1 / 21

Secure Location Verification and Stabilization

A non-traditional approach to security for wireless network access, keyless car starting, secure gate opening, and more. Provides effective algorithmic solutions for location verification.

burtch
Télécharger la présentation

Secure Location Verification and Stabilization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. acceptance zone k r β Secure Location Verification and Stabilization Adnan Vora and Mikhail Nesterenko Kent State University

  2. Location Verification problem • description • have: protected asset • ensure: access to asset only if the principal is in correct location • applications: • wireless network access • keyless car starting • secure gate opening • perimeter protection and friendly force identification, etc. • appeal • immediate practical benefits • non-traditional approach to security • effective algorithmic solutions

  3. Outline • problem statement • basic solution • description and properties • immediate applications: securing arbitrary zones • extensions • improving efficiency • operating with non-circular signal propagation • protecting against directional antennas • using random sensor placement • stabilization and fault-tolerance

  4. protectionzone prover verifiers Problem Statement stated informally in[SSW’03] actors • (potentially malicious) prover(s) • arbitrary protection zone • a set of RF-capable verifiers problem specify: • placement rules for verifiers • prover  verifierscommunication protocol so that the verifiers accept the correctprover only if it is inside the protection zone and reject otherwise protocol is secure if a prover anywhere outside protection zone is rejected • assumptions • prover authentication not required • verifiers are trusted • intra-verifier communication is reliable and secure • signal propagation is perfectly omni-directional (unit-disk)

  5. Previous Approaches • use limited signal propagation speed (e.g. ultrasound) • a verifier radios prover • prover buzzes back • verifier computes roundtrip time and calculates distance • limitations • uncertainties of two mediums: sound and ether (echos, varying propagation speeds) • extra hardware needed: sounders and microphones • requires sequential verification (and time synchronizationbetween verifiers) RF prover .01secs=4ft sound verifiers

  6. Outline • problem statement • basic solution • description and properties • immediate applications: securing arbitrary zones • extensions • improving efficiency • operating with non-circular signal propagation • protecting against directional antennas • using random sensor placement • stabilization and fault-tolerance

  7. Basic Solution idea use broadcast nature of RF signalpropagation specifics • separate roles of verifiers • acceptor – receives signal from prover inside protection zone • rejector – receives signal from outside prover solution • communication protocol: • prover broadcasts signal to distance x, if no decision – increases distance by x • prover is accepted if only acceptors hear from prover, rejected otherwise, informed of decision • placement rules: to come x x acceptedprover x acceptors rejector rejectedprover

  8. Rejection Zone rejection zone – prover (correct ormalicious) is never accepted Lemma 1 [VN04] a pointon a plane is in rejectionzone if it is closer to the nearest rejector than the nearest acceptor Theorem 1 sensor placement is secure iff the rejectors’ Voronoi cells cover the area outside the protection zone rejection zone rejector rejector acceptor Voronoi diagram rejector rejector

  9. why ambiguity zone exists x x x x correct prover rejected malicous prover accepted Acceptance and Ambiguity Zones rejector rejector acceptance zone – correct prover is always accepted ambiguity zone – prover may (not) be accepted acceptor acceptance zone ambiguity zone rejector rejector Lemma 2: a point is in acceptance zoneif it is x closer to the nearest acceptor than to the nearest rejector

  10. Securing Polygons rejection zone protection gap – largest distance frompoint in rejection zone to nearestpoint outside protection zone – measures how far rejection zone encroaches upon protection zone protection is complete if protection gap is zero Lemma 3n-sided convex polygonis completely protected with n+1 verifiers Lemma 4 in this case, if the protection zone contains a circle of radius r, the acceptance zone contains an open disk of radius r-x/2 Theorem 2 An arbitrary n-sided polygonal protection zone can be completely secured with O(n) verifiers ambiguity zone acceptance zone x/2 protection zone boundary

  11. t Securing Arbitrary Protection Zones ambiguity gap – largest distance from a point in ambiguity zoneto nearest point outsideprotection zone Theorem 3 the numberof verifiers required to secure an arbitrary-shaped protection zone of area Sand perimeter P withconstant ambiguity gap is in O(P+S) Proof outline: • divide protection zone in squares with constant side t (number of such squares is in O(P+S)) , • protect each square individually with 5 verifiers acceptance zone x

  12. Outline • problem statement • basic solution • description and properties • immediate applications: securing arbitrary zones • extensions • improving efficiency • operating with non-circular signal propagation • protecting against directional antennas • using random sensor placement • stabilization and fault-tolerance

  13. Protecting against Directional Antennas rejectors assumption: fixed beamwidth β Theorem 5 an arbitrary shapedprotection zone can be securedagainst malicious provers using O(r) verifiers where r is radius of inscribed circle proof outline: idea – place rejectors such that if acceptor isreached so is rejector • inscribe circle with radius r • place rejectors on circumferenceof co-centric circle of radius r-k, where k – constant, space rejectors 2k tan(β/2) apart • place acceptor in the middle,  condition satisfied protectionzone acceptance zone acceptor k r β 2k tan(β/2) malicious prover

  14. Logarithmic Verification Time • basic algorithm: number of verification attempts is d/xwhere d – protection zone diameter • with more acceptors can be made logarithmic • add acceptor placement rule:for every point in the acceptance zone, there exists integer i≥0, such that there are no rejectors closer to this point than x2i+1 and at least one acceptor between x2i and x2i+1 • modify protocol: prover doubles its signal strength every verification attempt Theorem 5 modified protocol is correct and the maximum number of broadcasts is in O(logd)

  15. x/4 x/4 x/4 x/4 prover rejected no decision accepted a b Shrinking Ambiguity Zone • basic algorithm: ambiguity zone size isproportional to x • can be made arbitrarily small with additional verification attempts • recall: ambiguity zone is dueto discrete signal increments • idea: tune signal strength if rejected • modified protocol:if prover is rejected and the last signal increment is z, the prover decreases the signal strength by z/2and rebroadcasts; if no decision, the prover increases the signal stregth by z/2 and rebroadcasts; process continues until prover accepted Theorem 6 the modified protocol is correct and the number of extra broadcast attempts is proportional log(b-a)

  16. basic model definite r never prover complex model definite possible y never r prover Complex Signal Propagation • basic signal propagation model: unit-disk • complex (more realistic) model: a ring of possible signal reception zone delineation for complex model: Lemma 6: a point is in rejection zone if it is at least y closer to nearest rejector than acceptor Lemma 7: a point is in acceptance zone if it is at least x+y closer to nearest acceptor than rejector results similar to basic model apply signal reception

  17. boundary rejectors acceptance+ ambiguityzones border of protection zone rejectors Random Verifier Placement modified problem • verifiers are not aware of theirlocation • they are informed if they areinside or outside protection zone classification • an outside verifier is rejector • a verifier whose Voronoi neighbor is outside is rejector • rest are acceptors Theorem 7 verification protocol with random placement of verifiers solves location verification problem

  18. outsideverifiers boundary rejectors acceptors insideverifers rejectors Implementation of Random Placement • in practice radio neighborhoodcan be used to approximate Voronoi neighborhood • need to ensure appropriate verifier density on the border of protection zone • placement procedure • verifiers have read-only bit signifying inside/outside placement • classification procedure • if verifier or its neighbors have outside bit set – verifier is rejector, acceptor otherwise

  19. Outline • problem statement • basic solution • description and properties • immediate applications: securing arbitrary zones • extensions • improving efficiency • operating with non-circular signal propagation • protecting against directional antennas • using random sensor placement • stabilization and fault-tolerance

  20. Stabilization of Random Placement • observe: classification decisionis local – depends only on neighborhood topology  very robust • state correction – each verifier periodically checks the inside/outside bits of the neighbors and reevaluates its classification  global state • stabilizes • fault-contains • adaptively • in constant time/space/energy corrupt state

  21. Other Extensions and Further Info • distributed decision making – an acceptor only needs to contact neighboring rejectors • fault-tolerant rejector sets – redundant rejector sets independently covering rejection zone provide extra security and fault-tolerance guarantees • limited power provers – can be serviced with appropriately dense acceptor location • details:A. Vora, M. Nesterenko "Secure Location Verification Using Radio Broadcast”, Techreport TR-KSU-CS-2004-01,http://www.cs.kent.edu/~mikhail/Research/tr-ksu-cs-2004-01.pdf

More Related