Security of Multicarrier Time-of-Flight Ranging

Annual Computer Security Applications Conference (ACSAC ’21)

Abstract

OFDM is a widely used modulation scheme. It transmits data over multiple subcarriers in parallel, which provides high resilience against frequency-dependent channel drops (fading) and achieves high throughput. Due to the proliferation of OFDM-enabled devices and the increasing need for location information, the research community has suggested using OFDM symbols for secure (time-of flight) distance measurements. However, a consequence of relying on multiple subcarriers is long symbols (time-wise). This makes OFDM systems not a natural fit for secure ranging, as long symbols allow an attacker longer observation and reaction times to mount a so-called early-detect/late-commit attack. Despite these concerns, a recent standardization effort (IEEE 802.11az) envisions the use of OFDM-based signals for secure ranging. This paper lays the groundwork for analyzing OFDM time-of-flight measurements and studies the security guarantees of OFDM-based ranging against a physical-layer attacker. We use BPSK and 4-QAM, the most robust configurations, as examples to present a strategy that increases the chances for early-detecting the transmitted symbols. Our theoretical analysis and simulations show that such OFDM systems are vulnerable to early-detection/late-commit attacks, irrespective of frame length and number of subcarriers. We identify the underlying causes and explore a possible countermeasure, consisting of orthogonal noise and randomized phase.

People

Dr. Patrick Leu
Doctoral Student (2017 – 2022)
DIRAC AG
Martin Kotuliak
Doctoral Student
Dr. Marc Röschlin
Post-doc (2019 – 2022)
DIRAC AG

BibTex

@INPROCEEDINGS{leu2021security,
	isbn = {978-1-4503-8579-4},
	doi = {10.1145/3485832.3485898},
	year = {2021-12},
	booktitle = {Annual Computer Security Applications Conference (ACSAC ’21)},
	type = {Conference Paper},
	institution = {EC},
	author = {Leu, Patrick and Kotuliak, Martin and Roeschlin, Marc and Capkun, Srdjan},
	abstract = {OFDM is a widely used modulation scheme. It transmits data over multiple subcarriers in parallel, which provides high resilience against frequency-dependent channel drops (fading) and achieves high throughput. Due to the proliferation of OFDM-enabled devices and the increasing need for location information, the research community has suggested using OFDM symbols for secure (time-of flight) distance measurements. However, a consequence of relying on multiple subcarriers is long symbols (time-wise). This makes OFDM systems not a natural fit for secure ranging, as long symbols allow an attacker longer observation and reaction times to mount a so-called early-detect/late-commit attack. Despite these concerns, a recent standardization effort (IEEE 802.11az) envisions the use of OFDM-based signals for secure ranging. This paper lays the groundwork for analyzing OFDM time-of-flight measurements and studies the security guarantees of OFDM-based ranging against a physical-layer attacker. We use BPSK and 4-QAM, the most robust configurations, as examples to present a strategy that increases the chances for early-detecting the transmitted symbols. Our theoretical analysis and simulations show that such OFDM systems are vulnerable to early-detection/late-commit attacks, irrespective of frame length and number of subcarriers. We identify the underlying causes and explore a possible countermeasure, consisting of orthogonal noise and randomized phase.},
	keywords = {IEEE 802.11az; Secure ranging; OFDM},
	language = {en},
	address = {New York, NY},
	publisher = {Association for Computing Machinery},
	title = {Security of Multicarrier Time-of-Flight Ranging},
	PAGES = {887 - 899},
	Note = {37th Annual Computer Security Applications Conference (ACSAC 2021); Conference Location: Online; Conference Date: December 6-10, 2021; Conference lecture on December 10, 2021.}
}

Research Collection: 20.500.11850/517818