Localization Techniques for Urban Sensing - PowerPoint PPT Presentation

1 / 63
About This Presentation
Title:

Localization Techniques for Urban Sensing

Description:

... network is or becomes dishonest and cheats on everyone else about its position. ... report a false power level to an honest node to cheat on its position ... – PowerPoint PPT presentation

Number of Views:53
Avg rating:3.0/5.0
Slides: 64
Provided by: anilkapurr
Category:

less

Transcript and Presenter's Notes

Title: Localization Techniques for Urban Sensing


1
Localization Techniques for Urban Sensing
  • Anil Kapur, Rafael Laufer, Thomas Schmid, Ian Yap
  • CS219 Urban Sensing
  • Prof. Deborah Estrin

2
Trilateration
  • Relative positions of objects using the geometry
    of triangles
  • Known locations of two or more reference points
  • Measured distance between the subject and
    reference points

3
Trilateration
  • Distance can be measured by different means
  • Time of Arrival (ToA)
  • Delay between the sender and receiver
  • One-way time requires synchronization
  • No synchronization for round-trip time
  • GPS, usual radars or sonars
  • Received Signal Strength Indication (RSSI)
  • Map of signal distribution
  • Model or measurements
  • RADAR, Ad hoc Positioning System (APS)

4
Multilateration
  • Measures Time Difference Of Arrival (TDOA)
  • Signal from the object to the receivers
  • Signal from the synchronized transmitters to the
    object

(t1 - t2)
5
Triangulation
  • Relative positions of objects using the geometry
    of triangles
  • Known distance between two or more reference
    points
  • Measured angles between the subject and reference
    points
  • Law of sines and cosines

6
Triangulation
  • Angles can be measured by the Angle of Arrival
    (AoA)
  • Direction of propagation of a RF wave incident on
    an antenna array
  • Phase shift at individual elements of the array

?
2
7
Global Positioning System
  • A worldwide radio-navigation system
  • Every square meter has a unique address
  • A constellation of 24 satellites and their ground
    stations
  • 6 orbital planes, 12-hour orbits at approximately
    20,000 km

8
How does GPS work?
  • aa

9
How does GPS work?
  • Trilateration from the satellites
  • Satellites as references points for all locations
    on Earth
  • Distance measured using the travel time of radio
    signals
  • Very accurate timing
  • Location of satellites in space
  • Error corrections

10
Trilateration from the Satellites
11
Measuring Distance
  • Receivers measure the travel time of signals from
    the satellites
  • Satellite and receivers have synchronized clocks
  • Transmitted signal is well-known
  • Satellites and receivers generate the signal
    simultaneously
  • Measurement of how late the signal arrives
  • Travel time multiplied by the speed of light
    equals distance

12
Pseudo-Random Code
  • Sequence of digits which can be easily replicated
  • Receiver knows the bit pattern to expect
  • Each satellite has its own unique pseudo-random
    code
  • Satellites and receiver simultaneously generate
    the code
  • Receivers shifts its own code to match the
    satellites one

receiver
satellite
?t
13
Perfect Timing
  • Satellites have atomic clocks
  • Receivers cannot afford them
  • Correction factors are applied

14
Location of Satellites
  • High orbits used (? 11,000 miles)
  • Atmosphere does not interfere
  • Satellites orbit according to simple math
  • Receivers have an almanac of satellites
    positions
  • Ground stations (namely DoD) control GPS
    satellites
  • Precise radars to check satellites altitude,
    position, and speed
  • Correction of errors
  • Gravitational pulls from the moon and sun
  • Pressure of solar radiation

15
Location of Satellites
  • Accurate position relayed to the satellites
  • Corrected position included in satellites signal

16
Error Correction
  • Speed of light only constant in vacuum
  • Charged particles of ionosphere
  • Water vapor in troposphere
  • Multi-path error
  • Temporary errors
  • Solutions
  • Modeling
  • Dual frequency
  • Rejection techniques

Ionosphere
Troposphere
17
Error Correction
  • Selective Availability
  • Intentional signal degradation
  • Enemies cannot use GPS to make accurate weapons
  • Noise introduced into the satellites clock data
  • Military receivers use a special decoder
  • Turned off in 1996
  • Make GPS more responsive to civil and commercial
    use
  • Differential GPS could be used to improve
    accuracy anyway

18
Error Correction
  • Summary of GPS Error Sources (from Trimble)

Typical Error (m) Standard GPS Differential GPS
Satellite Clocks 1.5 0.0
Orbit Errors 2.5 0.0
Ionosphere 5.0 0.4
Troposphere 0.5 0.2
Receiver Noise 0.3 0.3
Multipath 0.6 0.6
19
Assisted GPS (A-GPS) and Cellular
  • What is A-GPS?
  • Utilize terrestrial wireless systems to augment
    GPS
  • Reduces convergence time and increases precision
    sometimes
  • Enhanced 911 (E911) mandate required wireless
    carriers to pinpoint the location of callers by
    October 2001
  • Phase 1 required reporting of phone number and
    antennae location
  • Phase 2 required phone number and 50 to 300 meter
    precision
  • Two main providers of cellular location services
  • Snaptrack and Global Locate
  • Focus on Snaptrack
  • Technology deployed in all Sprint and Verizon
    cell phones
  • IS-801 Standard Position Determination Service
    for Dual Mode Spread Spectrum Systems

20
How Snaptracks WorksSystem Overview
21
How Snaptracks WorksSequence of Events
  • Phone (ms) sends server (through IP) the base
    station ids(BSSID)
  • Server returns satellites overhead based upon
    BSSID.
  • Phone switches radio to GPS mode and searches for
    satellites (also keeps data connection up)
  • Measures distances to satellites and either
  • Reports values to server for calculation(network
    based)
  • Calculates location on MS (MS-based)

22
Snaptracks Notes
  • Hybrid mode
  • Uses cell towers to coarsely locate
  • Uses a combination of cell towers and values from
    lt 3 satellites to determine location (heuristics)
  • Cant use the phone while youre doing a location
    fix
  • High-rate position fixes can drain the battery
    quickly.

23
What is Galileo?
  • European Global Navigation Satellite System
    (GNSS)
  • 30 satellites 27 sats and 3 spares
  • Guaranteed service to civilians (GPS has no
    guarantee)
  • Various levels of service
  • Interoperable with US
  • EGNOS differential corrections
  • Even spacing of satellites (unlike GPS)

24
Why Galileo?GPS Shortfalls
  • Political statement by Europe, etc signaling
    independence
  • Funded by China, Israel, India, etc.
  • Brings jobs and to Europe
  • Independence from unreliable US military system
  • Better performance
  • Poorer performance at extreme latitudes
    (airplanes)
  • Better coverage in cities (more satellites with
    even spacing)
  • Better reliability
  • 2.5 GNSS systems
  • GPS has no service commitments
  • Integrity (Health warnings are quick)

25
Five Levels of Service
  • Open Access
  • This will be free to air and for use by the
    mass market Simple timing and positioning down
    to 1 meter.
  • Commercial
  • Encrypted High accuracy at the 1 cm scale
    Guaranteed service for which providers will
    charge a fee
  • Safety of Life
  • Open Service Applications where guaranteed
    service required Integrity messages warn of
    errors
  • Public Regulated
  • Encrypted Always available Government users
  • Search and Rescue
  • System will pick up distress beacons






http//news.bbc.co.uk/1/hi/sci/tech/4555276.stm
26
EGNOSEuropean Navigation Overlay Service
  • 34 reference stations on the ground to monitor
    satellites
  • 4 Mission control centers process reference
    station information
  • Satellite uplinks send corrections to 3
    geostationary satellites which then send signals
    to terrestrial EGNOS receivers
  • Receivers also get info from internet or radio
  • Failures reported in 6 secs

27
EGNOS Performance
28
Galileo Interoperability
  • Shares some of the same frequencies with Galileo
  • E2-L1-E1 and L5
  • Use different signaling structures and code
    sequences
  • Interference between systems less than
    Intrasystem
  • Does not share 1227.6 MHz frequency which is a
    US military frequency
  • Data sent contains
  • Ranging messages
  • Satellite clock
  • Ephemeris
  • Space Vehicle Identity
  • Status Flag
  • Constellation Almanac
  • Accuracy
  • Integrity Information (gathered from ground)

29
GPS vs GPS/Galileo Precision
  • GPS alone HDOP is 2.5 meters while GPS/Galileo
    HDOP is 1.5 meters.
  • Incremental but significant improvement
  • Also showed faster time to first fix numbers

http//www.gpsworld.com/gpsworld/article/articleDe
tail.jsp?id30689pageID2
30
GPS Inaccuracies
Ionospheric effects /- 5 meters
Shifts in the satellites in orbit /- 2.5 meters
Clock errors of the satellites clock /- 2 meters
Multipath effect /- 1 meter
Tropospheric effects /- 0.5 meters
Calculation rounding errors /- 1 meter
Total Error /- 15 meters
http//www.kowoma.de/en/gps/errors.htm
31
Why SA Was Turned Off
  • US military relies on commercial devices
  • C/A provides good enough accuracy for missiles
  • Improve SCUDs by 20-25 (according to RAND)
  • DGPS(WAAS) already solves for discrepancy within
    the US

http//www.afa.org/magazine/April1996/0496gpsin.as
p
32
A survey on some Security Issues in Localization
  • Three Types of positioning systems
  • How these systems can be attacked
  • How to fight the attacks for each system
  • Special Case Study Verifiable Multilateration

33
Two major types of positioning
  • Node-centric
  • The node figures out is own position by observing
    signals received from public base-stations with
    known locations.
  • Infrastructure-centric
  • A node needs to figure out its position based on
    mutual communications with other nodes and also
    based on what other nodes think its location is.

34
Types of attacks
  • Two basic forms of attacks
  • Internal attacks
  • One of the nodes in your network is or becomes
    dishonest and cheats on everyone else about its
    position. This is easy to implement on
    node-centric positioning systems.
  • External attacks
  • An external malicious machine manages to convey
    false info on an honest nodes position to the
    network

35
Attacks in specific areas
  • GPS (Global Positioning System)
  • US Positioning (Ultrasound)
  • RF Positioning (Radio Frequency)

36
Attacks in specific areas
  • GPS (Global Positioning System)
  • US Positioning (Ultrasound)
  • RF Positioning (Radio Frequency)

37
Screwing with GPS
  • Satellite signals inherently not encrypted
  • Your GPS satellite broadcasts two types of
    signals the civilian unencrypted signal and the
    military(coded) signal
  • All private companies and most of the federal
    government use the civilian signals
  • Military signals are reserved for, well, military
    uses only

38
Screwing with GPS
  • A typical GPS radio signal has a strength of
    about 0.0000000000000001 (1x10-16) Watts at the
    Earths surface
  • Easily jammed or blocked by attackers (
    Instructions available for free online )
  • A worse kind of attack is using a GPS Satellite
    Simulator to spoof positions. Each one costs only
    10k to 50k or can be rented for 1k per month
    like your apartment
  • Your typical GPS device by default will happily
    accept these fake stronger signals than the real
    ones coming from outer space
  • Coming up, algorithm for stealing cargo based on
    a real experiment by Los Alamos National Labs

39
Cargo-Stealing 101
  • Tactical Scenario 1
  • Knock the driver and any passengers out so they
    dont start yelling, steal truck
  • Put fake GPS satellite simulators on truck
  • Drive off the authorized route while pretending
    to still be on-course thanks to the simulators
  • When authorities find out, it is too late

Courtesy of Los Alamos National Labs Report 2003
40
Cargo-Stealing 101
  • Tactical Scenario 2
  • Sneakily, first feed the GPS tracking system of
    the authorities with fake data of where the truck
    is with your trusty simulator.
  • Knock the driver and any passengers out so they
    dont start yelling, steal truck
  • Authorities will descend upon the wrong location
    to find the truck and be very disappointed

Courtesy of Los Alamos National Labs Report 2003
41
Dealing with GPS issues
  • Military GPS protected from position spoofing by
    codes unbreakable by attackers
  • Not true for civilian GPS systems
  • Your typical GPS device by default will happily
    accept these fake stronger signals than the real
    ones coming from outer space
  • It is important to at least phase out crude form
    of GPS signal spoofing attacks
  • This can be done by software modifications
  • More often than not, your GPS device is also
    vulnerable to physical attacks

42
Attacks in specific areas
  • GPS (Global Positioning System)
  • US Positioning (Ultrasound)
  • RF Positioning (Radio Frequency)

43
Screwing with Ultrasound
  • Mainly used for indoors tracking
  • Distance between nodes measured by time of
    propagation of sound signals ( i.e. ToF Time of
    Flight )
  • Vulnerable to distance reduction or enlargement
  • This is because you can go slower/faster than the
    speed of sound

44
Dealing with Ultrasound issues
  • The Echo protocol by Sastry from Berkeley
    proposes an Ultrasound distance bounding
    technique that can prevent distance reduction
    from internal attacks
  • The protocol requires that all verifiers must be
    inside the region of interest and basically
    focuses on whether an internal node is lying
    about is position
  • External attackers can still screw with the system

45
Attacks in specific areas
  • GPS (Global Positioning System)
  • US Positioning (Ultrasound)
  • RF Positioning (Radio Frequency)

46
Screwing with Radio Frequency
  • Problems with using RSS for distance measurements
  • Distance calculation based on transmitting a
    signal and measuring the received signal
    strength(RSS).
  • Internal attacker can report a false power level
    to an honest node to cheat on its position
  • External attackers can jam nodes mutual
    communication and replay the messages with higher
    or lower strength

47
Screwing with Radio Frequency
  • RF Time-of-flight measurement is more accurate,
    because the signal is sent at the speed of light
  • This means external attackers can only increase
    the distance measured and not ever decrease it
  • However, internal attackers can still lie about
    the distance

48
Dealing with Radio Frequency issues
  • Brands and Chaum described a more secure
    distance-bounding protocol that can prevent an
    internal attacker from reducing the measured
    distance
  • This is because the nodes can set lower bounds on
    the measured distance
  • Originally a protocol to deal with Mafia fraud
    attacks

49
Special TopicVerifiable Multilateration(VM)
  • Proposed by Srdjan Capkun
  • Position verification algorithm/protocol using RF
    distance-bounding
  • Designed for cases when positioning of untrusted
    devices has to be done in the vicinity of
    external attackers
  • Basic idea is that a point in this scenario can
    securely measure its position by measuring its
    distances to three other trusted nodes(called
    verifiers) in 2-D space(triangle), or 4 others in
    3-D space(pyramid)

50
Special TopicVerifiable Multilateration(VM)
  • The point you are measuring from needs to be
    entirely enclosed by at least three
    verifiers(trusted nodes) in a triangle

51
Guarantees of Verifiable Multilateration(VM) with
distance-bounding
  • 1. A node located at a certain position within a
    triangle/pyramid formed by verifiers cannot prove
    to be in another position within the same
    triangle/pyramid
  • 2. A node outside the triangle/pyramid cannot
    prove to be inside the triangle/pyramid
  • 3. An external attacker performing
    distance-enlargement attack cannot trick
    verifiers into believing that a device located
    inside the triangle/pyramid is outside of the
    triangle/pyramid. Same for vice versa.

52
Threats to VM (device cloning)
  • Cloned devices seem the same to the base stations
    (they have the same authentication material).
  • Attacks
  • An attacker can show to be at any position at
    which it placed a cloned device
  • An attacker can place one cloned device next to
    each of the base stations and pretend to be at
    any position by enlarging the distances

BS2
BS3
MN
MN
  • Possible solutions
  • making parts of the devices tamper-resistant
  • device fingerprinting

MN
BS1
53
Differential GPS
  • Main error sources
  • Ionosphere 4m
  • Clock 2.1m
  • Ephemeris 2.1m
  • Troposphere 0.7m
  • Receiver 0.5m
  • Multipath 1.0m
  • Total 10.4m
  • Why inaccuracy of 80-100m? Selective Availability

54
DGPS with Beacon
  • At known locations collect satellite errors
  • Send errors to mobile receivers
  • Accuracy 1-5 meters
  • This lead the US military to turn off SA
    (selective availability), i.e., the error
    introduced into the timing of GPS signals

55
WAAS, EGNOS, MTSAT
  • WAAS Wide Area Augmentation System (US)
  • EGNOS European WAAS
  • MTSAT Japanese WAAS
  • They are all compatible and called WADGPS (Wide
    Area Differential GPS)

56
WADGPS
  • Specific locations measure inaccuracy
  • Master control compiles the data and uploads to
    satellite
  • New satellites with IDs gt 32 send WADGPS data to
    GPS receivers
  • All new Garmin and Magellan support WADGPS

57
Some Details on WADGPS
  • Clock errors change every minute
  • Ephemeris and ionosphere errors change every 2min
    (considered valid up to 6 times)
  • Ionosphere error depends on location
  • Ephemeris and clock depend on satellite
  • Country divided into grid for location data
  • More details at http//www.gpsinformation.org/dal
    e/dgps.htm

58
Future Work
  • Radio Interferometric Positioning
  • Distributed Localization of Networked Cameras

59
Radio Interferometric Ranging
  • Transmitter send on slightly different
    frequencies (100-800Hz difference)
  • Equation system for multiple carrier frequencies

fCD (dAD-dBDdBC-dAC) mod ?
60
Performance
  • Without multipath, 35m average distance 4cm
    average, 12cm max
  • With moderate multipath, 9m neighbor distance
    average 5cm, 68 lt 10cm

61
Distributed Localization of Networked Cameras
  • Area of networked cameras
  • A lot of work to exactly localize each camera (x,
    y, z, orientation)
  • Cameras can collaborate and probabilistically
    reason on which camera positions are consistent
    with the observed images
  • Only minimal camera overlap is necessary

62
(No Transcript)
63
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com