Add to collection(s) Add to saved
  1. Science
  2. Physics
  3. Electronics

Slides - Sigmobile

advertisement 
Where Are You From? Confusing Location
Distinction Using Virtual Multipath
Camouflage
Song Fang, Yao Liu
Wenbo Shen, Haojin Zhu
1
Content

Location distinction

Virtual multipath attacks

Defense

Experiment

Summary
2
Goal of location distinction
Detect a wireless user’s location change,
movement or facilitate location-based
authentication.
3
Applications:

Wireless sensor network: Location distinction can prevent
an unauthorized person from moving the sensors away
from the area of interest
4
Example 1:
5
Example 1 (Cont’d):
6
Applications:

Wireless sensor network: Location distinction can prevent
an unauthorized person from moving the sensors away
from the area of interest

Sybil attack: Location distinction can detect identities
originated from the same location
7
Example 2:
8
Example 2 (Cont’d):
From the same location
X
9
Applications:

Wireless sensor network: Location distinction can prevent
an unauthorized person from moving the sensors away
from the area of interest

Sybil attack: Location distinction can detect identities
originated from the same location

RFID: Provide a warning and focus resources on moving
objects (Location Distinction [MobiCom’ 07]).
10
Example 3:
Move
Control
11
Example 3:
Move
Control
12
Existing ways to realize location distinction
Spatial uncorrelation property
Wireless channel
characteristics
Change
Attack: Generate
“arbitrary”
characteristic
Location change
FAIL!!
13
Multipath effect
•Multipath components
ionosphere
1
Tx
2
s2
3
s3
s4
4
ground
y = x*h+n
Received
signal
s1
Transmitted
signal
Rx
Component response:
Characterizes the
distortion that each
path has on the
multipath component
Channel impulse
response: The
superposition of all
component responses
where, * is the convolution operator
14
Channel impulse response

The channel impulse response changes as the
receiver or the transmitter changes location
Rx
hTx-1®Rx ¹ hTx-2®Rx
Tx-1

Tx-2
Calculate the difference
D = hnew - h previous
Channel impulse responses can be utilized
to provide location distinction.
15
Channel Estimation

Training sequence based channel estimation
Training
Sequence x
Training
Sequence x
x
y
x = [ x1 , x1 , ..., x M ]
y = h*x + n
Channel Impulse
response
h = [ h1 , h1 , ..., h L ]
x
Estimator
h
16
Channel Estimation (Cont’d)
– Rewrite the received symbols
= Xh + n
A Toeplitz
matrix

Least-square (LS) estimator
17
Content

Location distinction

Virtual multipath attacks

Defense

Experiment

Summary
18
Example: Creating a virtual multipath
Obstacle
Received signal
t0
Received signal
t0
t0 + ∆ t
t0+∆ t
w1
t0+∆ t
w2
t0
Transmitter
Receiver
(a) Real multipath
Attacker
(dishonest transmitter)
Receiver
(b) Virtual multipath
19
Attack Overview: delay-and-sum process.
original
signal
no delay
w1
w2
weighted sum
L
......
Δt delay
......
Δt delay
wL
aggregated signal to the
realistic wireless channel
The attacker’s aims to make
H The
-1 ith delayed
H
wi si
signal copy
Ù
 h = (Xsi -X) X y = h
a
a
ya = xa * h + n
Virtual channel
xa 
i 1
impulse response
20
Technical Challenge: Obtaining the weights

Send the aggregated signal to the real multipath
channel
xa * h = x * ha
Xa h = Xha
∵ Xa h = Hx a
H
-1 H
\ x a = (H H) H (Xha )
∵ x a = Xw
-1
-1
w = (X X) X [(H H) H (Xha )]
H
H
H
H
21
Content

Location distinction

Virtual multipath attacks

Defense

Experiment

Summary
22
Defending against the attack: Adding a helper
)
)
hX 1 = h X 2
real c
Receiver
hann
e
l1
Virtual channel
......
......
Attacker
Helper
)
)
hX 1 ¹ hX 2
r ea
2
l
e
n
l chan
x1
x2
23
Defending against the attack: Adding a helper
¹
)
)
hX 1 = h X 2
real c
Receiver
hann
e
l1
Virtual channel
......
......
Attacker
Helper
=
)
)
hX 1 ¹ hX 2
r ea
2
l
e
n
l chan
x1
x2
In this case, the attacker must know the real channel
impulse response between herself and the helper.
24
Defending against the attack: Adding a helper

For Receiver:
1) h * x a1 = ha * x1
2) h * x a2 = ha * x 2

For Helper:
^
-1
h help1 = (X X1 ) X (h help * x a1 )
H
1
H
1
X1 ¹ X2
^
h help2 = (X2H X2 ) -1 X2H (h help * x a2 )
25
Attackers with helper
To fool both the receiver and the receiver’s helper,
the attacker needs to know the real channel impulse
responses: h11, h12 , h21, h22
h12 , h22
Can be set passively: it doesn’t actively
send out wireless signals to channel
26
Content

Location distinction

Virtual multipath attacks

Defense

Experiment

Summary
27
Experiment floorplan
RX
1
9
10
6
2
5
7
3
•
•
•
8
4
Transmitter: RX
• Trials: 100 per location
Receiver: 10 locations • Multipath: L=5
Each node: a USRP connected with a PC
28
Example attacks I

Randomly chosen channel impulse response
1
Real channel
Estimated channel
Chosen channel
Amplitude
0.8
Euclidean distance:
0.6
dhc -hr = 0.3025
0.4
0.2
1
dhc -he = 0.0686
2
3
Path
4
5
29
Example attacks II

Recover another channel impulse response in
another building (CRAWDAD data set[1])
0.4
CRAWDAD channel
Crafted channel
Amplitude
0.3
0.2
Euclidean distance:
d = 0.0036
0.1
0
0
100
200
Delay, ns
300
400
[1] SPAN, “Measured channel impulse response data set,”
http://span.ece.utah.edu/pmwiki/pmwiki.php?n=Main.MeasuredCIRDataSet.30
Overall attack impact
dest = || estimated CIR under attacks - chosen CIR ||
 dreal = || estimated CIR under attacks - real CIR ||

1
95%
Empirical CDF
0.8
0.6
0.4
P ( dest< x)
P(d
0.2
real
< x)
5%
0
0
0.25
0.9 1
0.5
1.5
x
dreal is much larger than dest with high probability
31
Experiment floorplan
RX
Helper
1
Attacker
9
10
6
2
5
7
3

8
4
Place the attacker and the helper at each
pair of the 10 locations: 10×9=90 pairs.
32
Defense feasibility evaluation

The Euclidean distance between both estimates:
0.8
0.7
Estimated from x
Estimated from x2
0.4
0.2
0
1
1
Estimated from x2
0.6
Amplitude
0.6
Amplitude
Estimated from x
1
0.5
0.4
0.3
2
3
Path
4
Receiver
drec = 0.0093
5
0.2
1
2
3
Path
4
5
Attacker: Receiver’s helper (Location 8)
Location 2
dhelper = 0.1199
33
Defense performance evaluation
1
Empirical CDF
0.8
0.6
0.4
P(d
0.2
0
0
P(d
0.1
rec
< x)
helper
0.2
< x)
0.3
x

Conclusion: The helper node is effective to help
detect virtual multipath attacks.
34
Content

Location distinction

Virtual multipath attacks

Defense

Experiment

Summary
35
Summary

We identified a new attack against existing
location distinction approaches that built on
the spatial uncorrelation property of wireless
channels.

We proposed a detection technique that
utilizes a helper receiver to identify the
existence of virtual channels.
36
Thank you!
Any questions?
37
Related documents
The Question
The Question
my take on multipath
my take on multipath
12_core_functions_of_a_counselor
12_core_functions_of_a_counselor
Whiteboard Configuration
Whiteboard Configuration
201208222133371.國小英語補救教學策略ben(314 KB )
201208222133371.國小英語補救教學策略ben(314 KB )
COMMUNICATION
COMMUNICATION
Community Helper Riddles
Community Helper Riddles
Chapter 9x
Chapter 9x
use of multicorrelator receivers for multipath parameters estimation
use of multicorrelator receivers for multipath parameters estimation
G17
G17
Download
advertisement