Transcript Slide 1
Location Distinction using Temporal Link Signatures
Neal Patwari, Electrical & Computer Engineering CE Junior Seminar Tuesday August 28, 2007 Joint work with Sneha Kasera, School of Computing
Real-Time Location Service
• Market segments healthcare, transportation & distribution, shipping, manufacturing, mining, military • Market growth – $2.7 billion by 2016 (IDTechEx) [1] [1] “Report: RTLS Market Worth $2.7b in 2016”, RFID Update, Mar 6, 2006.
© 2007 Neal Patwari and Sneha Kasera Slide 2
Problem: Unfulfilled Promise
• Tag costs: some are $100, need < $1 • Require triple-coverage for localization – Current Wi-fi networks: single coverage difficult!
• Multipath problems –
WhereNet
at Ford couldn’t be used for RTLS • Security issue – localization at perimeter can be ‘faked’ © 2007 Neal Patwari and Sneha Kasera Slide 3
Basic Idea: Detect Movement
• • Detect change in object location – most assets should be stationary – focus resources on rare moving assets However, existing methods are costly!
– Accelerometers [2,3]: add $3 to each tag – Doppler: require continuous transmission – both: energy, cost, communication inefficient © 2007 Neal Patwari and Sneha Kasera Slide 4
Advantages: Link Signatures
• Need coverage of only one BS • Sensitive to object movement (~1m) – Benefits from the multipath channel • No additional cost/complexity per device – Complexity added to access point • No continuous Tx/Rx – will notice change in position at next reception © 2007 Neal Patwari and Sneha Kasera Slide 5
App: Wireless LAN Security
• Impersonation: Identity theft for radios • Encryption, thus access, can be compromised • MAC-address spoofing [1] HP, “Three Levels of Wireless Security”, Online: http://docs.hp.com/en/T1428-90017/img/gfx2.gif
© 2007 Neal Patwari and Sneha Kasera Slide 6
Advantages: Link Signatures
• Physical layer characteristic of the link • Three Key Properties – Non-measurement : Legitimate link’s signature can’t be measured by attacker unless it is at the transmitter or receiver location.
– Uniqueness : Attacker’s link signature won’t be the same unless it is at the transmitter location.
– Spoof-proof : An attacker can change its link signature but can’t “spoof” an arbitrary link signature unless it is at the receiver location.
© 2007 Neal Patwari and Sneha Kasera Slide 7
Temporal Link Signatures
• Wireless channel filter
h
( t )
h
( t ) =
i e -
i i
( t t
i
) Sum of attenuated, delayed impulse functions
h
( t ) t © 2007 Neal Patwari and Sneha Kasera Slide 8
Received Signal
• Received signal is filtered by channel
s
(
t
)
h
( t )
r
(
t
) =
s
(
t
)
h
(
t
)
S
(
f
)
H
(
f
)
R
(
f
) =
S
(
f
)
H
(
f
) © 2007 Neal Patwari and Sneha Kasera Slide 9
Calculation of Link Signature
• Further convolve with the known tx signal
r
(
t
)
s *
(
t
)
r’
(
t
) =
s
(
t
)
h
(
t
)
s *
(
t
)
R
(
f
)
S *
(
f
)
R’
(
f
) = |
S
(
f
) | 2
H
(
f
) © 2007 Neal Patwari and Sneha Kasera Slide 10
Link Sig. is Estimate of Channel
• Typically |
S
(
f
) | 2 is largely flat in-band, very low out of band. (spectral efficiency)
H
(
f
) =
R’
(
f
)
H
(
f
) • Use IFFT
h
(
t
) ,
temporal
link signature • Time domain can separate multipath Figure: Spectral characteristic of an OFDM signal (Erik Haas, DLR) © 2007 Neal Patwari and Sneha Kasera Slide 11
Measurement Experiment
• Meas’t set from Motorola office area • Using a 40 MHz direct sequence spread spectrum (DSSS) Tx and Rx © 2007 Neal Patwari and Sneha Kasera Slide 12
Measurement Experiment
Node locations measured Cubicle Partitions – 13 by 15 m area, and 44 devices (0.2 / m 2 ) – Multipoint-to-multipoint: 44 x 43 x 5 = 9460 measurements © 2007 Neal Patwari and Sneha Kasera Slide 13
Link Signature Measurements
• Link 13 to 43 • Link 14 to 43 • Each plot: 5 measurements of
h
(
t
) • How different are they? Euclidean distance metric © 2007 Neal Patwari and Sneha Kasera Slide 14
Link Meas’ts: Worst Case
• Temporal changes in channel can cause change in link signature.
– Most widely varying set © 2007 Neal Patwari and Sneha Kasera Slide 15
Other PHY loc. distinction methods
• Use RSS only (multiple receivers) • Use frequency-domain estimate
H
(
f
) [1] D. B. Faria and D. R. Cheriton. Radio-layer security: Detecting identity-based attacks in wireless networks using signalprints. In
Proc. 5th ACM Workshop on Wireless Security (WiSe'06)
, pages 43-52, Sept. 2006.
[2] Z. Li, W. Xu, R. Miller, and W. Trappe. Securing wireless systems via lower layer enforcements. In Proc. 5th ACM Workshop on Wireless Security (WiSe'06), pages 33-42, Sept. 2006.
© 2007 Neal Patwari and Sneha Kasera Slide 16
Comparing Results
• Three Methods – RSS [1] – Link Signature – Amplitude-Normalized Link Signature • Measurement-based Leave-one-out (LOO) Comparison – First four meas’ts are history – New measurement is compared © 2007 Neal Patwari and Sneha Kasera Slide 17
Comparison
• Compare 5 th meas’t on same link – If ‘close enough’ to a meas’t in history • Correct detection of same link – Not ‘close enough’ • False Alarm!
• Compare 5 th meas’t from a different link – If ‘close enough’ to a meas’t in history • Missed Detection!
– Not ‘close enough’ • Correct detection of a Tx at a different location 2 nd Tx Tx Rx © 2007 Neal Patwari and Sneha Kasera Slide 18
Performance with one Rx
• Adjustable results based on threshold Zoom in © 2007 Neal Patwari and Sneha Kasera Slide 19
Multiple Receivers
• Can employ more than one receiver (access point) © 2007 Neal Patwari and Sneha Kasera Slide 20
Performance with Three Rx
• Significantly higher reliability compared to one Rx Zoom in © 2007 Neal Patwari and Sneha Kasera Slide 21
Current and Future Work
• Comparison with freq-domain link signatures [Li 2006] • Study of distance metrics • Real-time Implementation – 802.11 signals – Using GNU Radio / USRP – Emulab testbed • Long-term tests © 2007 Neal Patwari and Sneha Kasera Slide 22
Reference
• N. Patwari and S. Kasera, “Robust Location Distinction using Temporal Link Signatures”, to appear in
Proc. ACM Mobile Communications Conference (MobiCom’07)
, Sept. 12, 2007.
© 2007 Neal Patwari and Sneha Kasera Slide 23