skip to main content
research-article

Security Assessment of Phase-Based Ranging Systems in a Multipath Environment

Published: 13 October 2022 Publication History

Abstract

Phase-based ranging has been widely deployed in proximity detection scenarios including security-critical applications due to their low implementation complexity on existing transceivers. In this work, the security of multi-carrier phase-based ranging systems in a multipath propagation environment is investigated. We present a threat model that can successfully target any decreasing distance in different multipath environmental conditions rendering the phase-based ranging method insecure. We assess the feasibility of attacks in various attack scenarios through simulations using a multipath channel and demonstrate a simplified version of the attacker model implemented in hardware. We show that the attacker can spoof the measured distance to less than one meter when the devices are separated by 30 meters. The evaluation of possible countermeasures and their limitations for different threat models is performed.

References

[1]
Traian E. Abrudan, Azadeh Haghparast, and Visa Koivunen. 2013. Time synchronization and ranging in OFDM systems using time-reversal. IEEE Transactions on Instrumentation and Measurement 62, 12 (2013), 3276–3290.
[2]
Alan Bensky. 2016. Wireless Positioning Technologies and Applications. Artech House.
[3]
Oded Bialer, Dan Raphaeli, and Anthony J. Weiss. 2017. Robust time-of-arrival estimation in multipath channels with OFDM signals. In 2017 25th European Signal Processing Conference (EUSIPCO’17). 2724–2728.
[4]
Cas Cremers, Kasper B. Rasmussen, Benedikt Schmidt, and Srdjan Capkun. 2012. Distance hijacking attacks on distance bounding protocols. In 2012 IEEE Symposium on Security and Privacy. 113–127.
[5]
Reinhard Exel. 2013. Carrier-based ranging in IEEE 802.11 wireless local area networks. In 2013 IEEE Wireless Communications and Networking Conference (WCNC’13). 1073–1078.
[6]
Aurélien Francillon, Boris Danev, and Srdjan Capkun. 2011. Relay attacks on passive keyless entry and start systems in modern cars. In Proceedings of the Network and Distributed System Security Symposium (NDSS’11). Eidgenössische Technische Hochschule Zürich, Department of Computer Science.
[7]
Mike Hazas, James Scott, and John Krumm. 2004. Location-aware computing comes of age. Computer 37, 2 (2004), 95–97.
[8]
Handan Kılınç and Serge Vaudenay. 2018. Formal analysis of distance bounding with secure hardware. In International Conference on Applied Cryptography and Network Security. Springer, 579–597.
[9]
Wolfram Kluge and Eric Sachse. 2014. System, Method, and Circuit for Distance Measurement between Two Nodes of a Radio Network. US Patent 8,644,768.
[10]
Hui Liu, Houshang Darabi, Pat Banerjee, and Jing Liu. 2007. Survey of wireless indoor positioning techniques and systems. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews) 37, 6 (2007), 1067–1080.
[11]
Andreas F. Molisch, Kannan Balakrishnan, Chia-Chin Chong, Shahriar Emami, Andrew Fort, Johan Karedal, Juergen Kunisch, Hans Schantz, Ulrich Schuster, and Kai Siwiak. 2004. IEEE 802.15. 4a channel model-final report. IEEE P802 15, 4 (2004), 0662.
[12]
Thorsten Nowak, Martin Hierold, Alexander Koelpin, Markus Hartmann, Hans-Martin Tröger, and Jörn Thielecke. 2014. System and signal design for an energy-efficient multi-frequency localization system. In 2014 IEEE Topical Conference on Wireless Sensors and Sensor Networks (WiSNet’14). 55–57.
[13]
Hildur Ólafsdóttir, Aanjhan Ranganathan, and Srdjan Capkun. 2017. On the security of carrier phase-based ranging. In International Conference on Cryptographic Hardware and Embedded Systems. Springer, 490–509.
[14]
Mathias Pelka, Christian Bollmeyer, and Horst Hellbrück. 2014. Accurate radio distance estimation by phase measurements with multiple frequencies. In 2014 International Conference on Indoor Positioning and Indoor Navigation (IPIN’14). 142–151.
[15]
Jochen Schiller and Agnès Voisard. 2004. Location-based Services. Elsevier.
[16]
Yannic Schröder and Lars C. Wolf. 2016. InPhase: Localization based on distance estimation via phase measurements. 2nd GI Expert Talk on Localization (2016), 7.
[17]
Yannic Schröder, Dennis Reimers, and Lars Wolf. 2018. Accurate and precise distance estimation from phase-based ranging data. In 2018 International Conference on Indoor Positioning and Indoor Navigation (IPIN’18). 1–8.
[18]
Nils Ole Tippenhauer, Kasper Bonne Rasmussen, and Srdjan Capkun. 2009. Secure ranging with message temporal integrity. IACR Cryptol. ePrint Arch. 2009 (2009), 602.
[19]
Nils Ole Tippenhauer, Kasper Bonne Rasmussen, Christina Pöpper, and Srdjan Čapkun. 2009. Attacks on public WLAN-based positioning systems. In Proceedings of the 7th International Conference on Mobile Systems, Applications, and Services (Poland) (MobiSys’09). ACM, 29–40.
[20]
Deepak Vasisht, Swarun Kumar, and Dina Katabi. 2016. Decimeter-level localization with a single WiFi access point. In 13th \(\lbrace\)USENIX\(\rbrace\) Symposium on Networked Systems Design and Implementation (NSDI’16). 165–178.
[21]
Georg von Zengen, Yannic Schröder, Stephan Rottmann, Felix Büsching, and Lars C. Wolf. 2016. No-cost distance estimation using standard WSN radios. In IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications. 1–9.
[22]
Moe Z. Win and Robert A. Scholtz. 2002. Characterization of ultra-wide bandwidth wireless indoor channels: A communication-theoretic view. IEEE Journal on Selected Areas in Communications 20, 9 (2002), 1613–1627.
[23]
Jie Xiong, Karthikeyan Sundaresan, and Kyle Jamieson. 2015. ToneT.rack: Leveraging frequency-agile radios for time-based indoor wireless localization. In Proceedings of the 21st Annual International Conference on Mobile Computing and Networking. 537–549.
[24]
Rabia Tugce Yazicigil, Phillip M. Nadeau, Daniel D. Richman, Chiraag Juvekar, Saurav Maji, Utsav Banerjee, Samuel H. Fuller, Mohamed R. Abdelhamid, Nachiket Desai, Mohamed I. Ibrahim, Muhammad Ibrahim Wasiq Khan, Wanyeong Jung, Ruonan Han, and Anantha P. Chandrakasan. 2020. Beyond crypto: Physical-layer security for Internet of Things devices. IEEE Solid-State Circuits Magazine 12, 4 (2020), 66–78.
[25]
Tao Yu. 2019. Radio Frequency Ranging Using Phase Difference. US Patent 10,469,184.
[26]
Faheem Zafari, Athanasios Gkelias, and Kin K. Leung. 2019. A survey of indoor localization systems and technologies. IEEE Communications Surveys Tutorials 21, 3 (2019), 2568–2599.
[27]
Pouria Zand, Jac Romme, Jochem Govers, Frank Pasveer, and Guido Dolmans. 2019. A high-accuracy phase-based ranging solution with Bluetooth Low Energy (BLE). In 2019 IEEE Wireless Communications and Networking Conference (WCNC’19). 1–8.

Cited By

View all
  • (2023)Photovoltaic inverter anomaly detection method based on LSTM serial depth autoencoderJournal of Physics: Conference Series10.1088/1742-6596/2474/1/0120262474:1(012026)Online publication date: 1-Apr-2023

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Journal on Emerging Technologies in Computing Systems
ACM Journal on Emerging Technologies in Computing Systems  Volume 18, Issue 4
October 2022
429 pages
ISSN:1550-4832
EISSN:1550-4840
DOI:10.1145/3563906
  • Editor:
  • Ramesh Karri
Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

Publication History

Published: 13 October 2022
Online AM: 23 March 2022
Accepted: 11 February 2022
Revised: 14 December 2021
Received: 05 May 2021
Published in JETC Volume 18, Issue 4

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Ranging
  2. phase-based ranging
  3. multi-path channel

Qualifiers

  • Research-article
  • Refereed

Funding Sources

  • Analog Devices

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)89
  • Downloads (Last 6 weeks)10
Reflects downloads up to 20 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Photovoltaic inverter anomaly detection method based on LSTM serial depth autoencoderJournal of Physics: Conference Series10.1088/1742-6596/2474/1/0120262474:1(012026)Online publication date: 1-Apr-2023

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Full Text

View this article in Full Text.

Full Text

HTML Format

View this article in HTML Format.

HTML Format

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media