1 / 38

Effectiveness of Distance Decreasing Attacks Against Impulse Radio Ranging

Effectiveness of Distance Decreasing Attacks Against Impulse Radio Ranging . Manuel Flury , Marcin Poturalski , Panos Papadimitratos , Jean-Pierre Hubaux , Jean-Yves Le Boudec Laboratory for Computer Communications and Applications, EPFL, Switzerland

ketan
Download Presentation

Effectiveness of Distance Decreasing Attacks Against Impulse Radio Ranging

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Effectiveness of Distance Decreasing Attacks Against Impulse Radio Ranging Manuel Flury, MarcinPoturalski, PanosPapadimitratos, Jean-Pierre Hubaux, Jean-Yves Le Boudec Laboratory for Computer Communications and Applications, EPFL, Switzerland Third ACM Conference on Wireless Network Security (WiSec `10) March 23, 2010

  2. SecureRanging aka Distance Bounding Verifier V ProverP NV tRTT dVPdVP (P ⊕ NV, NP) • (NV,P,NP,MACPV(NV,P,NP)) dVP= measured distance actual distance c tRTT/2 • Wireless device V(Verifier) measures distance dVP to another device P(Prover) • Based on message time-of-flight • Adversarial setting: • External attacks(mafia fraud) • Malicious prover(distance andterrorist frauds)

  3. Example Application: Tracking store monitoring system JEWLERY STORE secure ranging RFID tag RFID tag

  4. Example Application: Tracking #@%#& !!! If I could only decrease the measured distance… store monitoring system JEWLERY STORE RFID tag RFID tag

  5. Other Application Examples • Tracking: • assets in warehouse • inmates • hospital assets, personnel, patients • animals • military personnel and equipment • … • RFID access control • RFID micropayments • Secure localization • …

  6. Physical Layer Attacks • Decrease the measured distance by exploiting physical layer redundancyJ. Clulow, G. P. Hancke, M. G. Kuhn, and T. Moore.So near and yet so far: Distance-bounding attacks inwireless networks. ESAS2006 • Physical layerand receiver specific • RFID (ISO 14443A) and WSN PHYsG. P. Hancke, M. G. Kuhn. Attacks ontime-of-flightdistance bounding channels. WiSec 2008 • Other physical layers?

  7. Impulse Radio UWB transmitted signal sampled signal (energy detector receiver) received signal • IR-UWB ranging capabilities: • high precision (sub meter) • copes well with multipath propagation • IEEE 802.15.4a standard

  8. Our contribution • Distance-decreasing relay attack against: • IEEE 802.15.4a standard • Energy detector receiver • Distance decrease of up to 140m* • Attack success rate can be made arbitrarily high • Components (early detection and late commit) can be used individually by a malicious prover * IEEE 802.15.4a mandatory modes

  9. ProtocolAssumptions ProverP Verifier V We assume no rapid bit exchange ... c1 c2 cn r1 r2 rn ... ... • Rapid bit exchange: • Transmission of single bits • Instantaneous reply • Challenging to implement • Not compatible with IEEE 802.15.4a

  10. ProtocolAssumptions ProverP Verifier V NV tRTT NP • (NV,P,NP,MACPV(NV,P,NP)) * Kasper Bonne Rasmussen, SrdjanCapkun. Location Privacy of Distance Bounding Protocols. CCS 2008 Several-bit-long ranging messages Sufficient if V and P are honest With full duplex transmission can cope with malicious prover* Compatible with IEEE 802.15.4a

  11. Setup Relay MV ProverP Relay MP Verifier V NV Distance decreasing relay attack NV NP • (NV,P,NP,...) NV NP NP • (NV,P,NP,MACPV(NV,P,NP)) • (NV,P,NP,...) tRTT

  12. Setup Honest Transmitter HTX Adversarial Receiver ARX Adversarial Transmitter ATX Honest Receiver HRX

  13. Overview HTX preamble payload early detection ARX preamble payload late commit ATX payload preamble HRX preamble payload Challenge 1: Transmission time unknown in advance Challenge 2: Payload unknown in advance 450ns ~ 135m

  14. Preamble 4096ns HTX Si preamble symbol ARX ATX HRX

  15. Preamble HTX Si Si Si Si Si Si Si Si Si Si Si Si … ARX ATX HRX

  16. Preamble HTX Si Si Si Si Si Si Si Si Si Si Si Si … acquisition ARX Si Si Si Si Si Si Si Si Si Si Si Si … ATX Si Si Si Si … Si Si 4096ns – 450ns HRX Si Si Si Si Si Si …

  17. Preamble HTX Si Si Si Si Si Si Si Si Si Si Si Si … Si 0 Si 0 -Si Si 0 0 -Si acquisition ARX Si Si Si Si Si Si Si Si Si Si Si Si … Si 0 Si 0 -Si Si 0 0 -Si ATX Si Si Si Si Si Si … Si Si Si Si Si Si Si Si Si 4096ns – 450ns HRX Si Si Si Si Si Si … Si Si Si Si Si Si Si Si Si

  18. Preamble Start Frame Delimiter HTX Si 0 Si 0 -Si Si 0 0 -Si … normal SFD detection early SFD detection ARX Si 0 Si 0 -Si Si 0 0 -Si … ATX Si Si Si Si Si Si Si Si Si … HRX Si Si Si Si Si Si Si Si Si …

  19. Preamble Start Frame Delimiter HTX Si 0 Si 0 -Si Si 0 0 -Si … late SFD commit early SFD detection ARX Si 0 Si 0 -Si Si 0 0 -Si … ATX Si Si Si 0 -Si Si 0 0 -Si … HRX Si Si Si 0 -Si Si 0 0 -Si … time-shift 450ns

  20. Payload Start Frame Delimiter HTX Si 0 Si 0 -Si Si 0 0 -Si … late SFD commit early SFD detection ARX Si 0 Si 0 -Si Si 0 0 -Si … ATX Si Si Si 0 -Si Si 0 0 -Si … HRX Si Si Si 0 -Si Si 0 0 -Si …

  21. Payload 1024ns 8ns Binary Pulse Position Modulation HTX … 0-symbol 1-symbol … ARX ~70ns ATX HRX

  22. Payload 1024ns 8ns Binary Pulse Position Modulation HTX … 0-symbol 1-symbol benign receiver … ARX → 0 → 1 < < > > ATX HRX

  23. Payload 8ns 1024ns Binary Pulse Position Modulation HTX … 0-symbol 1-symbol early detection receiver … ARX → 0 → 1 < < > > late commit transmitter ATX … … HRX → 0 → 1

  24. Payload 8ns 1024ns Binary Pulse Position Modulation HTX … 0-symbol 1-symbol early detection receiver … ARX < < > > late commit transmitter ATX … … HRX relay time-shift 450ns = 512ns – 62ns = halfsymbol duration – early detection time

  25. Attack Performance • Evaluation with physical layer simulations • IEEE 802.15.4a, with: • 128 bit packets • residential NLOS channel model • based on IR channel measurement campaigns • LPRF mode (mandatory parameters)

  26. Preamble:Early detection Synchronization Error Ratio 4dB ARX SNR [dB]

  27. Preamble:Late commit Synchronization Error Ratio 4dB HRX SNR [dB]

  28. Payload: Early detection Packet Error Ratio 1.7dB ARX SNR [dB]

  29. Payload:Late commit Packet Error Ratio 4dB HRX SNR [dB]

  30. Overall attack success • >99% attack success probability with SNR 4dB (ARX) and 6dB (HRX) greater than for benign operation • Easily achievable: • High gain antenna • Increase transmision power • Move adversarial devices closer to victim devices Probability ofattack success Early detection SNR (ARX) Late commit SNR (HRX)

  31. Application example: Tracking ??? jail relay

  32. Countermeasures • Decrease payload symbol length • Our attack gains half of symbol duration • Non-mandatory IEEE 802.15.4a modes with payload symbol length 32ns (11m) • Disadvantages: • Shorter symbols result in worse multi-user interference tolerance • With very short symbols, inter-symbolinterference becomes an issue J. Clulow, G. P. Hancke, M. G. Kuhn, and T. Moore.So near and yet so far: Distance-bounding attacks in wireless networks. ESAS2006

  33. Countermeasures 1.7dB • Perform early detection at HRX: in place of • Prevents our attack • Any attack can decrease the measure distance byat most early detection window duration • Example: 62ns or 18m • Disadvantages: • Performance loss G. P. Hancke, M. G. Kuhn. Attacks ontime-of-flight distancebounding channels. WiSec 2008

  34. Countermeasures • Beyond IEEE 802.15.4a: other modulations • BPSK • OOK • “Security Enhanced Modulation” M. Kuhn, H. Luecken, N. O. Tippenhauer. UWB Impulse Radio Based Distance Bounding. WPNC 2010 • Secret preamble codes • Secret payload time-hopping

  35. Conclusion • IR-UWB standard IEEE 802.15.4a is vulnerable to a distance-decreasing relay attack • 140m distance decrease against energy-detection receivers* • Attack enabled by BPPM (de)modulation • Attack performance • 99% success rate at minor SNR cost (few dB) • Success rate can be made arbitrarily high * IEEE 802.15.4a mandatory modes

  36. Ongoing work • Countermeasures • Attack with a coherent receiver • Exploits the specifics of the convolutional code used in IEEE 802.15.4a • Additional 75m distance-decrease • New physical layer attack against ranging • Malicious interference disrupting ToA estimation • Less effective and precise, but easy to mount M. Poturalski, M. Flury, P. Papadimitratos, J-P. Hubaux, J-Y. Le Boudec. The Cicada Attack: Degradation and Denial of Service in IR Ranging. (under submission)

  37. To learn more… http://lca.epfl.ch/projects/snd marcin.poturalski@epfl.ch

  38. Attack overview 8ns 1024ns Start Frame Delimiter PREAMBLE PAYLOAD early SFD detection late SFD commit acquisition PREAMBLE PAYLOAD PREAMBLE PAYLOAD PREAMBLE PAYLOAD < < *Binary Pulse Position Modulation (BPPM) > > Si 0 Si 0 -Si Si 0 0 -Si Si Si Si Si Si Si Si Si Si Si Si Si Si 0 Si 0 -Si Si 0 0 -Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si 0 -Si Si 0 0 -Si Si Si Si Si Si Si 4096ns – 444ns Si Si Si 0 -Si Si 0 0 -Si Si Si Si Si Si Si match with: preamble is shortened, but still long enough for HRX to acquire 0 Si 0 -Si Si 0 0 -Si close enough for HRX todetect the SFD Honest Transmitter (HTX) Adversarial Receiver (ARX) Adversarial Transmitter (ATX) Honest Receiver (HRX) 0-symbol* 1-symbol* 4096ns → 0 → 1 early detection:on/off-keying demodulation late commit:first half of symbols is identical standard detection:energy comparison → 0 → 1 relay time-shift:444ns = 512ns – 68ns = late commit time – early detection time=halfsymbol duration – channel spread

More Related