Você está na página 1de 11

International Journal of Research and Reviews in Applicable Mathematics & Computer Science, Vol. 1, No.

6, 2011

Detecting and Localizing Wireless Spoofing attacks using Frequency Domain Link Signature
Sathish Kumar V *1, Prabu M*2, Dr.Shanmugalakshmi R#3
*1PG Scholar, Department of Computer Science, Adhiyamaan College of Engineering, Hosur, Tamilnadu, India. *2 Lecturer Department of Computer Science, Adhiyamaan College of Engineering, Hosur, Tamilnadu, India #3 Assistant Professor, Department of Computer Science, Government College of Technology, Coimbatore, Tamilnadu, India

*1 sathish886@gmail.com *2 prabu_pdas@yahoo.co.in #3 shanmuga_lakshmi@yahoo.co.in

Abstract
Traditionally, a lot of issues in wireless sensor network using Temporal Link Signature, especially in the part of False alarm rate and Moment Detection. Here we mainly focus on Frequency Domain-Link Signature, which is the alternate method for temporal link signature. In general, we use of wider bandwidths and longer path lengths to generate a richer link signature space and make quality measurement on link signatures, more unique as a function of Transmitter (TX) and Receiver (RX) locations. In Temporal link signature is utilized 40 MHz chip rate on DS-SS system and covered relatively short path lengths (an average path length of 7.7 m).This is the major deficiency of the Temporal Link Signature. In this article, to investigate using a frequency domain link signature to uniquely identify the link between transmitter (TX) and a receiver (RX). When the TX changes location, or if an attacker at a different location assumes the identity of the TX, the proposed location distinction algorithm used to physical channel. The very high reliability of frequency domain link signature location distinction enables location distinction systems to detect the change in position of a transmitter even when using a single or multiple receivers. Hence, the methods are susceptible to node compromise. A good location distinction technique that can distinguish the location of spoofed nodes from the authentic nodes can prevent these attacks and increases the moment detection and reduce the false alarm rate. Index Terms: Location Distinction, Measurements, Deficiency, Spoofed, WSN.

1. INTRODUCTION
1.1. Wireless Sensor Networks
`Wireless Local Area Network (WLAN), which became increasingly viable for many reasons, the same wireless technology that can erase the physical limitations of wired communications to increase user flexibility, improve employee productivity, and lower cost of wireless network ownership. Wireless frequencies are designed for wireless receiver to connect any wireless network in the same way that they can tune into a radio station. A Wireless Local Area Network (WLAN) is a flexible data communications system that can use either infrared or radio frequency technology to transmit and receive information over the air. In 1997, 802.11 were implemented as the first WLAN standard. It is based on radio technology operating in the 2.4 GHz frequency and has a maximum throughput of 1 to 2 Mbps [5]. The currently most spread and deployed standard, IEEE 802.11b, was introduced late 1999. It still operates in the same frequency range, but with a maximum speed of 11 Mbps [11]. Sensor location must associate with measured sensor data and is needed geographic location-based routing methods. Location estimation must be done in an energy efficient manner, especially for networks of sensors with small batteries that must last for years. The energy required to estimate location must be expended

December Issue

Page 73 of 103

ISSN 2249 8931

International Journal of Research and Reviews in Applicable Mathematics & Computer Science, Vol. 1, No.6, 2011

when a sensor node moves, however the energy-efficient localization systems should not re-estimate location unless movement actually occurs. This implies that for energy efficiency in location estimation, sensor nodes must detect motion or a change in location.

1.2. Secure wireless networks


Security becomes a key factor to improve employee demand for access to their enterprises wireless network beyond the area of their office workstation. In addition, wireless access to a network and represent the entry point for various types of attacks. This can crash an entire network, render services unavailable, and potentially subject the enterprise to legal liabilities, so to understand that there are many factors affected on the quality and strength of the security. Such as the signal propagation characteristics, limited bandwidth, weak processing capability, and various other reasons. Wireless networks are vulnerable to Medium Access Control (MAC) address spoofing [17],[1]. As argued [17] an adversary at a different location can claim to be another node by spoofing address. One can use traditional cryptography methods prevent this spoofing. However, these methods are susceptible to node compromise. A good location distinction technique that can distinguish the location of spoofed nodes from the authentic nodes can prevent these attacks.

1.3. Location Estimation in WSNs


Location distinction is defined as determining whether or not the position of a device has changed. We introduce methods and metrics for performing location distinction in multiple channel wireless networks. Location distinction is fundamentally different from localization, in that location distinction is not concerned with the position of the transmitter, only whether or not it has moved.

1.4. Accelerometer Measurements


Accelerometers detect changes in velocity, and have found application in movement detection [1] its additional device cost could be prohibitive for applications such as barcode replacement. Further, as it would not detect motion from a sleep state, an accelerometer [2] needs continuous power, contrary to the low-power requirements of sensor network and RFID applications.

1.5. Doppler Measurements


Doppler is the frequency shift caused by the velocity of a transmitter (TX). Doppler measurements, similarly, only detect motion [2], [3] while the device is moving, not after it stops moving, thus transmission cannot be intermittent, like a packet radio.

1.6. Received Signal Strength (RSS) Measurements


RSS measurements contain information about a link, and are particularly useful when using multiple measurements at different receivers, the signal print of [17]. They can be used to detect movement of a TX [7]. However, in the network security application, adversaries can spoof their signal print using array or MIMO antennas which end different signal strengths in the directions of different access points. Moreover, for wireless sensor networks, multimode collaboration is expensive in terms of energy.

1.7. Link Signatures


Link Signatures for Location Distinction Secret key Establishment Perimeter Distinction Device for authentication To investigate location distinction, the ability of a receiver to determine when a transmitter has changed location, which has application for energy conservation in wireless sensor networks, for physical security of radio-tagged objects, and for wireless network security in detection of replication attacks. In this article to investigate using a measured Frequency Domain Link Signature to uniquely identify the link between a transmitter (TX) and a receiver (RX). When the TX changes location, or if an attacker at a different location assumes the identity of the TX, the proposed location distinction algorithm reliably detects the change in the physical channel. This detection can be performed at a single RX or collaboratively by multiple receivers. In use 9,000 link signatures recorded at different locations and over time to demonstrate that our method significantly increases the detection rate and reduces the false alarm rate, in comparison to existing methods. To present a procedure to estimate the mutual information in link and link signature using the Edge worth approximation [6].Detect change in object location

December Issue

Page 74 of 103

ISSN 2249 8931

International Journal of Research and Reviews in Applicable Mathematics & Computer Science, Vol. 1, No.6, 2011

Most assets should be stationary Focus resources on rare moving assets Detect change in object location Most assets should be stationary Focus resources on rare moving assets Sensitive to object movement (~1m) DS-SS system and covered relatively short path lengths Location estimation must be done in an energy efficient manner, especially for networks of sensors with small batteries that must last for years. The energy required to estimate location must be expended when a sensor node moves, however, energy-efficient localization systems should not re-estimate location unless movement actually occurs. This implies that for energy efficiency in location estimation, sensor nodes must detect motion or a change in location. To propose a robust location distinction mechanism that uses a physical layer characteristic of the radio channel between TX and RX, that we call a frequency domain- link signature. The frequency domain- link signature is the sum of the effects of the multiple paths from the TX to the RX, each with its own time delay and complex amplitude. Such a signature changes when the TX or RX changes position because the multipath in the link [15] change with the positions of the endpoints of that radio link.

2. METHODOLOGY
In this section, first define about the Frequency Domain Link Signature and highlight the strong dependence of the link signature on the multipath radio channel. To describe a real-time location distinction algorithm and then describe the multiple channel data gathered, which used to evaluate the location distinction algorithm. Then also describe the about link signatures, which is used to identify the state of the multipath channel at a given time and the metrics used to determine the difference between recent link signatures and the link signature history.

2.1. Frequency Domain Link Signature


Frequency Domain Link Signature [19] viewpoint that there are new modalities for securing wireless systems that can turn the nature of the wireless medium from a disadvantage into an advantage. In essence, rather than rely solely upon generic, higher-layer cryptographic mechanisms, as has been the norm, that it is possible to achieve a lower-layer approach that supports important security objectives, such as authentication and confidentiality. The enabling factor in our approach is that, in the rich multipath environment typical of wireless scenarios, the response of the medium along any transmit-receive path is frequency-selective [5] (or in the time domain, dispersive) in a way that is location-specific. In particular, channel characterizations (e.g. a set of complex gains at different frequencies, or the impulse response at different time delays) decor relate from one transmit-receive path to another if the paths are separated by the order of an RF [9] wavelength or more. These unique space, time, and frequency characteristics of the wireless physical layer can be used to augment traditional higher-layer authentication and confidentiality methods. Two wireless entities can identify or authenticate each others transmitter by tracking each other's ability to produce an appropriate received signal [17], [7] at the recipient. Similarly, the fact that pair wise radio propagation laws between two entities are unique and decorrelate quickly with distance can serve as the basis for establishing shared secrets. These shared secrets may be used as encryption keys for higher-layer applications or wireless system services that need confidentiality. In short, these two strategies suggest that merely using cryptographic methods does not capture the full spectrum of possible solutions that are available to the wireless engineer.

2.1.1 Real-time Location Distinction using FDLS


Location distinction is fundamentally different from localization, in that location distinction [18] is not concerned with the position of the transmitter, only whether or not it has moved. Location distinction should work under two uses, Case: (1) when a wireless device is continuously moving and Case: (2) when a wireless device and access point are stationary for a long time and suddenly a transmission with the same claimed identity is sent from a new location.

December Issue

Page 75 of 103

ISSN 2249 8931

International Journal of Research and Reviews in Applicable Mathematics & Computer Science, Vol. 1, No.6, 2011

Under use case (1) the algorithm should detect a new location with each transmission, while under use case (2) the algorithm should decide the new transmission is from a different location.

Fig. 1. Location Distinction Process Here to evaluate the performance of the general location distinction algorithm shown in Figure 1, in which channel impulse response measurements, called link signatures, are measured over time for a given link, and each new link signature is compared to those in a history of previous measurements in order to detect changes in position. To the authors knowledge no implementation and experimental evaluation of MIMO-based location distinction has been performed. To present the following work in order to characterize the performance of temporal signature-based location distinction in the context of a MIMO channel: 1) To introduce MIMO temporal link signatures for quantifying the state of the MIMO channel. 2) To perform two measurement experiments with two different experimental test beds in order to evaluate location distinction under two distinct use cases. 3) To evaluate spatially dense channel measurements in order to study the spatial evolution of temporal link signatures. 4) To evaluate several trade-offs between system design parameters and performance, including, link signature history size, bandwidth, complex vs. magnitude-only signatures, use of delay between measurements, and number of antenna elements. A real-time location distinction algorithm [18] is defined by the following steps, 1) Measure the current link signature. 2) Calculate the minimum distance E between the current link signature and the link signatures in the FIFO history H. 3) Compare the minimum distance E to a threshold . If E > , raise an alarm to Indicate that the receiver has moved since the last link signature was measured. If E < , do not raise an alarm, thereby indicating that the receiver has not moved since the last link signature was measured. 4) Add the current link signature to a FIFO delay buffer and add the oldest link signature in the delay buffer to the FIFO history H. 5) Return to step 1. The FDLS channel data used in this paper is collected using an 8 x 8 channel sounder [7]. For this data set, a multi-tone baseband signal is mixed with a carrier frequency of 2.55 GHz and transmitted to a stationary and a moving receiver. The transmitter is stationary for these measurements. The multi-tone signal is constructed as follows 39 xCB(t) = ej(2fit+i) i=0 (1)

December Issue

Page 76 of 103

ISSN 2249 8931

International Journal of Research and Reviews in Applicable Mathematics & Computer Science, Vol. 1, No.6, 2011

Where fi = (i + 0.5)MHz (2)

And I is a fixed random phase shift between 0 and included for each tone in order to spread the signal energy in time [3]. The signal xCB (t) is multiplied by a Gaussian window to combat artifacts generated by switching the signals on and off.

Fig. 2. Diagram of antenna array. The transmitter and receiver use identical arrays. The transmitter and receiver use uniform circular antenna arrays, as in Figure 2. These arrays have a nominal element spacing of /2 (where is the wavelength) and are well synchronized in both carrier frequency and phase. The wideband channel frequency response H (fi) for each antenna pair is computed by dividing the Fourier transform of the measured signal by the Fourier transform of the known transmit signal and separating the results into bins which correspond to the tones in the transmitted signal. The wideband channel impulse response is calculated as

h(t)=F-1{H(f)}

(3)

Channel measurements are collected at 8 different receiver locations on a single floor of an office building. In the cases where the receiver is moving, it moves with a speed of 31.75 cm/sec. In the measurements made with a moving receiver, the multi-tone probe is sent every 3.2 ms, or given the receiver speed of 31.75 cm/sec, each 1.016 mm. This provides the opportunity to study very dense (in time and space) link signatures. It is beneficial in the case of such dense measurements to add a delay to simulate the case when the most resent link signature in the history was measured further in the past.

2.2 Spoofing
Attacks Due to the open-nature of the wireless medium, it is easy for adversaries to monitor communications to find the layer-2 Media Access Control (MAC) addresses of the other entities. Recall that the MAC address is typically used as a unique identifier for all the nodes on the network. Further, for most commodity wireless devices, attackers can easily forge their MAC address in order to masquerade as another transmitter. As a result, these attackers appear to the network as if they are a different device. Such spoofing attacks can have a serious impact on the network performance as well as facilitate many forms of security weaknesses, such as attacks on access control mechanisms in access points [16], and denial-ofservice through a deauthentication attack [17]. A broad survey of possible spoofing attacks can be found in [7], [2].To address potential spoofing attacks, the conventional approach uses authentication. However, the application of authentication requires reliable key distribution, management, and maintenance mechanisms.

December Issue

Page 77 of 103

ISSN 2249 8931

International Journal of Research and Reviews in Applicable Mathematics & Computer Science, Vol. 1, No.6, 2011

2.1.1 Formulation of Spoofing Attack Detection It is not always desirable to apply authentication because of its infrastructural, computational, and management overhead. Further, cryptographic methods are susceptible to node compromise a serious concern as most wireless nodes are easily accessible, allowing their memory to be easily scanned. It is desirable to use properties that cannot be undermined even when nodes are compromised. To propose the Received Signal Strength (RSS), a property associated with the transmission and reception of communication (and hence not reliant on cryptography), as the basis for detecting spoofing. Employing RSS[7] as a means to detect spoofing will not require any additional cost to the wireless devices themselves they will merely use their existing communication methods, while the wireless network will use a collection of base stations to monitor received signal strength[6] for the potential of spoofing. In addition, to built a real-time localization system to estimate the positions of both the original nodes and the spoofing nodes. Randomly selected points out of the above locations as the training data for use by the localization algorithms. For the 802.11 network, the size of the training data is 115 locations, while for the 802.15.4 network, the size of the training data is 70 locations. To test our approachs ability to detect spoofing, we randomly chose a point pair on the floor and treated one point as the position of the original node, and the other as the position of the spoofing node. We ran the spoofing test through all the possible combinations of point pairs on the floor using all the testing locations in both networks. There are total 14535 pairs for the 802.11 network and 4371 pairs for the 802.15.4 network. The focus of this Frequency Domain Link Signature [14] is to further develop these two security objectives at the PHY-layer. Towards this end, we discuss the following. 2.2.2 Channel-based Authentication Rather than employ a shared cryptographic authentication key" between Alice and Bob, instead exploit the uniqueness of the Alice-Bob channel relative to the Eve-Bob channel. The outline techniques to distinguish between legitimate transmissions from Alice and anomalous traffic from an adversary Eve. Realizing channel-based authentication in a time-varying radio environment involves two aspects. One is the authenticator signalling technique for a fixed instantiation of the channel, and the other is the necessary measures for ensuring the continuity of such an authentication procedure when the channel changes in subsequent epochs. We first discuss approaches for authenticator signalling and then techniques or maintenance of such authentication. Seek to exploit the uniqueness of the Alice-Bob channel as an authenticator to distinguish between a legitimate transmitter and an illegitimate transmitter. The ability to distinguish between different transmitters would be particularly valuable for preventing spoofing attacks, in which one wireless device claims to be another wireless device. Currently, spoofing attacks are very easy to launch in many wireless networks. For example, in commodity networks, such as 802.11 networks, it is easy for a device to alter its MAC address by simply issuing an config command. This weakness is a serious threat, and there are numerous attacks, ranging from session hijacking [14] to attacks on access control lists [2] that are facilitated by the fact that an adversarial device may masquerade as another device. To describe two strategies for authenticator signalling, but note that other forms of channel sounding, such as used for multiple-input multiple-output (MIMO) channels[18],[8] are also appropriate. 2.2.3 Secret Key Establishment via Multipath Channel Confidentiality is traditionally achieved through encryption using a shared key between Alice and Bob that is unknown to Eve. In multipath environments, the unique characteristics [15], [16] of the channel between Alice and Bob can provide parameters that create a unique private key between them a key that cannot be created from any other location. Finally, note that the two security objectives that have been focused on are a fraction of what can be accomplished at the physical layer of the protocol stack. For example, a non-repudiation service can exploit the broadcast nature of the wireless medium by introducing witnesses, making it harder for wireless entities to deny carriage of information. An availability service can use spreading and power control to maintain network connectivity in the presence of RF interference attacks. Overall, envision that it will be possible to develop a

December Issue

Page 78 of 103

ISSN 2249 8931

International Journal of Research and Reviews in Applicable Mathematics & Computer Science, Vol. 1, No.6, 2011

suite of lower-layer enforcement strategies that can complement traditional methods, and ultimately lead to more secure wireless systems

3. PHY-ENHANCED CONFIDENTIALITY
Confidentiality services, like encryption and key management, are the work horses for many security protocols. A fundamental belief held by the security community is that, when designing confidentiality services, one should not replace traditional ciphers, such as AES, with new ciphers as existing ciphers are very thoroughly crypt analyzed and designed for bulk-data processing[12],[13]. Hence, our approach to achieving confidentiality focuses on the issue of establishing keys between wireless entities. In one sense, the methods that describe are analogous to Diffie-Hellman key establishment, and can be considered as building blocks rather than complete security solutions. Bob receives a signal that is a result of the Alice-Bob channel, while Eve receives a signal that follows from the Alice-Eve channel. Alice's objective is to maximize the rate at which she communicates with Bob (i.e. the key establishment rate), while simultaneously minimizing the information that Eve learns. There are two different extremes to using the wireless channel to establish keys, Extraction and Dissemination. In Extraction, Alice's signal may be a probing signal that Bob uses to estimate channel state information hAB, [12], and [13] from which keys are extracted. In Dissemination, however, Alice transmits a signal that is an appropriately coded version of the information Alice wishes to give to Bob. To present several constructions that represents a variety of methods ranging between these two extremes. From all of these methods to describe, let assume as a starting point that Alice and Bob each have estimates of their shared channel [15], e.g. by probing in a TDD fashion. To denote hAB to be Bob's estimate of the Alice-Bob channel, and hBA to be Alice's estimate of the Bob-Alice channel. Similarly, we will denote hAE to be Eve's estimate of the Alice-Eve channel [13]. The channel estimates may correspond to scalar or vector channel estimate.

4 ATTACK DETECTOR
In this section we propose our spoofing attack detector. We first formulate the spoofing attack detection problem as one using classical statistical testing. Next, we describe the test statistic for spoofing detection. We then introduce the metrics to evaluate the effectiveness of our approach. Finally, we present our experimental results.

4.1 Formulation of Spoofing Attack Detection


RSS is widely available in deployed wireless communication networks and its values are closely correlated with location in physical space. In addition, RSS is a common physical property used by a widely diverse set of localization algorithms [13][15], [10]. In spite of its several meter-level localization accuracy, using RSS is an attractive approach because it can re-use the existing Wireless infrastructure. We thus derive a spoofing attack detector utilizing properties of the RSS. The goal of the spoofing detector is to identify the presence of a spoofing attack. We formulate the spoofing attack detection as a statistical significance test, where the null hypothesis is: H0 : normal (no attack). In significance testing, a test statistic T is used to evaluate whether observed data belongs to the null hypothesis or not. If the observed test statistic Tobs differs significantly from the hypothesized values, the null hypothesis is rejected and we claim the presence of a spoofing attack.

4.2 Test Statistic for Spoofing Detection


Although affected by random noise, environmental bias, and multipath effects, the RSS value vector, s = {s1, s2,sn} (n is the number of landmarks/access points(APs)), is closely related with the transmitters physical location and is determined by the distance to the landmarks [15]. The RSS readings at different locations in physical space are distinctive. Each vector s corresponds to a point in a n-dimensional signal space [1]. When there is no spoofing, for each MAC address, the sequence of RSS sample vectors will be close to each other, and will fluctuate around a mean vector. However, under a spoofing attack, there is more than one node at different physical locations claiming the same MAC address. As a result, the RSS sample readings from the attacked MAC address will be mixed with RSS readings from at least one different location. Based on the properties of the signal strength, the RSS readings from the same physical location will belong to the same cluster points in the n-dimensional signal

December Issue

Page 79 of 103

ISSN 2249 8931

International Journal of Research and Reviews in Applicable Mathematics & Computer Science, Vol. 1, No.6, 2011

space, while the RSS readings from different locations in the physical space should form different clusters in signal space. This observation suggests that we may conduct Kmeans cluster analysis [13] on the RSS readings from each MAC address in order to identify spoofing. If there are M RSS sample readings for a MAC address, the Kmeans clustering algorithm partitions M sample points into K disjoint subsets Sj containing Mj sample points so as to minimize the sum-of-squares criterion: k ||sm j||2 j=1 sm2Sj k

Jmin =

(1)

where sm is a RSS vector representing the mth sample point and j is the geometric centroid of the sample points for Sj in signal space. Under normal conditions, the distance between the centroids should be close to each other since there is basically only one cluster. Under a spoofing attack, however, the distance between the centroids is larger as the centroids are derived from the different RSS clusters associated with different locations in physical space. We thus choose the distance between two centroids as the test statistic T for spoofing detection, Dc = ||i j || (2)

with i, j 2 {1, 2..K}. Next, we will use empirical methodologies from the collected data set to determine thresholds for defining the critical region for the significance testing. To illustrate, we use the following definitions, an original node Porg is referred to as the wireless device with the legitimate MAC address, while a spoofing node Pspoof is referred to as the wireless device that is forging its identity and masquerading as another device. There can be multiple spoofing nodes of the same MAC address. Note that our K-means spoofing detector can handle packets from different transmission power levels. If an attacker sends packets at a different transmission power level from the original node with the same MAC address, there will be two distinct RSS clusters in signal space. Thus, the spoofing attack will be detected based on the distance of the two centroids obtained from the RSS clusters.

4.3 Determining Thresholds


The appropriate threshold _ will allow the spoofing detector to be robust to false detections. We can determine the thresholds through empirical training. During the off line phase, we can collect the RSS readings for a set of known locations over the floor and obtain the distance between two centroids in signal space for each point pair.We use the distribution of the training information to determine the threshold _ . At run time, based on the RSS sample readings for a MAC address, we can calculate the observed value Dobs c . Our condition for declaring that a MAC address is under a spoofing attack is space for both the 802.11 network and the 802.15.4 network. We found that the curve of Dc shifted greatlyto the right under spoofing attacks, thereby suggesting that using Dc as a test statistic is an effective way for detecting spoofing attacks.

4.4 Performance Metrics


In order to evaluate the performance of our spoofing attack detector using K-means cluster analysis, we use the following metrics: Detection Rate and False Positive Rate: A spoofing attack will cause the significance test to reject H0. We are thus interested in the statistical characterization of the attack detection attempts over all the possible spoofing attacks on the floor. The detection rate is defined as the percentage of spoofing attack attempts that are determined to be under attack. Note that, when the spoofing attack is present, the detection rate corresponds to the probability of detection Pd, while under normal (no attack) conditions it corresponds to the probability of declaring a false positive Pfa. The detection rate and false positive rate vary under different thresholds. Receiver Operating Characteristic (ROC) curve: To evaluate an attack detection scheme we want to study the false positive rate Pfa and probability of detection Pd together. The ROC curve is a plot of attack detection accuracy against the false positive rate. It can be obtained by varying the detection thresholds. The ROC curve provides a direct means to measure the trade off between false-positives and correct detections.

5 RELATED WORKS
There are three potential applications for location distinction mentioned in Section 1, and this section presents the related work and existing methods used in these areas.

December Issue

Page 80 of 103

ISSN 2249 8931

International Journal of Research and Reviews in Applicable Mathematics & Computer Science, Vol. 1, No.6, 2011

5.1 Motion Detection in Wireless Sensor Networks


Motion detection can do by processing video camera feeds [15], [16]. However, when an object is not in view of a camera, or in the dark, its motion cannot be detected. Furthermore, detection of movement is not the same as recognition of the moved object [16], so if the objective is tracking of unique objects, camera-based approaches cannot easily handle large numbers of objects. The RSS-based signal print method of [13] could be used to detect motion based on the RSS at multiple receivers, but requires more than a single RX. Doppler and accelerometer measurements require continuous measurement in order to reliably detect a change, since once a device has stopped; Doppler and accelerometer measurements no longer indicate a movement. In contrast, a link signature change is lasting, so that a measurement long after a device has stopped moving will indicate a change from the previous measurement. Enabling, low duty cycle is key to reducing energy consumption in wireless sensors [12].

5.2 Physical Security Using Wireless Tags


Motion detection for security often includes in each tag an accelerometer or bump sensor [16]. In addition to the energy costs mentioned above, it is desirable for inexpensive tags to avoid the cost of an additional sensor. Higher probability of detection will be expected of active tracking systems to justify the expense of placing a tag on every object. Our work provides a lower energy method to detect motion of an active tag, without any additional sensor, using link signature characteristics.

5.3 Information Security for Replication Attacks


For the purpose of providing security against replication attacks, our work builds on the insightful work of Li, Xu, Miller, and Trappe [15]. In [15], the authors propose exploiting the multipath channels frequency and spatial variation at a RX to distinguish two transmissions coming from different locations. Furthermore, in [15], multiple tone probing is used, in which the TX sends N carrier waves, separated by the coherence bandwidth of the channel. The amplitudes of these carriers at the RX are used as a feature vector to describe the channel. Experiments measure one link over time; a mobile link, and a three-node network of a legitimate TX and RX, and an attacker. Work in [19], [12], [10], [11] expands analysis of the frequency response approach. In [12], [10], the frequency response vector is assumed to be complex multivariate Gaussian with exponentially decaying variance, and the temporal variation is assumed to be a first-order auto-regressive (AR-1) random process, with complex multivariate Gaussian increments. Under these assumptions, likelihood ratio tests, and theoretical performance can be analyzed and simulated. In [11], the model assumptions are applied to analyze detection in MIMO systems. Our work expands on the exploitation of multipath to uniquely identify a link. First, an arbitrary packet transmission is used to measure the channel, rather than special carrier waves. Second, we exploit the magnitude of the channel characteristic in the time domain, rather than in the frequency domain. Frequency measurements of Hi;jf are related to hi;jt by a Fourier transform. However, phase changes to multipath with significantly different time delays do not alter jhi;jtj, even when they alter Hi;jf and jHi;jfj.1 Finally, our work uses the results of a vast measurement campaign to more completely demonstrate, and quantify using mutual information, the spatial variation of multipath channels, to an extent that was not possible in [15]. These results are necessary to demonstrate the accuracy and quantify the performance of location distinction. The use of multiple receivers to enlarge the feature space is explored by Faria and Cheriton [13]. Their work used the RSS measured at multiple receivers, called the signal print, to detect a class of identity attacks, and the authors present extensive experimental results. The low dimensionality of the feature space and the variability of RSS makes it difficult to uniquely identify TX locations. In particular, those transmitters separated by short distances (up to 5 m or 7 m) [13] can be confused, depending on the number of access point measurements. In our work, we dramatically expand the feature space and demonstrate an order of magnitude reduction in the miss rate or false alarm rate. Regarding the use of RSS as a authentication feature, it must noted that a transceiver with an array antenna could use beam forming methods to send energy in different directions in an attempt to appear similar to another node. Furthermore, a links RSS can be eavesdropped, since protocols require nodes to adapt depending on signal quality. Two adaptations are the use of power control, and the adaptation of modulation type as a function of link quality. Link signature measurements cannot be inferred from the interactions between nodes and access points. Other radio-layer authentication research includes: 1. Location-Based Authentication: A wireless network can be used to locate a TX based on angle-of-arrival [24], [18] or signal strength [12] measurements. These methods can be hampered by synchronization issues (i.e., angular orientation and antenna pattern) and variable multipath and shadowing effects. Link signature methods do not attempt to localize a node, but in contrast, they are enhanced by the variability of the multipath channel.

December Issue

Page 81 of 103

ISSN 2249 8931

International Journal of Research and Reviews in Applicable Mathematics & Computer Science, Vol. 1, No.6, 2011

2. Device-Based Authentication: Manufacturing variation may make one devices transmitted signal measurably different from another [21]. If such device characteristics can be measured at an access point, they could also be measured (and recreated) by a capable eavesdropper. Link signatures cannot be eavesdropped by an eavesdropper at a different location than the RX; and cannot be arbitrarily recreated except at the identical TX location 3. GPS-Based Authentication: In [10], signals from GPS receivers are used to form signatures unique to each location. Each node and access point must have a GPS receiver, which limits the method to outdoor and costinsensitive applications. In comparison to our past work [29], this paper presents a method to estimate the MI between a link and its measured link signature, which quantifies the amount of uncertainty about the link removed by measurement of a link signature. We investigate the distribution of the measured data set, and then, apply the Edge worth approximation, which does not assume a particular distributional model, to estimate required differential entropies. This paper also compares narrowband and wideband implementations of the RSS signal print method and shows the superior performance of the wideband implementation of methods

6. Discussion
Our results, based on our experimental data, show that measuring link signature removes about 66 bits of uncertainty about the mean link signature. If the mean link signature for each link is known (from past measurements) and unique, then a link signature measurement removes 66 bits of uncertainty about which link was measured. These estimates are not obtained by assuming a known distribution, rather, by the Edge worth approximation, which uses the third order cumulates in addition to the covariance, and thus, is a higher order approximation than would be obtained by a multivariate Gaussian assumption. Finally, the two security objectives that have been focused on, they are a fraction of what can be accomplished at the physical layer of the protocol stack. For example, a non-repudiation service can exploit the broadcast nature of the wireless medium by introducing witnesses, making it harder for wireless entities to deny carriage of information.

7. Conclusion
Investigated using Frequency Domain Link Signature to uniquely identify the link between transmitter (TX) and a receiver (RX). When the TX changes the location, or if an attacker at a different location assumes the identity of the TX, the proposed location distinction algorithm used to physical channel. The high reliability of the frequency domain Link Signature location distinction enables location distinction system to detect the change in position of a transmitter even when using a single or multiple receivers. Hence the methods are susceptible to node compromise. Good location distinction techniques have distinguished the location of spoofed nodes from the authentic nodes to prevent these attacks and increase the moment detection and reduce the false alarm rate. REFERENCES [1] G. Chandrasekaran, M. Ergin, M. Gruteser, R. Martin, J. Yang, and Y. Chen, DECODE: Detecting CoMoving Wireless Devices,Proc. Fifth IEEE Intl Conf. Mobile Ad Hoc and Sensor Systems (MASS 08), pp. 315-320, 2008. [2] Y. Chen, W. Trappe, and R.P. Martin, Detecting and Localizing Wireless Spoofing attacks, Proc. IEEE Comm. Soc. Conf. Sensor Mesh and Ad Hoc Comm. and Networks (SECON 07), pp. 193-202,2007. [3] T. Burchfield and S. Venkatesan, Accelerometer-Based Human Abnormal Movement Detection in Wireless Sensor Networks,Proc. First ACM Intl Workshop Systems and Networking Support for Healthcare and Assisted Living Environments, pp. 67-69, 2007. [4] D.E. Denning and P.F. MacDoran, Location-Based Authentication: Grounding Cyberspace for Better Security, Computer Fraud and Security, pp. 12-16, Feb. 1996. [5] N. Patwari and S.K. Kasera, Robust Location Distinction Using Temporal Link signatures, Proc. ACM MobiCom, Sept. 2007 [6] M.M. Van Hulle, Edge worth Approximation of Multivariate Differential Entropy, Neural Computation, vol. 17, no. 9, pp. 1903-1910, 2005. [7] K. Woyach, D. Puccinelli, and M. Haenggi, Sensorless Sensing in Wireless Networks: Implementation and Measurements, Proc. Intl Symp. Modelling and Optimization in Mobile Ad Hoc and Wireless Networks, Apr. 2006. [8] L. Xiao, L. Greenstein, N. Mandayam, and W. Trappe, MIMO Assisted Channel-Based Authentication in Wireless Networks, Proc. Conf. Information Sciences and Systems (CISS 08), pp. 642-646 Mar. 2008. [9]H. Hashemi. The Indoor Radio Propagation Channel. Proceedings of IEE ,81(7):943-968, July 1993.

December Issue

Page 82 of 103

ISSN 2249 8931

International Journal of Research and Reviews in Applicable Mathematics & Computer Science, Vol. 1, No.6, 2011

[10]T. S. Rappaport. Wireless Communications Principles and Practice. Prentice Hall PTR, 2nd edition, Jan. 2002. [11] K. J. Ellis and N. Serinken. Characteristics of Radio Transmitter Fingerprints. [12]Liang Xiao, Larry J. Greenstein, Narayan B. Mandayam, Using the Physical Layer for Wireless Authentication in Time-Variant Channels. [13]Attacks on Physical-layer Identification. [14] James F. Plusquellic, Donald M. Chiarulli@ and Steven P. Levitan Time and Frequency Domain Transient Signal Analysis for Defect Detection in CMOS Digital ICs. [15]Advances in Wireless Security Using Unique Link and Device Characteristics(July 2009 August 2010)Sneha Kumar Kasera.s [16]Advancing Wireless Link Signatures for Location Distinction Junxing Zhang Mohammad H. Firooz Neal Patwari Sneha K. Kasera [17]D.B. Faria and D.R. Cheriton, Radio-Layer Security: Detecting Identity-Based Attacks in Wireless Networks Using Signalprints, Proc. Workshop Wireless Security (WiSe 06), pp. 43-52, Sept. 2006. [18]Dustin Maas, Neal Patwari, Junxing Zhang, Sneha K. Kasera and Michael A. Jensen Location Distinction in a MIMO Channel. [19]Two frequency coherence measurements on a 55GHz mobile radio link R. S. COLE, PhD*H.J.THOMAS, BSc* and G. L.SIQUEIRA,MSc*'Electronics.

Authors Profile

V.SathishKumar received his B.E degree in Computer Science and Engineering from Paavai Engineering College in the year 2008. He is currently a post graduate student in the Computer Science and Engineering Department of Adhiyamaan College of Engineering, Hosur, Tamil Nadu. His area of interest is Network Security, Cryptography and Mobile Computing. This paper is the work of his academic project.

M.Prabu is working as a Lecturer in the Department of Computer Science and Engineering in Adhiyamaan college of Engineering, Hosur, Tamil Nadu, India. He has published more than 15 International/National journals and presented the 15 International/ National Conferences.He is presently doing his Ph.D in Anna University, Coimbatore, India. His area of interest are computer Networks, Information Security and Cryptography. He is life member of ISTE.

Dr. R.Shanmugalakshmi is working as an Assistant Professor in the Department of Computer Science and Engineering in Government College of Technology, Coimbatore, India. She has published more than 50 International/National journals. Her research area includes Image Processing, Neural Networks, Information Security and Cryptography. She has received Vijya Ratna Award from India International Friendship Society in the year of 1996, she has received Mahila Jyothi Award from Integrated Council for Socio-Economic Progress in the year of 2001 and she has received Eminent Educationalist Award from International Institute of Management, New Delhi in the year of 2008.She is member of Computer Society of India, ISTE and FIE.

December Issue

Page 83 of 103

ISSN 2249 8931

Você também pode gostar