Periodic Reporting for period 4 - CSP (Cross-Layer Design of Securing Positioning)
Reporting period: 2021-09-01 to 2022-02-28
With the development of new location-based services and the expected deployment of cyber-physical systems (e.g. autonomous cars and drones) the reliance on location and time information
in security and safety critical applications will only increase. Today’s positioning systems are vulnerable to location spoofing by which devices can cheat on their own positions or can manipulate
the measured positions of other devices. This problem cannot be fixed by a simple upgrade – existing positioning systems rely on legacy distance measurement techniques and protocols that were
designed without security considerations or with security as an after-thought. We therefore need a new approach to the design of positioning systems, the one that takes security requirements
into account from the very start, but also accounts for the way that positioning systems are built and used. This is a cross-layer endeavor. Physical Layer needs to receive special attention.
UWB emerged as the main technology in this space and the project therefore focuses on UWB-based secure distance measurement approaches.
in security and safety critical applications will only increase. Today’s positioning systems are vulnerable to location spoofing by which devices can cheat on their own positions or can manipulate
the measured positions of other devices. This problem cannot be fixed by a simple upgrade – existing positioning systems rely on legacy distance measurement techniques and protocols that were
designed without security considerations or with security as an after-thought. We therefore need a new approach to the design of positioning systems, the one that takes security requirements
into account from the very start, but also accounts for the way that positioning systems are built and used. This is a cross-layer endeavor. Physical Layer needs to receive special attention.
UWB emerged as the main technology in this space and the project therefore focuses on UWB-based secure distance measurement approaches.
Since the beginning of the project we achieved the following results.
1. New UWB-based distance measurement scheme resilient to physical-layer distance shortening attacks.
Physical-layer attacks allow attackers to manipulate (spoof) ranging and positioning. These attacks had realworld impact and allowed car thefts, executions of unauthorized
payments and manipulation of navigation. UWB impulse radio, standardized within 802.15.4a,f has emerged as a prominent technique for precise ranging that allows high operating distances
despite power constraints by transmitting multi-pulse symbols. Security of UWB ranging (in terms of the attacker’s ability to manipulate the measured distance) has been discussed in
the literature and is, since recently also being addressed as a part of the emerging 802.15.4z standard. However, all research so far, as well as security enhancements proposed within this
emerging standard face one main limitation: they achieve security through short symbol lengths and sacrifice performance (i.e. limit the maximum distance of measurement), or use longer symbol
lengths, therefore sacrificing security. We present UWB with pulse reordering (UWB-PR), the first modulation scheme that secures distance measurement between two mutually trusted devices
against all physical-layer distance shortening attacks without sacrificing performance, therefore simultaneously enabling extended range and security. We analyze the security of UWB-PR under
the attacker that fully controls the communication channel and show that UWB-PR resists such strong attackers. We evaluate UWB-PR within a UWB system built on top of the IEEE 802.15.4 device
and show that it achieves distances of up to 93m with 10cm precision (LoS). UWB-PR is, therefore, a good candidate for the extended mode of the new 802.15.4z Low Rate Pulse standard.
Finally, UWB-PR shows that secure distance measurement can be built on top of modulation schemes with longer symbol lengths - so far, this was considered insecure.
2. First UWB-based distance measurement scheme resilient to physical layer distance enlargement attacks.
Mobile autonomous systems, robots, and cyber-physical systems rely on accurate positioning information. To conduct distance-measurement, two devices exchange signals and,
knowing these signals propagate at the speed of light, the time of arrival is used for distance estimations. Existing distance measurement techniques are incapable of protecting against
adversarial distance enlargement—a highly devastating tactic in which the adversary reissues a delayed version of the signals transmitted between devices, after distorting the authentic signal to prevent the receiver from identifying it. The
adversary need not break crypto, nor compromise any upperlayer security protocols for mounting this attack. No known solution currently exists to protect against distance enlargement.
We present Ultra-Wideband Enlargement Detection (UWB-ED), a new modulation technique to detect distance enlargement attacks, and securely verify distances between two mutually trusted devices. We analyze UWB-ED under
an adversary that injects signals to block/modify authentic signals. We show how UWB-ED is a good candidate for 802.15.4z Low Rate Pulse and the 5G standard.
3. Impact on standards:
We initiated a new secure ranging standard 802.15.4z and contributed technical solutions to its development.
It is now becoming a defacto standard for (secure) distance measurement for short range technologies.
http://www.ieee802.org/15/pub/TG4z.html
1. New UWB-based distance measurement scheme resilient to physical-layer distance shortening attacks.
Physical-layer attacks allow attackers to manipulate (spoof) ranging and positioning. These attacks had realworld impact and allowed car thefts, executions of unauthorized
payments and manipulation of navigation. UWB impulse radio, standardized within 802.15.4a,f has emerged as a prominent technique for precise ranging that allows high operating distances
despite power constraints by transmitting multi-pulse symbols. Security of UWB ranging (in terms of the attacker’s ability to manipulate the measured distance) has been discussed in
the literature and is, since recently also being addressed as a part of the emerging 802.15.4z standard. However, all research so far, as well as security enhancements proposed within this
emerging standard face one main limitation: they achieve security through short symbol lengths and sacrifice performance (i.e. limit the maximum distance of measurement), or use longer symbol
lengths, therefore sacrificing security. We present UWB with pulse reordering (UWB-PR), the first modulation scheme that secures distance measurement between two mutually trusted devices
against all physical-layer distance shortening attacks without sacrificing performance, therefore simultaneously enabling extended range and security. We analyze the security of UWB-PR under
the attacker that fully controls the communication channel and show that UWB-PR resists such strong attackers. We evaluate UWB-PR within a UWB system built on top of the IEEE 802.15.4 device
and show that it achieves distances of up to 93m with 10cm precision (LoS). UWB-PR is, therefore, a good candidate for the extended mode of the new 802.15.4z Low Rate Pulse standard.
Finally, UWB-PR shows that secure distance measurement can be built on top of modulation schemes with longer symbol lengths - so far, this was considered insecure.
2. First UWB-based distance measurement scheme resilient to physical layer distance enlargement attacks.
Mobile autonomous systems, robots, and cyber-physical systems rely on accurate positioning information. To conduct distance-measurement, two devices exchange signals and,
knowing these signals propagate at the speed of light, the time of arrival is used for distance estimations. Existing distance measurement techniques are incapable of protecting against
adversarial distance enlargement—a highly devastating tactic in which the adversary reissues a delayed version of the signals transmitted between devices, after distorting the authentic signal to prevent the receiver from identifying it. The
adversary need not break crypto, nor compromise any upperlayer security protocols for mounting this attack. No known solution currently exists to protect against distance enlargement.
We present Ultra-Wideband Enlargement Detection (UWB-ED), a new modulation technique to detect distance enlargement attacks, and securely verify distances between two mutually trusted devices. We analyze UWB-ED under
an adversary that injects signals to block/modify authentic signals. We show how UWB-ED is a good candidate for 802.15.4z Low Rate Pulse and the 5G standard.
3. Impact on standards:
We initiated a new secure ranging standard 802.15.4z and contributed technical solutions to its development.
It is now becoming a defacto standard for (secure) distance measurement for short range technologies.
http://www.ieee802.org/15/pub/TG4z.html
The project proposed first fully viable and implementable secure distance measurement schemes resilient against physical layer attacks.
The expected results until the end of the project include the development of the MAC layer for secure positioning as well as its integration within the
The expected results until the end of the project include the development of the MAC layer for secure positioning as well as its integration within the