Slide 1

Report
Location Distinction using
Temporal Link Signatures
Neal Patwari, Electrical & Computer Engineering
CE Junior Seminar
Tuesday August 28, 2007
Joint work with
Sneha Kasera, School of Computing
Real-Time Location Service
• Market segments
healthcare,
transportation &
distribution, shipping,
manufacturing, mining,
military
• Market growth
– $2.7 billion by 2016
(IDTechEx) [1]
[1] “Report: RTLS Market Worth $2.7b in
2016”, RFID Update, Mar 6, 2006.
© 2007 Neal Patwari and Sneha Kasera
Slide 2
Problem: Unfulfilled Promise
• Tag costs: some are $100, need < $1
• Require triple-coverage for localization
– Current Wi-fi networks: single coverage
difficult!
• Multipath problems
– WhereNet at Ford couldn’t be used for RTLS
• Security issue
– localization at perimeter can be ‘faked’
© 2007 Neal Patwari and Sneha Kasera
Slide 3
Basic Idea: Detect Movement
•
Detect change in object location
– most assets should be stationary
– focus resources on rare moving assets
•
However, existing methods are costly!
– Accelerometers [2,3]: add $3 to each tag
– Doppler: require continuous transmission
– both: energy, cost, communication inefficient
© 2007 Neal Patwari and Sneha Kasera
Slide 4
Advantages: Link Signatures
• Need coverage of only one BS
• Sensitive to object movement (~1m)
– Benefits from the multipath channel
• No additional cost/complexity per device
– Complexity added to access point
• No continuous Tx/Rx
– will notice change in position at next reception
© 2007 Neal Patwari and Sneha Kasera
Slide 5
App: Wireless LAN Security
• Impersonation:
Identity theft for
radios
• Encryption, thus
access, can be
compromised
• MAC-address
spoofing
[1] HP, “Three Levels of Wireless Security”, Online:
http://docs.hp.com/en/T1428-90017/img/gfx2.gif
© 2007 Neal Patwari and Sneha Kasera
Slide 6
Advantages: Link Signatures
• Physical layer characteristic of the link
• Three Key Properties
– Non-measurement: Legitimate link’s signature
can’t be measured by attacker unless it is at
the transmitter or receiver location.
– Uniqueness: Attacker’s link signature won’t be
the same unless it is at the transmitter
location.
– Spoof-proof: An attacker can change its link
signature but can’t “spoof” an arbitrary link
signature unless it is at the receiver location.
© 2007 Neal Patwari and Sneha Kasera
Slide 7
Temporal Link Signatures
• Wireless channel filter h(t)
h(t) =
 i e-i (t-ti)
i
Sum of attenuated,
delayed impulse
functions
h(t)
t
© 2007 Neal Patwari and Sneha Kasera
Slide 8
Received Signal
• Received signal is filtered by channel
s(t)
S(f)
h(t)
H(f)
r(t) = s(t)  h(t)
R(f) = S(f) H(f)
© 2007 Neal Patwari and Sneha Kasera
Slide 9
Calculation of Link Signature
• Further convolve with the known tx signal
r(t)
R(f)
s*(t)
S*(f)
r’(t) = s(t)  h(t)  s*(t)
R’(f) = |S(f)|2 H(f)
© 2007 Neal Patwari and Sneha Kasera
Slide 10
Link Sig. is Estimate of Channel
• Typically |S(f)|2 is largely flat in-band, very
low out of band. (spectral efficiency)
H(f) = R’(f)  H(f)
• Use IFFT  h(t),
temporal link signature
• Time domain can
separate multipath
Figure: Spectral characteristic of
an OFDM signal (Erik Haas, DLR)
© 2007 Neal Patwari and Sneha Kasera
Slide 11
Measurement Experiment
• Meas’t set from Motorola office area
• Using a 40 MHz direct sequence spreadspectrum (DSSS) Tx and Rx
© 2007 Neal Patwari and Sneha Kasera
Slide 12
Measurement Experiment
Node locations
measured
Cubicle
Partitions
– 13 by 15 m area, and 44 devices (0.2 / m2)
– Multipoint-to-multipoint: 44 x 43 x 5 = 9460
measurements
© 2007 Neal Patwari and Sneha Kasera
Slide 13
Link Signature Measurements
• Link 13 to 43
• Link 14 to 43
• Each plot: 5 measurements of h(t)
• How different are they? Euclidean distance
metric
© 2007 Neal Patwari and Sneha Kasera
Slide 14
Link Meas’ts: Worst Case
• Temporal changes in channel can cause
change in link signature.
– Most widely varying set
© 2007 Neal Patwari and Sneha Kasera
Slide 15
Other PHY loc. distinction methods
• Use RSS only (multiple receivers)
• Use frequency-domain estimate H(f)
[1] D. B. Faria and D. R. Cheriton. Radio-layer security: Detecting identity-based attacks in
wireless networks using signalprints. In Proc. 5th ACM Workshop on Wireless Security
(WiSe'06), pages 43-52, Sept. 2006.
[2] Z. Li, W. Xu, R. Miller, and W. Trappe. Securing wireless systems via lower layer
enforcements. In Proc. 5th ACM Workshop on Wireless Security (WiSe'06), pages 33-42,
Sept. 2006.
© 2007 Neal Patwari and Sneha Kasera
Slide 16
Comparing Results
• Three Methods
– RSS [1]
– Link Signature
– Amplitude-Normalized Link Signature
• Measurement-based Leave-one-out (LOO)
Comparison
– First four meas’ts are history
– New measurement is compared
© 2007 Neal Patwari and Sneha Kasera
Slide 17
Comparison
• Compare 5th meas’t
on same link
• Compare 5th meas’t
from a different link
– If ‘close enough’ to a
meas’t in history
– If ‘close enough’ to a
meas’t in history
• Correct detection of
same link
– Not ‘close enough’
• False Alarm!
• Missed Detection!
– Not ‘close enough’
• Correct detection of a
Tx at a different location
2nd Tx
Tx
Rx
© 2007 Neal Patwari and Sneha Kasera
Slide 18
Performance with one Rx
• Adjustable results based on threshold
Zoom in
© 2007 Neal Patwari and Sneha Kasera
Slide 19
Multiple Receivers
• Can employ more than one receiver
(access point)
© 2007 Neal Patwari and Sneha Kasera
Slide 20
Performance with Three Rx
• Significantly higher reliability compared to one Rx
Zoom in
© 2007 Neal Patwari and Sneha Kasera
Slide 21
Current and Future Work
• Comparison with freq-domain link
signatures [Li 2006]
• Study of distance metrics
• Real-time Implementation
– 802.11 signals
– Using GNU Radio / USRP
– Emulab testbed
• Long-term tests
© 2007 Neal Patwari and Sneha Kasera
Slide 22
Reference
• N. Patwari and S. Kasera, “Robust Location
Distinction using Temporal Link Signatures”, to
appear in Proc. ACM Mobile Communications
Conference (MobiCom’07), Sept. 12, 2007.
© 2007 Neal Patwari and Sneha Kasera
Slide 23

similar documents