Secure RSS-fingerprint-based indoor positioning: Attacks and countermeasures

Lizhou Yuan, Yidan Hu, Yunzhi Li, Rui Zhang, Yanchao Zhang, Terri Hedgpeth

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Indoor positioning systems (IPS) based on RSS fingerprints have received significant attention in recent years, but they are unfortunately vulnerable to RSS attacks that cannot be thwarted by conventional cryptographic means. In this paper, we identify two practical RSS attacks on RSS-fingerprint-based IPS (RSS-IPS. In both attacks, the attacker learns the RSS-fingerprint database at the IPS server by acting as a normal user repeatedly issuing location queries and then impersonates selected APs with fake ones under his control. By carefully tuning the locations and transmission power of fake APs, the attacker is able to control the RSS experienced by victim users at target locations, leading to either a large location error or the IPS server misled into returning a fake location of the attacker's choice. We further design a fingerprint-matching mechanism based on a novel truncated distance metric as the countermeasure. Trace-driven simulation studies based on real RSS measurement data demonstrate the severe impact of the proposed attacks and also the effectiveness of our countermeasure.

    Original languageEnglish (US)
    Title of host publication2018 IEEE Conference on Communications and Network Security, CNS 2018
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    ISBN (Print)9781538645864
    DOIs
    StatePublished - Aug 10 2018
    Event6th IEEE Conference on Communications and Network Security, CNS 2018 - Beijing, China
    Duration: May 30 2018Jun 1 2018

    Other

    Other6th IEEE Conference on Communications and Network Security, CNS 2018
    CountryChina
    CityBeijing
    Period5/30/186/1/18

    Fingerprint

    RSS
    Servers
    Power transmission
    Tuning
    Indoor positioning systems

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Safety, Risk, Reliability and Quality

    Cite this

    Yuan, L., Hu, Y., Li, Y., Zhang, R., Zhang, Y., & Hedgpeth, T. (2018). Secure RSS-fingerprint-based indoor positioning: Attacks and countermeasures. In 2018 IEEE Conference on Communications and Network Security, CNS 2018 [8433131] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CNS.2018.8433131

    Secure RSS-fingerprint-based indoor positioning : Attacks and countermeasures. / Yuan, Lizhou; Hu, Yidan; Li, Yunzhi; Zhang, Rui; Zhang, Yanchao; Hedgpeth, Terri.

    2018 IEEE Conference on Communications and Network Security, CNS 2018. Institute of Electrical and Electronics Engineers Inc., 2018. 8433131.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Yuan, L, Hu, Y, Li, Y, Zhang, R, Zhang, Y & Hedgpeth, T 2018, Secure RSS-fingerprint-based indoor positioning: Attacks and countermeasures. in 2018 IEEE Conference on Communications and Network Security, CNS 2018., 8433131, Institute of Electrical and Electronics Engineers Inc., 6th IEEE Conference on Communications and Network Security, CNS 2018, Beijing, China, 5/30/18. https://doi.org/10.1109/CNS.2018.8433131
    Yuan L, Hu Y, Li Y, Zhang R, Zhang Y, Hedgpeth T. Secure RSS-fingerprint-based indoor positioning: Attacks and countermeasures. In 2018 IEEE Conference on Communications and Network Security, CNS 2018. Institute of Electrical and Electronics Engineers Inc. 2018. 8433131 https://doi.org/10.1109/CNS.2018.8433131
    Yuan, Lizhou ; Hu, Yidan ; Li, Yunzhi ; Zhang, Rui ; Zhang, Yanchao ; Hedgpeth, Terri. / Secure RSS-fingerprint-based indoor positioning : Attacks and countermeasures. 2018 IEEE Conference on Communications and Network Security, CNS 2018. Institute of Electrical and Electronics Engineers Inc., 2018.
    @inproceedings{3b527c20c25f41d4bbed0abb1eb5ede2,
    title = "Secure RSS-fingerprint-based indoor positioning: Attacks and countermeasures",
    abstract = "Indoor positioning systems (IPS) based on RSS fingerprints have received significant attention in recent years, but they are unfortunately vulnerable to RSS attacks that cannot be thwarted by conventional cryptographic means. In this paper, we identify two practical RSS attacks on RSS-fingerprint-based IPS (RSS-IPS. In both attacks, the attacker learns the RSS-fingerprint database at the IPS server by acting as a normal user repeatedly issuing location queries and then impersonates selected APs with fake ones under his control. By carefully tuning the locations and transmission power of fake APs, the attacker is able to control the RSS experienced by victim users at target locations, leading to either a large location error or the IPS server misled into returning a fake location of the attacker's choice. We further design a fingerprint-matching mechanism based on a novel truncated distance metric as the countermeasure. Trace-driven simulation studies based on real RSS measurement data demonstrate the severe impact of the proposed attacks and also the effectiveness of our countermeasure.",
    author = "Lizhou Yuan and Yidan Hu and Yunzhi Li and Rui Zhang and Yanchao Zhang and Terri Hedgpeth",
    year = "2018",
    month = "8",
    day = "10",
    doi = "10.1109/CNS.2018.8433131",
    language = "English (US)",
    isbn = "9781538645864",
    booktitle = "2018 IEEE Conference on Communications and Network Security, CNS 2018",
    publisher = "Institute of Electrical and Electronics Engineers Inc.",

    }

    TY - GEN

    T1 - Secure RSS-fingerprint-based indoor positioning

    T2 - Attacks and countermeasures

    AU - Yuan, Lizhou

    AU - Hu, Yidan

    AU - Li, Yunzhi

    AU - Zhang, Rui

    AU - Zhang, Yanchao

    AU - Hedgpeth, Terri

    PY - 2018/8/10

    Y1 - 2018/8/10

    N2 - Indoor positioning systems (IPS) based on RSS fingerprints have received significant attention in recent years, but they are unfortunately vulnerable to RSS attacks that cannot be thwarted by conventional cryptographic means. In this paper, we identify two practical RSS attacks on RSS-fingerprint-based IPS (RSS-IPS. In both attacks, the attacker learns the RSS-fingerprint database at the IPS server by acting as a normal user repeatedly issuing location queries and then impersonates selected APs with fake ones under his control. By carefully tuning the locations and transmission power of fake APs, the attacker is able to control the RSS experienced by victim users at target locations, leading to either a large location error or the IPS server misled into returning a fake location of the attacker's choice. We further design a fingerprint-matching mechanism based on a novel truncated distance metric as the countermeasure. Trace-driven simulation studies based on real RSS measurement data demonstrate the severe impact of the proposed attacks and also the effectiveness of our countermeasure.

    AB - Indoor positioning systems (IPS) based on RSS fingerprints have received significant attention in recent years, but they are unfortunately vulnerable to RSS attacks that cannot be thwarted by conventional cryptographic means. In this paper, we identify two practical RSS attacks on RSS-fingerprint-based IPS (RSS-IPS. In both attacks, the attacker learns the RSS-fingerprint database at the IPS server by acting as a normal user repeatedly issuing location queries and then impersonates selected APs with fake ones under his control. By carefully tuning the locations and transmission power of fake APs, the attacker is able to control the RSS experienced by victim users at target locations, leading to either a large location error or the IPS server misled into returning a fake location of the attacker's choice. We further design a fingerprint-matching mechanism based on a novel truncated distance metric as the countermeasure. Trace-driven simulation studies based on real RSS measurement data demonstrate the severe impact of the proposed attacks and also the effectiveness of our countermeasure.

    UR - http://www.scopus.com/inward/record.url?scp=85052575153&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85052575153&partnerID=8YFLogxK

    U2 - 10.1109/CNS.2018.8433131

    DO - 10.1109/CNS.2018.8433131

    M3 - Conference contribution

    SN - 9781538645864

    BT - 2018 IEEE Conference on Communications and Network Security, CNS 2018

    PB - Institute of Electrical and Electronics Engineers Inc.

    ER -