Message Time of Arrival Codes: A Fundamental Primitive for Secure Distance Measurement

Secure distance measurement and therefore secure Time-of-Arrival (ToA) measurement is critical for applications such as contactless payments, passive-keyless entry and start systems, and navigation systems. This paper initiates the study of Message Time of Arrival Codes (MTACs) and their security. MTACs represent a core primitive in the construction of systems for secure ToA measurement. By surfacing MTACs in this way, we are able for the first time to formally define the security requirements of physical-layer measures that protect ToA measurement systems against attacks. Our viewpoint also enables us to provide a unified presentation of existing MTACs (such as those proposed in distance-bounding protocols and in a secure distance measurement standard) and to propose basic principles for protecting ToA measurement systems against attacks that remain unaddressed by existing mechanisms. We also use our perspective to systematically explore the tradeoffs between security and performance that apply to all signal modulation techniques enabling ToA measurements.

[1]  Srdjan Capkun,et al.  Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars , 2010, NDSS.

[2]  Srdjan Capkun,et al.  Secure positioning of wireless devices with application to sensor networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[3]  Xiang Gao,et al.  Comparing and fusing different sensor modalities for relay attack resistance in Zero-Interaction Authentication , 2014, 2014 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[4]  Gildas Avoine,et al.  The Swiss-Knife RFID Distance Bounding Protocol , 2008, ICISC.

[5]  Pascal Lafourcade,et al.  Survey of Distance Bounding Protocols and Threats , 2015, FPS.

[6]  T. Humphreys,et al.  Assessing the Spoofing Threat: Development of a Portable GPS Civilian Spoofer , 2008 .

[7]  Amos Lapidoth,et al.  A Foundation In Digital Communication: Index , 2009 .

[8]  Swarun Kumar,et al.  Decimeter-Level Localization with a Single WiFi Access Point , 2016, NSDI.

[9]  Marcin Poturalski,et al.  The cicada attack: Degradation and denial of service in IR ranging , 2010, 2010 IEEE International Conference on Ultra-Wideband.

[10]  Srdjan Capkun,et al.  SecNav: secure broadcast localization and time synchronization in wireless networks , 2007, MobiCom '07.

[11]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[12]  Srdjan Capkun,et al.  Secure Time Synchronization in Sensor Networks , 2008, TSEC.

[13]  Markus G. Kuhn,et al.  So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks , 2006, ESAS.

[14]  Panagiotis Papadimitratos,et al.  Effectiveness of distance-decreasing attacks against impulse radio ranging , 2010, WiSec '10.

[15]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[16]  Panagiotis Papadimitratos,et al.  GNSS-based Positioning: Attacks and countermeasures , 2008, MILCOM 2008 - 2008 IEEE Military Communications Conference.

[17]  Panagiotis Papadimitratos,et al.  Distance Bounding with IEEE 802.15.4a: Attacks and Countermeasures , 2011, IEEE Transactions on Wireless Communications.

[18]  Ghassan O. Karame,et al.  Integrity Regions: Authentication through Presence in Wireless Networks , 2006, IEEE Transactions on Mobile Computing.

[19]  Gerhard P. Hancke,et al.  Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones , 2011, IACR Cryptol. ePrint Arch..

[20]  Srdjan Capkun,et al.  On the Security of Carrier Phase-Based Ranging , 2016, CHES.

[21]  Srdjan Capkun,et al.  On the requirements for successful GPS spoofing attacks , 2011, CCS '11.

[22]  Bart Preneel,et al.  Location verification using secure distance bounding protocols , 2005, IEEE International Conference on Mobile Adhoc and Sensor Systems Conference, 2005..

[23]  Srdjan Capkun,et al.  UWB-ED: Distance Enlargement Attack Detection in Ultra-Wideband , 2019, USENIX Security Symposium.

[24]  Srdjan Capkun,et al.  UWB with Pulse Reordering: Securing Ranging against Relay and Physical Layer Attacks , 2018, IACR Cryptol. ePrint Arch..

[25]  Srdjan Capkun,et al.  Secure positioning in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[26]  David A. Wagner,et al.  Secure verification of location claims , 2003, WiSe '03.

[27]  Srdjan Capkun,et al.  UWB rapid-bit-exchange system for distance bounding , 2015, WISEC.

[28]  Paramvir Bahl,et al.  RADAR: an in-building RF-based user location and tracking system , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[29]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[30]  Srdjan Capkun,et al.  Physical-layer attacks on chirp-based ranging systems , 2012, WISEC '12.

[31]  Srdjan Capkun,et al.  Realization of RF Distance Bounding , 2010, USENIX Security Symposium.

[32]  Srdjan Capkun,et al.  Proximity Verification for Contactless Access Control and Authentication Systems , 2015, ACSAC 2015.