Attacks on public WLAN-based positioning systems

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Attacks on public WLAN-based positioning systems

Full text

Pdf (2.05 MB)

Source

International Conference On Mobile Systems, Applications And Services archive
Proceedings of the 7th international conference on Mobile systems, applications, and services table of contents

Kraków, Poland

SESSION: Security and privacy table of contents

Pages 29-40

Year of Publication: 2009

ISBN:978-1-60558-566-6

Authors

Nils Ole Tippenhauer	ETH Zurich, Zurich, Switzerland
Kasper Bonne Rasmussen	ETH Zurich, Zurich, Switzerland
Christina Pöpper	ETH Zurich, Zurich, Switzerland
Srdjan Čapkun	ETH Zurich, Zurich, Switzerland

Sponsors

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 45, Downloads (12 Months): 178, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1555816.1555820 What is a DOI?

ABSTRACT

In this work, we study the security of public WLAN-based positioning systems. Specifically, we investigate the Skyhook positioning system, available on PCs and used on a number of mobile platforms, including Apple's iPod touch and iPhone. By implementing and analyzing several kinds of attacks, we demonstrate that this system is vulnerable to location spoofing and location database manipulation. In both, the attacker can arbitrarily change the result of the localization at the victim device, by either impersonating remote infrastructure or by tampering with the service database. Our attacks can easily be replicated and we conjecture that--without appropriate countermeasures--public WLAN-based positioning should therefore be used with caution in safety-critical contexts. We further discuss several approaches for securing WLAN-based positioning systems.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Apple Inc. http://www.apple.com.
	2	Cyberangel security and recovery system. http://www.skyhookwireless.com/press/skyhookcyberangel.php.
	3	GNU Radio: The gnu software radio. http://gnuradio.org/trac.
	4	Google earth. http://earth.google.com.
	5	Loki Mobile applet for Nokia phones using Symbian. http://loki.com/download/mobile.
	6	Skyhook, Inc. http://www.skyhookwireless.com.
	7	P. Bahl and V. N. Padmanabhan. RADAR: An In-Building RF-Based User Location and Tracking System. In Proceedings of the IEEE Conference on Computer Communications (InfoCom), volume 2, 2000.
	8	Stefan Brands , David Chaum, Distance-bounding protocols, Workshop on the theory and application of cryptographic techniques on Advances in cryptology, p.344-359, January 1994, Lofthus, Norway
	9	Sergey Bratus , Cory Cornelius , David Kotz , Daniel Peebles, Active behavioral fingerprinting of wireless devices, Proceedings of the first ACM conference on Wireless network security, March 31-April 02, 2008, Alexandria, VA, USA [doi>10.1145/1352533.1352543]
	10	Vladimir Brik , Suman Banerjee , Marco Gruteser , Sangho Oh, Wireless device identification with radiometric signatures, Proceedings of the 14th ACM international conference on Mobile computing and networking, September 14-19, 2008, San Francisco, California, USA [doi>10.1145/1409944.1409959]
	11	N. Bulusu, J. Heidemann, and D. Estrin. GPS-less low cost outdoor localization for very small devices. IEEE Personal Communications Magazine, 7(5), October 2000.
	12	Paul Castro , Patrick Chiu , Ted Kremenek , Richard R. Muntz, A Probabilistic Room Location Service for Wireless Networked Environments, Proceedings of the 3rd international conference on Ubiquitous Computing, p.18-34, September 30-October 02, 2001, Atlanta, Georgia, USA
	13	Boris Danev , Srdjan Capkun, Transient-based identification of wireless sensor nodes, Proceedings of the 2009 International Conference on Information Processing in Sensor Networks, p.25-36, April 13-16, 2009
	14	L. Doherty, K. Pister, and L. El Ghaoui. Convex position estimation in wireless sensor networks. In Proceedings of the IEEE Conference on Computer Communications (InfoCom), April 2001.
	15	Ettus. Universal software radio peripheral (USRP). http://www.ettus.com.
	16	R. J. Fontana, E. Richley, and J. Barney. Commercialization of an ultra wideband precision asset location system. IEEE Conference on Ultra Wideband Systems and Technologies, 2003
	17	Fraunhofer IIS. Autonomous WLAN positioning system. press release. http://www.fraunhofer.de/EN/press/pi/2008/01/Presseinformation14012008.jsp, 2008.
	18	S. Ganu, A. Krishnakumar, and P. Krishnan. Infrastructure-based location estimation in WLAN networks. In Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC), March 2004.
	19	I. Getting. The Global Positioning System. IEEE Spectrum, December 1993.
	20	Y. Gwon, R. Jain, and T. Kawahara. Robust indoor location estimation of stationary and mobile users. In Proceedings of the IEEE Conference on Computer Communications (InfoCom), March 2004.
	21	Gerhard P. Hancke , Markus G. Kuhn, An RFID Distance Bounding Protocol, Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks, p.67-73, September 05-09, 2005 [doi>10.1109/SECURECOMM.2005.56]
	22	Gerhard P. Hancke , Markus G. Kuhn, Attacks on time-of-flight distance bounding channels, Proceedings of the first ACM conference on Wireless network security, March 31-April 02, 2008, Alexandria, VA, USA [doi>10.1145/1352533.1352566]
	23	J. Hightower, G. Boriello, and R. Want. SpotON: An indoor 3D location sensing technology based on RF signal strength. Technical Report 2000-02-02, University of Washington, 2000.
	24	Y.-C. Hu, A. Perrig, and D. B. Johnson. Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks. In Proceedings of the IEEE Conference on Computer Communications (InfoCom), San Francisco, USA, April 2003.
	25	Tadayoshi Kohno , Andre Broido , K. C. Claffy, Remote Physical Device Fingerprinting, Proceedings of the 2005 IEEE Symposium on Security and Privacy, p.211-225, May 08-11, 2005 [doi>10.1109/SP.2005.18]
	26	M. Kuhn. An asymmetric security mechanism for navigation signals. In Proceedings of the Information Hiding Workshop, 2004.
	27	Loukas Lazos , Radha Poovendran, SeRLoc: secure range-independent localization for wireless sensor networks, Proceedings of the 3rd ACM workshop on Wireless security, October 01-01, 2004, Philadelphia, PA, USA [doi>10.1145/1023646.1023650]
	28	Loukas Lazos , Radha Poovendran , Srdjan Čapkun, ROPE: robust position estimation in wireless sensor networks, Proceedings of the 4th international symposium on Information processing in sensor networks, April 24-27, 2005, Los Angeles, California
	29	Zang Li , Wade Trappe , Yanyong Zhang , Badri Nath, Robust statistical methods for securing wireless localization in sensor networks, Proceedings of the 4th international symposium on Information processing in sensor networks, April 24-27, 2005, Los Angeles, California
	30	Donggang Liu , Peng Ning , Wenliang Kevin Du, Attack-resistant location estimation in sensor networks, Proceedings of the 4th international symposium on Information processing in sensor networks, April 24-27, 2005, Los Angeles, California
	31	Mexens LLC. Navizon virtual GPS service. http://www.navizon.com.
	32	Ulrike Meyer , Susanne Wetzel, A man-in-the-middle attack on UMTS, Proceedings of the 3rd ACM workshop on Wireless security, October 01-01, 2004, Philadelphia, PA, USA [doi>10.1145/1023646.1023662]
	33	C. Mitchell. The security of the GSM air interface protocol. Technical report, RHUL-MA-2001-3, Royal Holloway University of London, 2001.
	34	David Moore , John Leonard , Daniela Rus , Seth Teller, Robust distributed network localization with noisy range measurements, Proceedings of the 2nd international conference on Embedded networked sensor systems, November 03-05, 2004, Baltimore, MD, USA [doi>10.1145/1031495.1031502]
	35	D. Niculescu and B. Nath. Ad hoc positioning system (APS) using AoA. In Proceedings of the IEEE Conference on Computer Communications (InfoCom), San Francisco, USA, April 2003.
	36	S. Pandey and P. Agrawal. A survey on localization techniques for wireless networks. Journal of the Chinese Institute of Engineers, 29(7), 2006.
	37	S. Pandey, F. Anjum, and P. Agrawal. TRaVarSeL--Transmission Range Variation based Secure Localization, pages 215--236. 2007.
	38	Santosh Pandey , Farooq Anjum , Byungsuk Kim , Prathima Agrawal, A low-cost robust localization scheme for WLAN, Proceedings of the 2nd annual international workshop on Wireless internet, p.17-es, August 02-05, 2006, Boston, Massachusetts [doi>10.1145/1234161.1234178]
	39	S. Pandey, B. Kim, F. Anjum, and P. Agrawal. Client assisted location data acquisition scheme for secure enterprise wireless networks. IEEE Wireless Communications and Networking Conference (WCNC), 2, March 2005.
	40	Nissanka B. Priyantha , Anit Chakraborty , Hari Balakrishnan, The Cricket location-support system, Proceedings of the 6th annual international conference on Mobile computing and networking, p.32-43, August 06-11, 2000, Boston, Massachusetts, United States [doi>10.1145/345910.345917]
	41	K. B. Rasmussen and S. Čapkun. Implications of radio fingerprinting on the security of sensor networks. In Proceedings of the International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm), 2007.
	42	Kasper Bonne Rasmussen , Srdjan Capkun , Mario Cagalj, SecNav: secure broadcast localization and time synchronization in wireless networks, Proceedings of the 13th annual ACM international conference on Mobile computing and networking, September 09-14, 2007, Montréal, Québec, Canada [doi>10.1145/1287853.1287892]
	43	Naveen Sastry , Umesh Shankar , David Wagner, Secure verification of location claims, Proceedings of the 2nd ACM workshop on Wireless security, September 19-19, 2003, San Diego, CA, USA [doi>10.1145/941311.941313]
	44	Andreas Savvides , Chih-Chieh Han , Mani B. Strivastava, Dynamic fine-grained localization in Ad-Hoc networks of sensors, Proceedings of the 7th annual international conference on Mobile computing and networking, p.166-179, July 2001, Rome, Italy [doi>10.1145/381677.381693]
	45	S. Sedihpour, S. Čapkun, S. Ganeriwal, and M. Srivastava. Implementation of Attacks on Ultrasonic Ranging Systems.Demo at the ACM Conference on Networked Sensor Systems (SenSys), 2005.
	46	Ping Tao , Algis Rudys , Andrew M. Ladd , Dan S. Wallach, Wireless LAN location-sensing for security applications, Proceedings of the 2nd ACM workshop on Wireless security, September 19-19, 2003, San Diego, CA, USA [doi>10.1145/941311.941314]
	47	N. O. Tippenhauer and S. Čapkun. UWB-based Secure Ranging and Localization. Technical Report 586, ETH Zurich, January 2008.
	48	O. Ureten and N. Serinken. Wireless security through RF fingerprinting. Canadian Journal of Electrical and Computer Engineering, 32, 2007.
	49	Srdjan Čapkun , Levente Buttyán , Jean-Pierre Hubaux, SECTOR: secure tracking of node encounters in multi-hop wireless networks, Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks, October 31, 2003, Fairfax, Virginia [doi>10.1145/986858.986862]
	50	Srdjan Čapkun , Maher Hamdi , Jean-Pierre Hubaux, GPS-free Positioning in Mobile Ad Hoc Networks, Cluster Computing, v.5 n.2, p.157-167, April 2002 [doi>10.1023/A:1013933626682]
	51	S. Čapkun and J.-P. Hubaux. Secure positioning of wireless devices with application to sensor networks. In Proceedings of the IEEE Conference on Computer Communications (InfoCom), volume 3, 2005.
	52	S. Čapkun and J.-P. Hubaux. Secure positioning in wireless networks. IEEE Journal on Selected Areas in Communications, 24(2), February 2006.
	53	S. Čapkun, M. Čagalj, and M. Srivastava. Secure localization with hidden and mobile base stations. In Proceedings of the IEEE Conference on Computer Communications (InfoCom), April 2006.
	54	Roy Want , Andy Hopper , Veronica Falcão , Jonathan Gibbons, The active badge location system, ACM Transactions on Information Systems (TOIS), v.10 n.1, p.91-102, Jan. 1992 [doi>10.1145/128756.128759]
	55	A. Ward, A. Jones, and A. Hopper. A New Location Technique for the Active Office. IEEE Personal Communications, 4(5), October 1997.
	56	J. S. Warner and R. G. Johnston. Think GPS Cargo Tracking = High Security? Think Again. Technical report, Los Alamos National Laboratory, 2003.
	57	WiGLE. Wireless Geographic Logging Engine. http://wigle.net/.
	58	Wenyuan Xu , Wade Trappe , Yanyong Zhang , Timothy Wood, The feasibility of launching and detecting jamming attacks in wireless networks, Proceedings of the 6th ACM international symposium on Mobile ad hoc networking and computing, May 25-27, 2005, Urbana-Champaign, IL, USA [doi>10.1145/1062689.1062697]