How to Defeat Attacks? Accept Rate False High SNR Results in High SD

Home , Replay attack

Geoencryption System Security: Loran as A Case Study Di Qiu*, Sherman Lo, and Per Enge * [email protected] Stanford University, Stanford, CA http://waas.stanford.edu/

What Is Geoencryption? How Geoencryption Works? It is an enhancement to traditional encryption that makes use of physical location or time as a mean to produce additional security and security features. It limits the access (decryption) of information content Encryption Process to specified locations and/or times. The algorithm does not replace any of the conventional cryptographic enc cipher algorithms, but instead adds an additional layer of security. In its basic form, location-based encryption 1. The sender encrypts the plaintext using a 1 can be used to ensure that data cannot be decrypted outside a particular facility. Any attempts to access conventional cipher and a key. the secure information at an unauthorized location will result in a failure of the decryption process fails. 2. The receiver delivers his location-based information to the sender. 4 3. The sender generates a geotag and tags it Encryption 3 to the ciphertext. 4. The sender broadcasts the ciphertext and Why Is Geoencryption? the geotag. 2 5 I. Data/Information Security: The emergence of the Internet and personal computers has produced unprecedented information content and access Decryption Process and placed volumes of data at practically anyone’s fingertips. While the Loran Receiver spread of such technology has increased efficiency and knowledge, it has 5. The receiver requires a communication channel also made information theft easier and more damaging. to receive the ciphertext and geotag 6 6. The receiver uses RF antenna and receiver to 7 II. Traditional cryptosystems have inconveniences or weaknesses. capture and condition signals. verify Something you know (PIN, password): can be forgotten. 7. The receiver applies a feature extraction yes Something you have (key, smart card): can be lost or stolen. algorithm and key generation algorithm to Decryption Something you are (biometrics): privacy problems compute a geotag based on the collected RF 8 signals. dec cipher III. Location information has many properties good for encryption or authentication. 8. If the location check is bypassed, the receiver is authorized to the decryption.

Security Analysis Outline Information Measure I. Vulnerabilities of the Protocol/Implementation The security level of a system depends on key/geotag length, which is limited by information content Vulnerabilities refer to all the possible attacks that might weaken the protocol. It is necessary to think of Location-based features. Information theory is used to elaborate the approach to meaure location ahead to come up all the attacks and defeat them. information. Spoof/Forgery Attack: An attacker simulates RF signal to spoof the receiver Replay Attack: An attacker replays modified location information to spoof the receiver. Loran Location-based Features “Parking Lot” Attack: An attacker replies on a probabilistic mapping from an user’s location. GRI 9940 Signal Strength ECD, τ = 2.5 µsec

Attack Model ECD TDOA3 TDOA2 Replay Attack “Parking Lot” Attack µ Volts/m) TDOA1

Forgery Attack Loran Feature Location Features

Receiver Extraction Signal Strength (

II. Geotag Length If a cryptographic protocol is well-designed and there is no analytic attack (i.e., a ‘structural weakness’ in Time (sec) Time (µsec) Time (µsec) the protocol used), the security level of a system depends on the key size. Spatial decorrelation is a measure of uniqueness of location-based parameters and determines the geotag length. Spatial Decorrelation (SD)

Challenge: There is no standard way to quantify security. A basic requirement of Location- Spatial Decorrelation of TDOA based features is the property of uniqueness.

SD measures uniqueness of the Test Locations location parameters. False acceptrate (FAR) is used to quantify and characterize SD.

How to Defeat Attacks? Accept Rate False High SNR results in high SD. I. Signal Authentication Station SNR (dB) Signal authentication allows users to verify the source of the incoming signals as well as check the Fallon 21 integrity of data. We propose the use of Time Efficient Stream Loss-tolerant Authentication (TESLA) Distance (meter) George to authenticate the Loran signal and data broadcast. A preliminary on air test of the system was 6 Middletown conducted using the Middletown transmitter. 32 Searchlight 8

Spatial Decorrelation of TDOA Middletown Decorrelation distance is defined m k h m k h m k h ELR as the minimum distance from the master location where the FAR achieves a reasonably small MAC exp(-0.2445d) m = Loran data k = key h = tag value. Decorrelation distance of h = MAC(m, k) TDOA is approximately 18 meters Verify h’ true or false? for Middletown with FAR < 0.01. Accept Rate False

II. Certified Receiver Different location features have The certified receiver integrates all functions different spatial decorrelation. Nav. Signal Tag in one device. The integrated device makes TDOA > ECD > SNR Distance (meter) Distance (meter) signal authentication more effective and Receiver Authentication Generation protects against the replay attack. Geotag Length (Preliminary Results) Location Assumption: The device is tamper-resistant. Verification An attacker can not extract information from The size of geotag depends on the coverage of Loran stations, information density of the location-based the device or replay modified information to parameters, as well as the spatial decorrelation. A geotag size of 26 bits is estimated based on the location the device. Decryption parameters resulted from Middletown.

More location-based parameters will be examined and an algorithm that uses low SNR stations vto generate

III. Performance Analysis a stable and invariant geotag will be studied. Geoencryption system makes two types of errors: 1) mistaking the measurements from two different locations to be from the same location, called false accept; and 2) mistaking the measurements from the same location to be from two different locations, called false reject. Acknowledgements Thanks to Mitch Narins of the FAA, Loran Program Office for supporting this effort. In addition, thanks go to (1) Symmetricon Grid Size and USCG LSU for data collection equipments; (2) Lt. Kirk Montgomery and USCG for their support of the Middletown tests

FRR Grid Size FAR References [1] L. Scott, D. Denning, “A Location Based Encryption Technique and Some of Its Applications," Proceedings of ION NTM 2003. High SNR Signal [2] D. Qiu, “Geoencryption Using Loran," Proceeding of ION NTM 2007. Better Performance [3] A. Perrig, R. Canetti, J.D. Tygar, D. Song, “The TESLA Broadcast Authentication Protocol," CryptoBytes. [4] International Loran Association (ILA), “Enhanced Loran (eLoran) Definitions Document," January 2007.