Why geo-security?Location information does not require memorization.Location information cannot be lost or stolen.Location information cannot be delegated.People have low awareness of security threats.Many security attacks do not require physical access to legistimate users’ locations.

ReferencesS. Abe. Support vector machines for pattern classification. Springer-Verlag New York, 2005.Y. Dodis, L. Reyzin, and A. Smith. “Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data”. R. O. Duda, P. E. Hart, and D. G. Stork (2001) Pattern classification (2nd edition), Wiley, New York.J. Hruska. “Microsoft patent brings Miss Manners into the digital age”. June 11, 2008

Reproducibility analysis

Pattern classification for geotag generation

Geo-security works in two steps

System models

Di Qiu*, Sherman Lo, Dan Boneh and Per EngeStanford University, Stanford, CA

*qiudi@stanford.eduhttp://waas.stanford.edu/

Robust Geotag Generation for Security Applications

Geotag potential applications

Geo-security uses location-dependent signal characteristics from multiple transmitters to restrict access of information content or electronic devices. Location-dependent parameters from radio navigation signals are mapped to compute a location verification tag or “geotag” at the calibration step; the getoag is stored in a database for future verification.

Seasona monitor data were used to examine the Loran geotag reproducibility. A seasonal monitor station was set up on the roof of Durand building at Stanford University.

A fuzzy extractor is a tuple (M, , Gen, Rep), where M is the metric space with a distance function dis, Gen is a generate procedure and Rep is a reproduce procedure, which has the following properties:

ConclusionWe proposed location-based security services using RF signals in which location is used as a validation to restrict or deny certain actions in security applications. Fuzzy extractors were applied to improve the geotag reproducibility and reduce the impact of noise, seasonal bias, quantization errors, and offline transmitters. Classifier-based geotag generationalgorithms were developed to achieve high spatial discrimination.

I. Getoag generations and matching

Reproducibility means that measurements at the same location at different times will always produce the same geotag. Reproducibility is a fundamental requirement to derive a robust geotag. False reject rate (FRR) is used to quantify geotag reproducibility.

AcknowledgementsWe would like to thank Mitch Narins of the FAA Loran Program Office for supporting this effort. Thanks to Dr. Greg Johnson, Ruslan Shalaev, and Christian Oates from Alion Science & Technology and US Coast Guard (USCG) Loran Support Unit (LSU) for providing data collection equipment. This work is supported by FAA Loran program CRDA 2000-G-028.

Receiver Geotag Generation

Database

Application

Grant/Deny?

Matching

Calibration

Verification

LOOPT The technology provides geosocial networking services to users and enables them to locate friends via their GPS-based cell phones. A central server performs matching algorithms to compare users’ computed geotag and notifies the users via SMS messages if the geotags are matched. Geotags protect users’ privacy as they do not reveal the users’ physical locations.

Digital Manners Policy (DMP) Technologies attempt to enforce manners at public locations. A DMP-enabled cell phone can be programmed by the cellular service provider to turn off the phone's camera while inside a hospital, locker room, or classified installation.

Data Access Control A computer disk drive can be programmed to work only while in the secure data center; an attacker who steals the device will not be able to interact with it.

Geo-fencing Laptops can only be used in the “predefined” areas. Once the devices are outside the geo-fence, they will be automatically locked down.

User A

User B

Central server

xA

xB

SMS

DMP Master Transmitter

∑ =⊕=

∆+∆=∈=

=otherwise.0

1)(')(~1 if1)',~(

))1(,[;)(

1

n

i

iiki

iTiTnTTM

kkSxkiT

a. Quantization-based

b. Deterministic

=

=

−∑=

=

ℑ∈

=

otherwise.0

~minarg if1)',~(

)|'|1(1)',(1

1

TDTTM

xxwn

xxD

xT

T

ppii

n

i i

II. Performance metrics

Two hypotheses Two errors False reject: accepting hypothesis when is true False accept: accepting hypothesis when is true

0H1H

0H 1H0H

Quantization step

Data collection setup Seasonal monitor dataThe monitor data were collected for a 90-day period to observe seasonal variations in Loran signals. The following illustrates the TD measurements from Middletown and FRR of Loran geotag.

Fuzzy extractor

Generationx P Reproducex’P

…

T T’

0t

If dis(x, x’) ≤ , T’ = T. If dis(x, x’) ≥ , T’ ≠ T.

0t0t

1H

: accepting as a user : rejecting as an attacker

Definition Euclidean metric fuzzy extractor- Random noise, seasonal bias, quantization error- Adjust quantization offsets

Hamming metric fuzzy extractorSecret sharing-based

,

)( .. ,,...,numbers random are ,...,, where

,...)()(Gen

1

21

221

=>=<

++++==

jjk

k

kk

qiftsiiPaaa

xaxaxaTifx

>=<

=)0('

' and using )(t Reconstruc),'(Rep

fTqPif

Px x

Pattern classification extracts decision rules from data to assign class labels to future data samples. - Maximize the difference between classes - Minimize the within-class scatterThe quality of a feature vector is essential to spatial discrimination/decorrelation. The data property shouldbe learned to choose an appropriate classifer to robustgeotag generation.

Goal

Linear separability Non-linear separability

Highly correlatedMulti-modal

ClassifersThe task of a classifier is to partition feature space into class-labeled decision regions. Borders between decision regions are called decision boundaries. A classifier can be represented as a set of discriminant functions. We select the classifiers—k-nearest neighbor (kNN) and support vector machines (SVM)—to implement and generate a geotag.

b. SVMOptimal separating hyperplane – find a hyperplane with minimum misclassification rateTradeoff: margin and capacity

x1

x2

Large Margin

x1

x2

Small Margin

Spatial discrimination comparison

a. kNN

x1

x2

x

- ‘Memory’ based classification- No training phase is required: ‘lazy’ learning approach- High computational cost

Calibration:

Verification: