TDOA Source-Localization Technique Robust to Timing Attacks

TL;DR

This paper examines the vulnerability of TDOA-based source localization to timing attacks and introduces a robust two-step localization method that accounts for synchronization uncertainties and detects compromised sensors.

Contribution

It demonstrates the severe impact of timing attacks on localization accuracy and proposes a novel weighted least-squares approach that enhances robustness against such attacks.

Findings

Timing attacks can cause localization errors of several kilometers.

Residual analysis fails to detect timing attacks effectively.

The proposed method improves localization accuracy and identifies network corruption.

Abstract

In this paper, we focus on the localization of a passive source from time difference of arrival (TDOA) measurements. TDOA values are computed with respect to pairs of fixed sensors that are required to be accurately time-synchronized. This constitutes a weakness as all synchronization techniques are vulnerable to delay injections. Attackers are able either to spoof the signal or to inject asymmetric delays in the communication channel. By nature, TDOA measurements are highly sensitive to time-synchronization offsets between sensors. Our first contribution is to show that timing attacks can severely affect the localization process. With a delay of a few microseconds injected on one sensor, the resulting estimate might be several kilometers away from the true location of the unknown source. We also show that residual analysis does not enable the detection and identification of timing attacks. Our second contribution is to propose a two-step TDOA-localization technique that is robust against timing attacks. It uses a known source to define a weight for each pair of sensors, reflecting the confidence in their time synchronization. Our solution then uses the weighted least-squares estimator with the newly created weights and the TDOA measurements received from the unknown source. As a result, our method either identifies the network as being too corrupt to localize, or gives a corrected estimate of the unknown position along with a confidence metric. Numerical results illustrate the performance of our technique.