LAAC: A Location-Aware Access Control Protocol

YounSun Cho, Lichun Bao and Michael T. GoodrichIWUAC 2006

Why Location-Based Access Control? Previous user identity- based access control approaches

cannot verify Physical location of the access requester, which plays an important role in determining access rights Secure verification of location claims is required

Secure verification of location claims Natural No need to establish shared secrets in advance

Information about Location can strengthen access control policy Not just which subject is accessing what object Where the subject and object are located

Subject belongs to a location group as long as she can listen to one of the beacons in that group

Previous Works

Hardware dependency to determine location GPS Temper resistant device Ultrasonic signals

Need central server Expensive crypto and overhead

PKI, DH key exchange

Properties

No servers No pre-registration No expensive crypto No expensive hardware (e.g. GPS) Low communication/computation Different from localization problem

Notation

Protocol Description Each access point (APj)periodically broadcasts its nonce (rj)

Assume each APj knows other AP's nonces (rj) through a secure channel A mobile station (MSi) collects nonces of the access points MSi derives its location key (ki) by XOR-ing all the nonces of access p

oints MSi constructs its access request (ARi) using hash of ki and claims it

s location to its associated access point with it. If MSi is located in the access-granted area, it can access to the resourc

e o/w, it cannot access it

This system is secure if each entity does not collude each other Assume trust AP

not mutual authentication.

What is AP group ?

Define three AP groups: G1={AP1, AP2}, G2={AP3, AP4}, G3={AP1, AP4}

Each AP's group: AP1 is in G1, G3 AP2 is in G1 AP3 is in G2 AP4 is in G2,G3

G1 G2G3

Access-Granted Area

1)

1)

1)

1)

1)

1)

2)

2)3

)

Security Analysis

Insecure nonce combinationRNG with k=|nonce| 80 bits

Bogus location claimzero-false positive with

Interval T < Speed of MScf. GPS error, sector error, etc.

Security Analysis (cont.)

Wormhole attack

Security Analysis (cont.)

The Sybil attack Simple solutionAssume each mobile statio

n has APs Certificates of each

Using AP's signature of BBM

Better solution? Man-in-the-Middle Attack?

Efficiency Estimation Various Hash Function Computation Times ( μseconds) based on the Crypto++ 5.2.1 b

enchmark tested on the AMD Opteron 1.6 GHz processor under Linux 2.4.21.

Let |nonce|= 80 bits and |ID|=8 bits and use 160-bit SHA-1 Computation Time

Only 0.147 μseconds to compute access request of mobile station side Communication Load

|BBM| 80 + 8 + 8*|L|*|N| bits of each access point |AR| = 160 bits of each mobile station

Storage Requirement For the mobile stations, there is no storage requirement

Simulation Result Simulation condition

23 MSs, 2 APs 802.11 propagation and path-loss model in the free-space model without

a routing protocol between mobile stations Two access points broadcast beacons with nonces (r1, r2) 1000 times in

every broadcasting interval

False positive rate with various nonce sizes |r1| = |r2| = 4, 8, 16 bits of access points under T= =1 second of static mobile station model

False positive rate with various T=1, 2, 4, 8 seconds with = 1 second T under |r1| = |r2| = 16 bits of randomly moving mobile station model

Application and Extension

HotSpot Cyber Cafe, coffee shop, airport

Data encryption key as well as access control key

Location Tracking Sensor network

Future Work

Scalability Applicable to Sensor Network LBS (Location Based Services)

Location TrackingLocation PrivacySecure Data Aggregation

Conclusion

Easy Simple Cheap Practical Applicable

Q & A