skip to main content
10.1145/3485832.3485898acmotherconferencesArticle/Chapter ViewAbstractPublication PagesacsacConference Proceedingsconference-collections
research-article

Security of Multicarrier Time-of-Flight Ranging

Published: 06 December 2021 Publication History

Abstract

OFDM is a widely used modulation scheme. It transmits data over multiple subcarriers in parallel, which provides high resilience against frequency-dependent channel drops (fading) and achieves high throughput. Due to the proliferation of OFDM-enabled devices and the increasing need for location information, the research community has suggested using OFDM symbols for secure (time-of-flight) distance measurements. However, a consequence of relying on multiple subcarriers is long symbols (time-wise). This makes OFDM systems not a natural fit for secure ranging, as long symbols allow an attacker longer observation and reaction times to mount a so-called early-detect/late-commit attack. Despite these concerns, a recent standardization effort (IEEE 802.11az [5]) envisions the use of OFDM-based signals for secure ranging. This paper lays the groundwork for analyzing OFDM time-of-flight measurements and studies the security guarantees of OFDM-based ranging against a physical-layer attacker. We use BPSK and 4-QAM, the most robust configurations, as examples to present a strategy that increases the chances for early-detecting the transmitted symbols. Our theoretical analysis and simulations show that such OFDM systems are vulnerable to early-detection/late-commit attacks, irrespective of frame length and number of subcarriers. We identify the underlying causes and explore a possible countermeasure, consisting of orthogonal noise and randomized phase.

References

[1]
[n.d.]. 3db Access AG - Proximity based access control. https://www.3db-access.com/. [Online; Accessed March 25th 2021].
[2]
[n.d.]. DW1000 Radio IC - Decawave. https://www.decawave.com/product/dw1000-radio-ic/. [Online; Accessed March 25th 2021].
[3]
Task Group 4z. [n.d.]. IEEE 802.15 WPAN ”Enhanced Impulse Radio”. http://www.ieee802.org/15/pub/TG4z.html. [Online; Accessed March 25th 2021].
[4]
Gildas Avoine, Muhammed Ali Bingöl, Ioana Boureanu, Srdjan čapkun, Gerhard Hancke, Süleyman Kardaş, Chong Hee Kim, Cédric Lauradoux, Benjamin Martin, Jorge Munilla, Alberto Peinado, Kasper Bonne Rasmussen, Dave Singelée, Aslan Tchamkerten, Rolando Trujillo-Rasua, and Serge Vaudenay. 2018. Security of Distance-Bounding: A Survey. ACM Comput. Surv. 51, 5, Article 94 (Sept. 2018), 33 pages.
[5]
Task Group az. [n.d.]. IEEE 802.11 ”Next Generation Positioning”. http://www.ieee802.org/11/Reports/tgaz_update.htm. [Online; Accessed 25. March 2021].
[6]
Task Group az. [n.d.]. Versioning for PHY Security. https://mentor.ieee.org/802.11/dcn/20/11-20-1972-01-00az-versioning-of-phy-security.pptx. [Online; Accessed 25. March 2021].
[7]
Daniel S. Berger, Francesco Gringoli, Nicolò Facchi, Ivan Martinovic, and Jens Schmitt. 2014. Gaining Insight on Friendly Jamming in a Real-World IEEE 802.11 Network. In Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless and Mobile Networks(Oxford, United Kingdom) (WiSec ’14). Association for Computing Machinery, New York, NY, USA, 105–116. https://doi.org/10.1145/2627393.2627403
[8]
Stefan Brands and David Chaum. 1993. Distance-bounding protocols. In Workshop on the Theory and Application of of Cryptographic Techniques. Springer, 344–359.
[9]
S. Čapkun, M. Čagalj, R. Rengaswamy, I. Tsigkogiannis, J. Hubaux, and M. Srivastava. 2008. Integrity Codes: Message Integrity Protection and Authentication over Insecure Channels. IEEE Transactions on Dependable and Secure Computing 5, 4 (2008), 208–223. https://doi.org/10.1109/TDSC.2008.11
[10]
Bhaswati Deka, Ryan M. Gerdes, Ming Li, and Kevin Heaslip. 2015. Friendly Jamming for Secure Localization in Vehicular Transportation. In International Conference on Security and Privacy in Communication Networks, Jing Tian, Jiwu Jing, and Mudhakar Srivatsa (Eds.). Springer International Publishing, Cham, 212–221.
[11]
Manuel Flury, Marcin Poturalski, Panos Papadimitratos, Jean-Pierre Hubaux, and Jean-Yves Le Boudec. 2010. Effectiveness of Distance-decreasing Attacks Against Impulse Radio Ranging. In Proceedings of the Third ACM Conference on Wireless Network Security (Hoboken, New Jersey, USA) (WiSec ’10). ACM, New York, NY, USA, 117–128. https://doi.org/10.1145/1741866.1741887
[12]
Stuart A Golden and Steve S Bateman. 2007. Sensor measurements for Wi-Fi location with emphasis on time-of-arrival ranging. IEEE Transactions on Mobile Computing 6, 10 (2007).
[13]
Azadeh Haghparast, Traian Abrudan, and Visa Koivunen. 2009. OFDM ranging in multipath channels using time reversal method. In 2009 IEEE 10th Workshop on Signal Processing Advances in Wireless Communications. 568–572. https://doi.org/10.1109/SPAWC.2009.5161849
[14]
J. Kim and J. P. Choi. 2016. Cancellation-Based Friendly Jamming for Physical Layer Security. In 2016 IEEE Global Communications Conference (GLOBECOM). 1–6. https://doi.org/10.1109/GLOCOM.2016.7841646
[15]
Manikanta Kotaru, Kiran Joshi, Dinesh Bharadia, and Sachin Katti. 2015. Spotfi: Decimeter level localization using wifi. In ACM SIGCOMM Computer Communication Review, Vol. 45. ACM, 269–282.
[16]
Tsit Yuen Lam and Ka Hin Leung. 2000. On vanishing sums of roots of unity. Journal of algebra 224, 1 (2000), 91–109.
[17]
Patrick Leu, Mridula Singh, Marc Roeschlin, Kenneth G. Paterson, and Srdjan Čapkun. 2020. Message Time of Arrival Codes: A Fundamental Primitive for Secure Distance Measurement. In IEEE Symposium on Security and Privacy.
[18]
Reem Melki, Hassan N. Noura, Mohammad M. Mansour, and Ali Chehab. 2019. A survey on OFDM physical layer security. Physical Communication 32 (2019), 1 – 30. https://doi.org/10.1016/j.phycom.2018.10.008
[19]
Andreas F Molisch. 2012. Wireless communications. Vol. 34. John Wiley & Sons.
[20]
M. Poturalski, M. Flury, P. Papadimitratos, J. P. Hubaux, and J. Y. Le Boudec. 2011. Distance Bounding with IEEE 802.15.4a: Attacks and Countermeasures. IEEE Transactions on Wireless Communications 10, 4 (April 2011), 1334–1344. https://doi.org/10.1109/TWC.2011.020111.101219
[21]
Hanif Rahbari and Marwan Krunz. 2014. Friendly CryptoJam: A Mechanism for Securing Physical-Layer Attributes. In Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless and Mobile Networks(Oxford, United Kingdom) (WiSec ’14). Association for Computing Machinery, New York, NY, USA, 129–140. https://doi.org/10.1145/2627393.2627415
[22]
A. Ranganathan and S. Capkun. 2017. Are We Really Close? Verifying Proximity in Wireless Systems. IEEE Security Privacy 15, 3 (2017), 52–58.
[23]
C. Shahriar, M. La Pan, M. Lichtman, T. C. Clancy, R. McGwier, R. Tandon, S. Sodagari, and J. H. Reed. 2015. PHY-Layer Resiliency in OFDM Communications: A Tutorial. IEEE Communications Surveys Tutorials 17, 1 (Firstquarter 2015), 292–314. https://doi.org/10.1109/COMST.2014.2349883
[24]
Mridula Singh, Patrick Leu, and Srdjan Čapkun. 2019. UWB with Pulse Reordering: Securing Ranging against Relay and Physical Layer Attacks. In NDSS.
[25]
Mridula Singh, Marc Röschlin, Aanjhan Ranganathan, and Srdjan Capkun. 2020. V-Range: Enabling Secure Ranging in 5G Wireless Networks. (2020).
[26]
Nils Ole Tippenhauer, Heinrich Luecken, Marc Kuhn, and Srdjan Capkun. 2015. UWB rapid-bit-exchange system for distance bounding. In Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks. ACM, 2.
[27]
N. O. Tippenhauer, L. Malisa, A. Ranganathan, and S. Capkun. 2013. On Limitations of Friendly Jamming for Confidentiality. In 2013 IEEE Symposium on Security and Privacy. 160–173. https://doi.org/10.1109/SP.2013.21
[28]
Deepak Vasisht, Swarun Kumar, and Dina Katabi. 2016. Decimeter-Level Localization with a Single WiFi Access Point. In NSDI, Vol. 16. 165–178.

Cited By

View all
  • (2024)SecBeam: Securing mmWave Beam Alignment Against Beam-Stealing Attacks2024 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS62487.2024.10735492(1-9)Online publication date: 30-Sep-2024
  • (2023)BackProx: Secure Backscatter-Assisted Proximity Detection for Passive Keyless Entry and Start SystemsSensors10.3390/s2304233023:4(2330)Online publication date: 20-Feb-2023
  • (2023)IEEE 802.11az Indoor Positioning with mmWaveIEEE Communications Magazine10.1109/MCOM.001.230045462:10(126-131)Online publication date: 18-Dec-2023

Index Terms

  1. Security of Multicarrier Time-of-Flight Ranging
              Index terms have been assigned to the content through auto-classification.

              Recommendations

              Comments

              Information & Contributors

              Information

              Published In

              cover image ACM Other conferences
              ACSAC '21: Proceedings of the 37th Annual Computer Security Applications Conference
              December 2021
              1077 pages
              ISBN:9781450385794
              DOI:10.1145/3485832
              Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

              Publisher

              Association for Computing Machinery

              New York, NY, United States

              Publication History

              Published: 06 December 2021

              Permissions

              Request permissions for this article.

              Check for updates

              Author Tags

              1. IEEE 802.11az
              2. OFDM
              3. Secure Ranging

              Qualifiers

              • Research-article
              • Research
              • Refereed limited

              Funding Sources

              Conference

              ACSAC '21

              Acceptance Rates

              Overall Acceptance Rate 104 of 497 submissions, 21%

              Contributors

              Other Metrics

              Bibliometrics & Citations

              Bibliometrics

              Article Metrics

              • Downloads (Last 12 months)101
              • Downloads (Last 6 weeks)6
              Reflects downloads up to 17 Feb 2025

              Other Metrics

              Citations

              Cited By

              View all
              • (2024)SecBeam: Securing mmWave Beam Alignment Against Beam-Stealing Attacks2024 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS62487.2024.10735492(1-9)Online publication date: 30-Sep-2024
              • (2023)BackProx: Secure Backscatter-Assisted Proximity Detection for Passive Keyless Entry and Start SystemsSensors10.3390/s2304233023:4(2330)Online publication date: 20-Feb-2023
              • (2023)IEEE 802.11az Indoor Positioning with mmWaveIEEE Communications Magazine10.1109/MCOM.001.230045462:10(126-131)Online publication date: 18-Dec-2023

              View Options

              Login options

              View options

              PDF

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader

              HTML Format

              View this article in HTML Format.

              HTML Format

              Figures

              Tables

              Media

              Share

              Share

              Share this Publication link

              Share on social media