LAAC: A Location-Aware Access Control ProtocolYounSun Cho, Lichun Bao and Michael T. GoodrichIWUAC 2006

Why Location-Based Access Control? Previous user identity- based access control approaches cannot

verify Physical location of the access requester, which plays an important role in determining access rights Secure verification of location claims is required

Secure verification of location claims Natural No need to establish shared secrets in advance

Information about Location can strengthen access control policy Not just which subject is accessing what object Where the subject and object are located

Subject belongs to a location group as long as she can listen to one of the beacons in that group

Previous Works Hardware dependency to determine

location GPS Temper resistant device Ultrasonic signals

Need central server Expensive crypto and overhead

PKI, DH key exchange

Properties No servers No pre-registration No expensive crypto No expensive hardware (e.g. GPS) Low communication/computation Different from localization problem

Notation

Protocol Description Each access point (APj)periodically broadcasts its nonce (rj)

Assume each APj knows other AP's nonces (rj) through a secure channel A mobile station (MSi) collects nonces of the access points MSi derives its location key (ki) by XOR-ing all the nonces of access p

oints MSi constructs its access request (ARi) using hash of ki and claims it

s location to its associated access point with it. If MSi is located in the access-granted area, it can access to the resourc

e o/w, it cannot access it

This system is secure if each entity does not collude each other Assume trust AP

not mutual authentication.

What is AP group ? Define three AP

groups: G1={AP1, AP2}, G2={AP3, AP4}, G3={AP1, AP4}

Each AP's group: AP1 is in G1, G3 AP2 is in G1 AP3 is in G2 AP4 is in G2,G3

G1 G2G3

Access-Granted Area

1)

1)

1)

1)

1)

1)

2)

2)3

)

Security Analysis Insecure nonce combination

RNG with k=|nonce| 80 bits Bogus location claim

zero-false positive with Interval T < Speed of MS

cf. GPS error, sector error, etc.

Security Analysis (cont.) Wormhole attack

Security Analysis (cont.) The Sybil attack Simple solution

Assume each mobile station has APs Certificates of each

Using AP's signature of BBM

Better solution? Man-in-the-Middle Attack?

Efficiency Estimation Various Hash Function Computation Times ( μseconds) based on the Crypto++ 5.2.1 b

enchmark tested on the AMD Opteron 1.6 GHz processor under Linux 2.4.21.

Let |nonce|= 80 bits and |ID|=8 bits and use 160-bit SHA-1 Computation Time

Only 0.147 μseconds to compute access request of mobile station side Communication Load

|BBM| 80 + 8 + 8*|L|*|N| bits of each access point |AR| = 160 bits of each mobile station

Storage Requirement For the mobile stations, there is no storage requirement

Simulation Result Simulation condition

23 MSs, 2 APs 802.11 propagation and path-loss model in the free-space model without

a routing protocol between mobile stations Two access points broadcast beacons with nonces (r1, r2) 1000 times in

every broadcasting interval

False positive rate with various nonce sizes |r1| = |r2| = 4, 8, 16 bits of access points under T= =1 second of static mobile station model

False positive rate with various T=1, 2, 4, 8 seconds with = 1 second T under |r1| = |r2| = 16 bits of randomly moving mobile station model

Application and Extension HotSpot

Cyber Cafe, coffee shop, airport Data encryption key as well as access control

key Location Tracking

Sensor network

Future Work Scalability Applicable to Sensor Network LBS (Location Based Services)

Location TrackingLocation PrivacySecure Data Aggregation

Conclusion Easy Simple Cheap Practical Applicable

Q & A