Upload
adem
View
52
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Location Privacy Preservation in Collaborative Spectrum Sensing. Shuai Li, Haojin Zhu, Zhaoyu Gao , Xinping Guan, Shanghai Jiao Tong University Kai Xing University of Science and Technology of China and Xuemin (Sherman) Shen University of Waterloo. Presenter: Haojin Zhu - PowerPoint PPT Presentation
Citation preview
Location Privacy Preservation in Collaborative Spectrum Sensing
Shuai Li, Haojin Zhu, Zhaoyu Gao, Xinping Guan, Shanghai Jiao Tong University
Kai Xing University of Science and Technology of China
and Xuemin (Sherman) ShenUniversity of Waterloo
Presenter: Haojin ZhuAssociate Professor
Computer Science & Engineering DepartmentShanghai Jiao Tong University
Outline
• Background– Cognitive Radio Networks– Spectrum Sensing– Collaborative Spectrum Sensing
• Existing Researches on Spectrum Sensing Security• Location Privacy Leaking Problem• Privacy Preserving Collaborative Spectrum Sensing• Experiment Results• Conclusion
Cognitive Radio
Primary User (PU) PU uses the spectrum exclusively
SUs can access the idle spectrumSecondary User (SU)
Traditional Spectrum Allocation
Cognitive Radio
Cognitive Radio is proposed to increase the efficiency of channel utilization under the current static channel allocation policy.
Cognitive Radio: access the spectrum dynamically
Spectrum Sensing
Spectrum Sensing: In order to identify the idle spectrum, secondary users should sense the spectrum first.
Spectrum 1
Spectrum 2
Spectrum n…
……
……
……
.
Which one is idle?
Collaborative Spectrum Sensing
But, spectrum sensing accuracy
is often degraded by:
□Fading □Shadowing
□Receiver Uncertainty
Collaborative Spectrum Sensing is proposed to overcome these challenges.
Step1: SUs sense the spectrum individually
Step2: SUs submit the sensing reports to a fusion center
Step3: Fusion center combines these reportsCollaborative sensing is also
facing a series of security threats!
Existing Research in Spectrum Sensing Security
• 1 Attack: Primary Emulation Attack (JSAC'08, Oakland S&P'10, )
• 2 Attack: Sensing Data Falsification Attack (INFOCOM'08, TMC 2011, NDSS 2011)
• 3 Attack: Selfishness in Collaborative Sensing (ACM MC2R)
None of existing works consider the privacy issues in CR networks before!
Outline
• Background• The Location Privacy Leaking Problem• Privacy Preserving collaborative Spectrum Sensing– Privacy Preserving Sensing Report Aggregation– Distributed Dummy Report Injection Protocol
• Experiment Results• Conclusion
Exploiting Spectrum Sensing Reports for Involuntary Geo-localization- An Attacker Point of View
The Good Side: Exploit spatial diversity for spectrum sensing
A Converse Question: Could we exploit correlation of CR sensing reports and their physical location to make an involuntary geo-localization of SU.
SU
SU
SU
SU
Different Locations Correspond to Different Sensing Reports due to Spatial Diversity.
Attack I: Single Report Location Privacy (SRLP) Attack
Test bed Setup and Experiment Approach:1. Using USRP to detect the TV radio signal of 13 sampling regions.2. The attacker using classification algorithm to obtain spectrum characteristics
of each region (the cluster centroids).3. Geo-localization a user by comparing the distance of the sensing data and the
various cluster centroids.
Single Report Location Privacy (SRLP) Attack: the adversary tries to compromise the location privacy of a CR user by correlating his sensing report and physical location.
Attack II: Differential Location Privacy Attack in Aggregation Mode
Inspired from database security concept, differential privacy.In the context of CR security: Untrusted Fusion Center (Aggregator), secondary users may frequently join or leave the networks
We could get , then based on SRLP attack, we could infer its location.
𝒓 𝟏 𝒓 𝟐 𝒓 𝟑 𝒓 𝟒
Aggregation Result: Aggregation Result: Even under the
presence of privacy preserving
aggregation solution
Experimental Results for the Attack
Result I:Significant location-dependent fluctuation in the RSS sensing of three Digital TV (DTV) channels.
Result II:the attackers could localize a user within 10-50 meters accuracy with 90% successful rate by choosing a proper parameter
How to enable the collaborative spectrum sensing without location privacy leaking?
Formal Definition on Location Privacyin Collaborative Spectrum Sensing
We define the uncertainty of the adversary and thus the location privacy level of a node involved in a successful privacy preserving spectrum sensing by adopting the entropy concept as follows:
Total number of regions
the probability that user a is located in the
region b
If the attacker could uniquely identify the location of the user, we can get and . Otherwise, the entropy is maximum for a uniform probability distribution .
Outline
• Background• The Location Privacy Leaking Problem• Privacy Preserving collaborative Spectrum Sensing– Privacy Preserving Sensing Report Aggregation– Distributed Dummy Report Injection Protocol
• Experiment Results• Conclusion
Privacy Preserving collaborative Spectrum Sensing (PPSS)
Conceal each user’s sensing reports in aggregation (thwarting SRLP attack)
Conceal the user’s sensing reports when he leaves or joins the aggregation (thwarting the DLP attack)
Privacy Preserving Sensing Report Aggregation Protocol (PPSRA)
Distributed DummyReport Injection protocol (DDRI)
∑𝑖=0
𝑛
𝑠𝑘𝑖=0
Protocol I: PPSRAObjective: Allowing the aggregator to obtain the aggregation results without knowing the individual sensing report.
E() is an homomorphic encryption such as Paillier or NDSS’11[1].
Each data is encrypted by multiplying to prevent aggregator from recovering the individual data. By letting , we obtain .
Phase II:
Multiplying the encrypted data
Aggregation Result
Phase III:
Decryption for the result
𝐸 (∑𝑖=0
𝑛
𝑟 𝑖)
Decrypt it for the aggregation result.
1. E. Shi, T. Chan, E. Rieffel, R. Chow, and D. Song, “Privacy-preserving aggregation of time-series data,” in Proc. of NDSS’11, 2011.
𝐸 (∑𝑖=0
𝑛
𝑟 𝑖)
Phase I:
Individual Encryption
… …
𝐸 (𝑟 1 )𝐻 (𝑡 )𝑠𝑘1
𝐸 (𝑟 2 )𝐻 (𝑡 )𝑠𝑘2
𝐸 (𝑟 𝑛)𝐻 (𝑡 )𝑠 𝑘𝑛
Protocol II: Distributed DummyReport Injection protocol (DDRI)
Differential Location Privacy Attack:
Traditional differential privacy protection approach needs to add a large noise to the sensing reports, which will seriously degrade the collaborative sensing performance, obviously deviating from the original goal of collaboration.
Distributed DummyReport Injection protocol
Our Approach:
Our dummy report based approach will not pollute the aggregation result.
Broadcast the fusion center’s sensing results
Send his own sensing results
Send the center’s sensing results i
i1
LEAVE/JOIN
Using some public available sensing data (dummy report) to replace the noises
Distributed DummyReport Injection protocol
The introduced randomness in aggregation result can successfully confuse the attacker.
Distributed DummyReport Injection protocol
Question 1: How much randomness has been introduced?
Question 2: What’s the impact introduced to collaborative sensing (the actual number of the sensing nodes)?
Distributed DummyReport Injection protocol
Question 3: What’s the impact introduced to collaborative sensing (the weight of the dummy report)?
In general, we will demonstrate thatour scheme can generate sufficient randomness to protect the user’s differential location privacy.It has limited impact on collaborative sensing performance
Outline
• Background• The Location Privacy Leaking Problem• Privacy Preserving collaborative Spectrum Sensing– Privacy Preserving Sensing Report Aggregation– Distributed Dummy Report Injection Protocol
• Experiment Results• Conclusion
Experimental Results
After executing our PPSS protocol, the entropy rises to a high level. This demonstrate that PPSS can well protect the user’s location privacy.
Experimental Results
It demonstrates that a small is enough to protect the user’s location privacy. Meanwhile, a small means little impact on collaborative sensing.
i
i
Experimental Results
This experiment result further demonstrates the practicality of our PPSS protocol.
Outline
• Background• The Location Privacy Leaking Problem• Privacy Preserving collaborative Spectrum Sensing– Privacy Preserving Sensing Report Aggregation– Distributed Dummy Report Injection Protocol
• Experiment Results• Conclusion
Conclusion and Future Work
• We identify and formulate a new security threat in collaborative sensing
• We introduce PPSS to protect secondary users’ location privacy in collaborative sensing.
• We evaluate the effectiveness and efficiency of PPSS by implementation in a real experiment.
• Our future work includes investigating the privacy issues in database-driven CR networks.