l  R and filtering condition is met }
Lt = choose (Lt  Rfiltered, N)
18
Convergence
Average Estimate Error (r)
2
Node density nd = 10, seed density sd = 1
1.8
1.6
1.4
1.2
v max =.2 r , s max =0
1
0.8
v max =r, s max =0
0.6
0.4
v max =r, s max =r
0.2
0
0
5
10
15
20
25
30
35
40
45
50
Time (steps)
Localization error converges in first 10-20 steps
19
Speed Helps and Hurts
1
Node density nd = 10
0.9
Estimate Error (r)
0.8
0.7
0.6
0.5
sd=1, smin =0, smax =vmax
sd=1, smax =smin =r
0.4
0.3
sd=2, smax =vmax
0.2
0.1
0
sd=2, smax =smin =r
0.1 0.2 0.4
0.6 0.8 1
1.2 1.4 1.6
vmax (r distances per time unit)
1.8
2
Increasing speed increases location uncertainty
̶ but provides more observations.
20
Estimate Error (r)
Seed Density
3
2.8
2.6
2.4
2.2
2
1.8
1.6
1.4
1.2
1
0.8
0.6
0.4
0.2
0
nd = 10, vmax = smax=.2r
Centroid: Bulusu,
Heidemann and
Estrin. IEEE
Centroid
Personal
Communications
Magazine. Oct 2000.
Amorphous
Amorphous: Nagpal,
Shrobe and
Bachrach. IPSN
2003.
MCL
0.1 0.5
1
1.5
2
2.5
Seed Density
3
3.5
4
Better accuracy than other localization algorithms over
range of seed densities
21
Questionable Assumption:
Radio Transmissions
r
Model: all nodes
with distance r hear
transmission, no nodes
further away do
r
Reality: radio
tranmissions
are irregular
22
Radio Irregularity
2
nd = 10, sd = 1, vmax = smax=.2r
1.8
Estimate Error (r)
1.6
Centroid
1.4
1.2
1
Amorphous
0.8
0.6
MCL
0.4
0.2
0
0
0.1
0.2
0.3
0.4
Degree of Irregularity (r varies ±dr)
0.5
Insensitive to irregular radio pattern
23
Questionable Assumption:
Motion is Random
Model: modified
random waypoint
Reality:
environment
creates motion
24
Motion
Stream and Currents
Adversely affected by
consistent group motion
4
Estimate Error (r)
Estimate Error (r)
6
5.5
nd=10, vmax=smax=r
5
4.5
4
3.5
sd =.3
3
2.5
2
sd =1
1.5
1
sd =2
0.5
0
0 0.5 1
2
4
6
Maximum Group Motion Speed (r units per time step)
Random Waypoint vs. Area Scan
Random,
vmax=0, smax=.2r
3
2
Random, vmax=smax=.2r
Area Scan
1
Scan
0
0
20
40
60
80 100 120 140 160 180 200
Time
Controlled motion of seeds
improves accuracy
25
What
about
security?
26
Localization Security Issues
• Denial-of-Service: prevent node from
localizing
– Global: jam GPS or radio transmissions
– Local: disrupt a particular nodes localization
• Confidentiality: keep location secret
• Verifiability: prove your location to others
• Integrity
– Attacker makes node think it is somewhere
different from actual location
27
MCL Advantages
• Filtering
– Bogus seeds filter out possible locations
– As long as one legitimate observation is received,
worst attacker can do is denial-of-service
• Direct
– Does not require long range seed-node
communication
• Historical
– Current possible location set reflects history of
previous observations
28
Authenticating Announcements
(Simple, Insecure Version)
2. IDN
1. IDS
S
N
3. EKNS(LS)
1. S  region IDS
2. N  S
IDN
3. S  N
EKNS(LS )
KNS is a
pre-loaded
pairwise
shared key
Broadcast identity
Send identity
Respond with location encrypted
with shared key
Vulnerable to simple replay attacks
29
Authenticating Announcements
2. RN | IDN
1. IDS
S
N
3. EKNS(RN | LS)
1. S  region IDS
2. N  S
RN | IDN
3. S  N
EKNS(RN | LS )
Broadcast identity
Send nonce challenge
Respond with location
Prevents simple replay attacks (but not wormhole attacks)
30
Broadcast Authentication
• Requires asymmetry:
– Every node can verify message
– Only legitimate seed can create it
• Traditional approach: asymmetry of
information (public/private keys)
– Requires long messages: too expensive for
sensor nodes
• Instead use time asymmetry
31
Using Time Asymmetry
Based on Tesla:
Perrig, et. al. 2002
KSn-1 | Sign (IDS | LS , KSn)
Time n
KSn | Sign (IDS | LS , KSn + 1)
Time n + 1
f is a one-way function (easy to compute f(x), hard to invert)
Initially:
nodes know KS0 = f max(x) for each seed
seed knows x, calculates KSn = f max-n (x)
Nodes verifies each key as it is received f (KS0) = KS1
Requires loose time synchronization
Saves node transmissions, multiple seed transmissions
32
Wormhole Attack
Y
X
Attacker uses transceivers at two locations in the network
to replay (selectively) packets at different location
33
Protocol Idea
• Wormhole attack depends on a node
that is not nearby convincing another
node it is
• Periodically verify neighbors are really
neighbors
• Only accept messages from verified
neighbors
34
Previous Solutions:
Light Speed is Slow
• Distance Bounding
Brands and Chaum, EUROCRYPT 1993
– Light travels 1 ft per nanosecond (~4 cycles
on modern PC!)
Yih-Chun Hu, Perrig and
Johnson. INFOCOM 2003
• Packet “Leashes”
• Use distance bounding to perform secure
Capkun and Hubaux, 2004
multilateration
• Need special hardware to instantly
respond to received bits
35
Our Approach: Use Direction
3
2
4
1
5
Directional
Transmission
from Zone 4
North
6
Aligned to
magnetic North,
so zone 1 always
faces East
Omnidirectional Transmission
Model based on [Choudhury and Vaidya, 2002]
General benefits: power saving, less collisions
Improve localization accuracy
36
Directional
Neighbor
Discovery
3
4
2
1
A
5
6
B
zone (B, A) = 4
is the antenna
zone in which
B hears A
1. A  Region
HELLO | IDA
Sent by all antenna elements (sweeping)
2. B  A
IDB | EKBA (IDA | R | zone (B, A))
Sent by zone (B, A) element, R is nonce
3. A  B
R
Checks zone is opposite, sent by zone (A, B)
37
Detecting
False
Neighbors
A
X
3
2
4
1
5
zone (B, A[Y]) = 1
6
B
Y
zone (A, B [X]) = 1
False Neighbor:
zone (A, B) should be opposite zone (B, A)
38
3
Not Detecting
False Neighbors
A
X
zone (A, B [X]) = 1
2
4
1
5
Y
6
B
zone (B, A[Y]) = 4
Undetected False Neighbor:
zone (A, B) = opposite of zone (B, A)
Directional neighbor discovery prevents 1/6 of
false direct links…but doesn’t prevent disruption
39
Observation: Cooperate!
• Wormhole can only trick nodes in
particular locations
• Verify neighbors using other nodes
• Based on the direction from which you
hear the verifier node, and it hears the
announcer, can distinguish legitimate
neighbor
40
Verifier
Region
3
v
2
4
1
5
6
A verifier must satisfy these two properties:
zone (B, A) = 4
1. B and V hear A in different zones:
zone (V, A) = 3
zone (B, A) ≠ zone (V, A)
proves B and V don’t hear A through wormhole
2. Be heard by B in a different zone:
zone (B, A) = 4
zone (B, A) ≠ zone (B, V)
zone (B, V) = 5
proves B is not hearing V through wormhole
(one more constraint will be explained soon)
41
Worawannotai Attack
V hears
A and B directly
v
3
3
2
2
B
4
A
5
1
X
6
Region 1
5
6
Region 2
A and B hear
V directly
But, A and B
hear each other
only through
repeated X
42
Preventing Attack
1. zone (B, A)  zone (B, V)
2. zone (B, A)  zone (V, A)
3. zone (B, V) cannot be both adjacent to zone (B, A)
and adjacent to zone (V, A)
43
Verified Neighbor Discovery
V
A
1. A  Region
2. B A
3. A  B
5. IDV | EKBV (IDA | zone (V, B))
B 4. INQUIRY | IDB | IDA | zone (B, A)
Announcement, done through sequential sweeping
Include nonce and zone information in the message
Check zone information and send back the nonce
4. B  Region
5. V  B
6. B  A
Same as
before
Request for verifier to validate A
If V is a valid verifier, sends confirmation
Accept A as its neighbor and notify A
44
Cost Analysis
• Communication Overhead
– Adds messages for inquiry, verification and
acceptance
– Minimal for slow-changing networks
• Connectivity
– How many legitimate links are lost because
they cannot be verified?
45
Lose Some Legitimate Links
1
Network Density = 10
Network Density = 3
Verified
Protocol
Link Discovery Probability
0.9
0.8
0.7
Verified
Protocol
0.6
0.5
0.4
0.3
Strict Protocol
(Preventing
Worawannotai Attack)
Strict Protocol
(Preventing
Worawannotai Attack)
0.2
0.1
0
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9
Node Distance (r)
10
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
Node Distance (r)
46
…but small effect on connectivity
and routing
10
Network density = 10
9
Average Path Length
8
7
Strict Protocol
6
Verified Protocol
5
Trust All
4
3
2
1
0
4
6
8
10
12
14
16
18
20
Verified protocol:
0.5% links are lost
no nodes disconnected
Strict protocol:
40% links are lost
0.03% nodes
disconnected
Omnidirectional Node Density
47
Dealing with Error
Network Density = 3
1
1
0.9
0.9
0.8
0.8
0.7
Ratio
Network Density = 10
0.7
Lost Links, Strict Protocol
0.6
0.6
0.5
0.5
0.4
0.4
Disconnected
Nodes,
Strict Protocol
0.3
0.2
0.3
0.2
0.1
0
Lost Links, Strict Protocol
0.1
0
10
20
30
40
50
Maximum Directional Error Degree
60
0
Disconnected Nodes
0
10
20
30
40
50
Maximum Directional Error Degree
60
Even with no control over antenna
alignment, few nodes are disconnected
48
Vulnerabilities
• Attacker with multiple wormhole
endpoints
– Can create packets coming from different
directions to appear neighborly
• Antenna, orientation inaccuracies
– Real transmissions are not perfect wedges
• Magnet Attacks
– Protocol depends on compass alignment
49
Conclusion
• Computing is moving into the real world:
– Rich interfaces to environment
– No perimeters
• Simple properties of physical world are
useful:
– Space and time can be used to achieve
accurate localization cheaply
– Space consistency requirements can prevent
wormhole attacks
50
Thanks!
Students: Lingxuan Hu, Chalermpong Worawannotai
Nathaneal Paul, Ana Nora Sovarel,
Jinlin Yang, Joel Winstead
Funding: NSF ITR, NSF CAREER, DARPA SRS
For slides and paper links:
http://www.cs.virginia.edu/evans/talks/sam/
51