Mridula Singh (ETH Zurich, Switzerland), Patrick Leu (ETH Zurich, Switzerland), Srdjan Capkun (ETH Zurich, Switzerland)

Physical-layer attacks allow attackers to manipulate (spoof) ranging and positioning. These attacks had real-world impact and allowed car thefts, executions of unauthorized payments and manipulation of navigation. UWB impulse radio, standardized within 802.15.4a,f, has emerged as a prominent technique for precise ranging that allows high operating distances despite power constraints by transmitting multi-pulse symbols. Security of UWB ranging (in terms of the attacker's ability to manipulate the measured distance) has been discussed in the literature and is, since recently also being addressed as a part of the emerging 802.15.4z standard. However, all research so far, as well as security enhancements proposed within this emerging standard face one main limitation: they achieve security through short symbol lengths and sacrifice performance (i.e., limit the maximum distance of measurement), or use longer symbol lengths, therefore sacrificing security. We present UWB with pulse reordering (UWB-PR), the first modulation scheme that secures distance measurement between two mutually trusted devices against all physical-layer distance shortening attacks without sacrificing performance, therefore simultaneously enabling extended range and security. We analyze the security of UWB-PR under the attacker that fully controls the communication channel and show that UWB-PR resists such strong attackers. We evaluate UWB-PR within a UWB system built on top of the IEEE 802.15.4 device and show that it achieves distances of up to 93m with 10cm precision (LoS). UWB-PR is, therefore, a good candidate for the extended mode of the new 802.15.4z Low Rate Pulse standard. Finally, UWB-PR shows that secure distance measurement can be built on top of modulation schemes with longer symbol lengths - so far, this was considered insecure.

View More Papers

BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals

Fenghao Xu (The Chinese University of Hong Kong), Wenrui Diao (Jinan University), Zhou Li (University of California, Irvine), Jiongyi Chen (The Chinese University of Hong Kong), Kehuan Zhang (The Chinese University of Hong Kong)

Read More

Fine-Grained and Controlled Rewriting in Blockchains: Chameleon-Hashing Gone Attribute-Based

David Derler (DFINITY), Kai Samelin (TÜV Rheinland i-sec GmbH), Daniel Slamanig (AIT Austrian Institute of Technology), Christoph Striecks (AIT Austrian Institute of Technology)

Read More

Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks

Michael Rodler (University of Duisburg-Essen), Wenting Li (NEC Laboratories, Germany), Ghassan O. Karame (NEC Laboratories, Germany), Lucas Davi (University of Duisburg-Essen)

Read More

Countering Malicious Processes with Process-DNS Association

Suphannee Sivakorn (Columbia University), Kangkook Jee (NEC Labs America), Yixin Sun (Princeton University), Lauri Korts-Pärn (Cyber Defense Institute), Zhichun Li (NEC Labs America), Cristian Lumezanu (NEC Labs America), Zhenyu Wu (NEC Labs America), Lu-An Tang (NEC Labs America), Ding Li (NEC Labs America)

Read More