Location Security under Reference Signals’ Spoofing Attacks: Threat Model and Bounds

Most localization systems rely on measurements gathered from signals emitted by stations whose position is assumed known as ground truth, namely anchors. As demonstrated by a significant bulk of experimental research, location security is threatened when an attacker becomes able to tamper either the signals emitted by the stations, or convince the user that the anchor station is in a different position than the true one. With this paper, we first propose a formal threat model which captures the above-mentioned wide class of attacks, and permits to quantitatively evaluate how tampering of one or more anchor locations undermines the user’s localization accuracy. We specifically derive a Cramér Rao Bound for the localization error, and we assess a number of example scenarios. We believe that our study may provide a useful formal benchmark for the design and analysis of detection and mitigation solutions.


INTRODUCTION
Location information is enabling a plethora of new services beyond classic navigation, including smart network management and location-based analytics, which leverage the accurate estimation of users' location. However, while the social and economic value of localization information grows in mobile networks [4,7,10], and while the cellular networks are in the process of including localization facilities in the incoming 3GPP standardization [1,2], a multiplicity of adversaries may find threatening value in attacking localization technologies and services so as to alter the end-user's belief of being in a given position -imagine for instance the potentially dramatic consequences of a location deception attack that diverts a driver-less car out of its path.
The networking community has broadly explored localization threats in several domains [11][12][13], and also with specific focus on the experimental proof-of-concept of attacks [3,14,17]. A striking recent example is reference [15] which demonstrates how to divert an aircraft out of its landing track by exploiting the lack of authentication of ILS (Instrument Landing System) radio communications.
In terms of nonadversarial localization, the analysis of localization accuracy of wireless networks has been widely studied in the literature. The Fisher information is used to examine the accuracy of maximum likelihood estimators of an unknown parameter vector. Specifically, Fisher information has been used extensively to derive the user's localization information in the presence of multiple impairments to signal propagation, leading to the minimum achievable localization error, namely squared position error bound (SPEB) [5,9,16,18].
Nevertheless, in terms of adversarial localization, a formal threat model for the localization error is still missing. Such threat model would be pivotal for the design and comparison of countermeasures. In this paper, we investigate localization tampering attacks, focusing on the case where the information of anchor nodes (e.g., base stations or access points) are tampered, hence undermining the user's localization accuracy.
First, we provide a mathematical model for the description of such spoofing attacks. Then, we derive the SPEB in the presence of tampering attacks and compare it with the case in the absence of the attack. While the model is technology-agnostic, we use localization on received signal strength indicator (RSSI) to exemplify its derivation. Numerical results show the effect of system parameters on the localization error. We believe that the proposed model and bound can give insights into the impact of such attacks on the accuracy of user's localization and provide a benchmark for the design and analysis of detection and mitigation solutions. Table 1 describes the notation used for the model derivation.

THREAT MODEL
The scenario considered in this paper is a very classical one: an end-device infers its own position by means of suitable measurements taken from a set of reference anchor stations whose position is assumed known. A location spoofing attack can be technically performed by several different means, by altering the measurement process so that the reference anchor station is perceived as closer (or farther, or shifted) from its real place, or by deploying a rogue station claiming to be a legitimate one but placed in a different position, or by corrupting the control system which provides the legitimate anchors' positions.
Our proposed threat model aims to abstract from the specific details of each attack, and rather has the ambition to provide a reference formal model common to all the above specific cases. The intuitive idea is that a location attack occurs when the attacker is capable to associate an anchor's position to an observable not representative of the claimed position, being irrelevant whether this is obtained by tampering the measurements or by spoofing the claimed position. In what follows we formalize this notion.

Formal model
Consider a localization network as consisting of N b anchors for inferring the location of an agent, which is at p. 1 The ith anchor is at position p i , and The agent location is inferred based on measurements of signals communicated between each anchor and agent. In particular, the measurement vector is where z i is measured between the ith anchor and the agent. 1 In this paper, we consider p ∈ R 2 .
An example illustration is given in Fig. 1. The localization algorithm exploits z together with the information about the anchors' positions [6]. Each measurement depends on the true anchor and agent positions according to a measurement model, e.g.
where n i ∼ N (0, σ 2 i ) and the measurements from different anchors are independent. Example cases are when the measurement is a timing, angle, or power measurement and we know the signal speed and the anchors' position.
If we model the agent position as a deterministic but unknown parameter, and the anchor positions as a deterministic and known parameter, the likelihood function for the vector p is where each f (z i , p, p i ) is obtained according to the measurement model in (1). If the likelihood function is known, the maximum likelihood (ML) estimator is the optimal solution, as it achieves the Cramér-Rao bound (CRB) asymptotically in the high signal-to-noise ratio (SNR) regimes, as we will discuss in Sec. 3. The ML estimator is unbiased, i.e. E{p} = p, wherep is the estimate of p. In most cases, the likelihood function is unknown in general, as the parameters of the measurement distribution can be unknown (or, at most, partially known). In such practical cases, sub-optimal estimators are considered, e.g. using the well known trilateration algorithm or the least square algorithm.

Error Model for the Spoofing Attack
In the presence of a spoofing attack, where the anchor positions are tampered, the main effect is that the measurement z i is taken with respect to the true anchor at p i , and therefore follows the true measurement model z 0 (p, p i ) +n i . Nevertheless, as the information about the anchor position is tampered, i.e. the information on p i is biased as p i + δ i , where δ i the bias, if there is no detection or awareness of such a tampering attack, the localization algorithm will estimate the agent position according to an incorrect measurement model, i.e. z 0 (p, p i + δ i ) + n i . The effect of such an incorrect measurement model on the accuracy of localization depends on several system parameters and on the estimator itself. In general, different estimators will be less or more robust to this type of attack.
In the case of a ML estimator, the position estimate under attack will bep Note that for δ i 0 for some i, the ML estimator is biased, i.e. E{p sp } p. We define the spoofing error as e sp =p sp − p .
Let us now consider the following system of N b equations with respect top If there exists a solution to (4), such vectorp would be the position of the agent in the case the true position of the ith anchor would be p i + δ i for each i = 1, 2, . . . , N b and the measurement between the anchor and the ith anchor would have the expected value z i . In  N (µ, σ 2 ) denotes the univariate Gaussian distribution with mean µ and variance σ 2 such a case, i.e. in the absence of any spoofing, a ML estimator for the case with an agent atp and the anchors p i + δ i would solve the equivalent problem as in (3) as an unbiased estimator. Then, E{p} =p. It follows that, being this the identical problem as (3) we have Note that (5) is valid for any estimator that is unbiased in the absence of an attack, i.e. E{p |δ = 0} = p and that is based on a measurement model as in (1). Ifp does not exists, i.e. the system of N b equations in (4) has no solution, then the error will depend on the specific localization algorithm and the measurement model.

Example Case Study: Range-based Localization using RSSI
As an example, we here focus on the range-based localization using RSSI. In this case, each anchor transmits with power P T . The signal propagates in fading channel where the fading is modeled as a lognormal random variable n i ∼ N (0, σ 2 ). Thus, the power received at the agent from the ith anchor is where d i = ∥p − p i ∥ is the true distance between the ith anchor and the agent, η is the path-loss exponent, and n i ∼ N (0, σ 2 ) are statistically independent. In this case, given the anchors' spoofed positions p i + δ i with i = 1, 2, . . . , N b , and following (4), we havě When and r i = ∥p i ∥. In such a case, if there exists a solution to the system of equations in (7), such solution isp =Ǎ −1č , wherě Note that we can also writep = Gp with G =Ǎ −1 Q c A and Q c being a transformation matrix such thatč = Q c c.

ERROR BOUND UNDER SPOOFING ATTACK
Consider the measurement model f (z i , p) for the observation z i and unknown deterministic parameter vector p. Letp be any unbiased estimate of p given p i . Based on the information inequality, which gives a lower bound on the mean squared error (MSE) of estimators, we have where J p is the Fisher information matrix for the parameter vector p and tr{J −1 p } is called the SPEB [16]. As we have discussed in Sec. 2, an estimatorp that is unbiased in the absence of a tampering attack, i.e., E{p |δ = 0}, becomes biased when δ 0 due to the incorrect measurement model. In such a case, E{p |δ 0} = p + e sp , where e sp is the bias due to the tampering attack.
The information inequality on the mean squared error of such a biased estimators should take into account the bias e sp . In particular, we define and we derive the SPEB for a biased estimatorp as

Example Case Study: range-based Localization using RSSI
The (12) is general for any biased position estimator. For rangebased localization with RSSI, J p is well known from the literature [8] and given by From (9), it follows that Ψp ,δ =Ǎ −1 Q c A, where Q c is a transformation matrix such thatč = Q c c.

NUMERICAL RESULTS
In this section, we evaluate the effects of tampering on location estimation using simulation results. We consider a network on N b = 3 anchors uniformly distributed on a circumference of radius r = 1 km. We consider the agent as uniformly distributed within a squared area of 1 by 1 km. RSSI-based localization is considered following the measurement model in (6) with σ varying from 0.1 to 10, and η = 2. The spoofing is simulated considering a constant value δ i = [δ, δ ] equal for all the spoofed anchors. We consider the case with a single spoofed anchor and two spoofed anchors. Location estimation is performed with a least square algorithm, which is equivalent to the MLE when σ is constant. Fig. 2 shows the SPEB and MSE varying δ when a single or two anchors are spoofed. The second spoofed anchor increases both the MSE and the SPEB. Note that the value of the MSE with two spoofed anchors and δ = 270 m is comparable to the MSE with a single spoofed anchor with δ = 350 m. As a matter of fact, the value of the bias is the leading parameter and therefore even a single spoofed anchor can impact dramatically the localization performance. Fig. 3 shows the SPEB and the MSE as a function of σ for δ = 100, 400, and 800 m with a single or two spoofed anchors. When the value of δ is above 100 m, the effect of sigma is negligible for any value of σ in the interval considered. Also, when δ = 100 m,   the effect of the number of spoofed anchors is much smaller than when δ > 100 m. This fact corroborates what observed in Fig. 2 and shows that the measurement noise has a little impact in the presence of spoofing attacks. Fig. 4 shows the MSE varying the number of anchors N b for the case with a single or two spoofed anchors. As it could be expected, the MSE decreases with the number of anchors that are not affected by spoofing. In particular, with N b = 8, the case with a single spoofed anchor is very close to the case without spoofing, meaning that the effect of the spoofing has been mitigated with a greater number of anchors. On the other side, when two anchors are spoofed, even N b = 8 anchors are not sufficient to mitigate completely the effect of the spoofing. These results provides a quantitative indications of the number of non-spoofed anchors required to compensate the bias introduced by the spoofed anchors.

CONCLUSION
The main contribution of this paper is the proposal of a formal reference model designed to abstract a variety of location spoofing attacks. We present a mathematical model for describing spoofing assaults. The relevant Cramér-Rao bound is then derived in the presence of tampering attacks and compared to the case in which the assault is not present. While the model is technology agnostic, we demonstrate its derivation using RSSI-based localization. The effect of system parameters on the localization error is demonstrated numerically. Owing to its generality, our model may become a convenient formal benchmark for location security assessment, an area which appears to attract a growing interest, also considering the ongoing native integration of positioning technologies in the evolving 5G network. Future works will focus on the development of techniques for the detection and mitigation of the location spoofing attacks.