/
Effectiveness of Distance Decreasing Attacks Against Impuls Effectiveness of Distance Decreasing Attacks Against Impuls

Effectiveness of Distance Decreasing Attacks Against Impuls - PowerPoint Presentation

tatyana-admore
tatyana-admore . @tatyana-admore
Follow
401 views
Uploaded On 2016-06-27

Effectiveness of Distance Decreasing Attacks Against Impuls - PPT Presentation

Manuel Flury Marcin Poturalski Panos Papadimitratos JeanPierre Hubaux JeanYves Le Boudec Laboratory for Computer Communications and Applications EPFL Switzerland Third ACM Conference on Wireless Network Security WiSec 10 ID: 379638

detection hrx preamble distance hrx detection distance preamble arx payload symbol early htx atx attack late commit 802 time

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Effectiveness of Distance Decreasing Att..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

Effectiveness of Distance Decreasing Attacks Against Impulse Radio Ranging

Manuel Flury, Marcin Poturalski,Panos Papadimitratos, Jean-Pierre Hubaux, Jean-Yves Le BoudecLaboratory for Computer Communications and Applications, EPFL, SwitzerlandThird ACM Conference on Wireless Network Security (WiSec `10) March 23, 2010Slide2

Wireless device V

(Verifier) measures distance dVP to another device P (Prover)Based on message time-of-flightAdversarial setting:External attacks(mafia fraud)Malicious prover(distance andterrorist frauds)Secure Ranging

aka

Distance Bounding

2

t

RTT

/2

d

VP =

c

N

V

t

RTT

(

P

N

V

,

N

P

)

Prover

P

Verifier

V

(

N

V

,

P,NP,MACPV(NV,P,NP))

d

VP

 dVP

measured

distance

actual

distanceSlide3

J

EWLERY

S

TORE

Example Application: Tracking

3

store monitoring system

RFID tag

RFID tag

secure rangingSlide4

J

EWLERY

S

TORE

Example Application: Tracking

4

store monitoring system

RFID tag

RFID tag

#@%#& !!!

If I could only decrease the measured distance…Slide5

Other Application Examples

Tracking:assets in warehouseinmateshospital assets, personnel, patientsanimalsmilitary personnel and equipment…RFID access controlRFID micropaymentsSecure localization…5Slide6

Physical Layer Attacks

Decrease the measured distance by exploiting physical layer redundancy J. Clulow, G. P. Hancke, M. G. Kuhn, and T. Moore. So near and yet so far: Distance-bounding attacks in wireless networks. ESAS 2006Physical layer and receiver specificRFID (ISO 14443A) and WSN PHYs

G

. P.

Hancke

, M. G. Kuhn. Attacks on

time-of-flight

distance bounding channels. WiSec 2008Other physical layers? 6Slide7

Impulse Radio UWB

IR-UWB ranging capabilities:high precision (sub meter)copes well with multipath propagationIEEE 802.15.4a standard7

transmitted signal

received signal

sampled signal

(energy detector receiver)Slide8

Our contribution

Distance-decreasing relay attack against:IEEE 802.15.4a standardEnergy detector receiverDistance decrease of up to 140m*Attack success rate can be made arbitrarily highComponents (early detection and late commit) can be used individually by a malicious prover8* IEEE 802.15.4a mandatory modesSlide9

Protocol Assumptions

Rapid bit exchange:Transmission of single bitsInstantaneous replyChallenging to implementNot compatible with IEEE 802.15.4a9

c

1

r

1

Prover

P

Verifier

V

c

2

r

2

c

n

r

n

...

...

...

We assume

n

o rapid bit exchangeSlide10

Protocol Assumptions

Several-bit-long ranging messagesSufficient if V and P are honestWith full duplex transmission can cope with malicious prover*Compatible with IEEE 802.15.4a10

N

V

t

RTT

N

P

Prover

P

Verifier

V

(

N

V

,

P,N

P

,

MAC

PV

(

N

V,

P,N

P))

* Kasper Bonne Rasmussen,

Srdjan Capkun. Location Privacy of Distance Bounding Protocols.

CCS 2008Slide11

Setup

11NP

t

RTT

N

V

N

V

N

V

Verifier

V

Prover

P

Relay

M

V

Relay

M

P

N

P

N

P

(

N

V

,

P,N

P

,

MACPV(

NV

,

P,NP))

(

N

V

,P,N

P

,

...)

(

N

V

,

P,N

P

,

...)

Distance decreasing relay attackSlide12

Setup

HTX

HRX

ATX

ARX

Honest Transmitter

Honest Receiver

Adversarial Receiver

Adversarial Transmitter

12Slide13

Challenge 2:

Payload unknown in advanceOverview

HTX

HRX

ATX

ARX

13

preamble

payload

preamble

payload

payload

payload

450ns ~ 135m

preamble

preamble

Challenge 1:

Transmission time

unknown in advance

early detection

late commitSlide14

Preamble

HTX

HRX

ATX

ARX

S

i

4096ns

preamble symbol

14Slide15

Preamble

HTX

HRX

ATX

ARX

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

Si

S

i

15Slide16

Preamble

HTX

HRX

ATX

ARX

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

Si

S

i

S

i

S

iSiSiS

i

S

iSi

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

4096ns – 450ns

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

acquisition

16Slide17

Preamble

HTX

HRX

ATX

ARX

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

4096ns – 450ns

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

acquisition

S

i

S

i

S

i

S

i

0

0

S

i

S

i

S

i

S

i

S

i

S

i

0

0

S

i

S

i

-S

i

-S

i

S

i

S

i

S

i

S

i

S

i

S

i

0

0

S

i

S

i

0

0

S

i

S

i

-S

i

-

S

i

S

i

S

i

17Slide18

Preamble

HTX

HRX

ATX

ARX

S

i

S

i

S

i

S

i

0

0

S

i

S

i

S

i

S

i

S

i

S

i

0

0

S

i

S

i

-S

i

-S

i

S

i

S

i

S

i

S

i

S

i

S

i

0

0

S

i

S

i

0

0

S

i

S

i

-S

i

-

S

i

S

i

S

i

Start Frame Delimiter

early SFD detection

normal SFD detection

18Slide19

Preamble

HTX

HRX

ATX

ARX

S

i

S

i

S

i

S

i

0

0

S

i

S

i

S

i

S

i

0

0

0

0

-S

i

-S

i

-S

i

-S

i

S

i

S

i

S

i

S

i

0

0

0

0

0

0

0

0

-S

i

-

S

i

-S

i

-S

i

Start Frame Delimiter

early SFD detection

late SFD commit

S

i

S

i

time-shift

450ns

19Slide20

Payload

HTX

HRX

ATX

ARX

S

i

S

i

S

i

S

i

0

0

S

i

S

i

S

i

S

i

0

0

0

0

-S

i

-S

i

-S

i

-S

i

S

i

S

i

S

i

S

i

0

0

0

0

0

0

0

0

-S

i

-

S

i

-S

i

-S

i

Start Frame Delimiter

early SFD detection

late SFD commit

S

i

S

i

20Slide21

Payload

HTX

HRX

ATX

ARX

0-symbol

1024ns

1

-symbol

8ns

Binary Pulse Position Modulation

21

~70nsSlide22

Payload

HTX

HRX

ATX

ARX

1024ns

8ns

Binary Pulse Position Modulation

<

>

<

>

benign receiver

0-symbol

1

-symbol

22

→ 0

→ 1Slide23

Payload

HTX

HRX

ATX

ARX

1024ns

8ns

Binary Pulse Position Modulation

early detection receiver

0-symbol

1

-symbol

late commit transmitter

<

>

<

>

23

→ 0

→ 1

→ 0

→ 1Slide24

Payload

HTX

HRX

ATX

ARX

1024ns

8ns

Binary Pulse Position Modulation

0-symbol

1

-symbol

late commit transmitter

<

>

<

>

relay time-shift

450ns

=

512ns

62ns

= half

symbol duration – early detection time

early detection receiver

24Slide25

Attack Performance

Evaluation with physical layer simulationsIEEE 802.15.4a, with:128 bit packetsresidential NLOS channel modelbased on IR channel measurement campaignsLPRF mode (mandatory parameters)25Slide26

Preamble:

Early detection26

4d

B

Synchronization Error Ratio

ARX

SNR

[dB]Slide27

Preamble

: Late commit27

4

dB

Synchronization Error Ratio

HRX

SNR

[dB]Slide28

P

ayload: Early detection

1.7dB

28

Packet Error Ratio

ARX

SNR

[dB]Slide29

Payload

: Late commit

4

dB

29

Packet Error Ratio

H

RX

SNR

[dB]Slide30

Overall attack success

Early detection SNR(ARX)

Late commit

SNR

(HRX)

30

Probability of

attack success

>99% attack success probability with SNR

4dB (ARX) and 6dB (HRX) greater than for benign operationEasily achievable:

High gain antenna

Increase transmision powerMove adversarial devices

closer to victim devicesSlide31

Application example: Tracking

31

jail

relay

???Slide32

Countermeasures

Decrease payload symbol lengthOur attack gains half of symbol durationNon-mandatory IEEE 802.15.4a modes with payload symbol length 32ns (11m)Disadvantages:Shorter symbols result in worse multi-user interference toleranceWith very short symbols, inter-symbol interference becomes an issue32

J.

Clulow

, G. P.

Hancke, M. G. Kuhn, and T. Moore.

So near and yet so far: Distance-bounding attacks in

wireless networks. ESAS 2006Slide33

Countermeasures

Perform early detection at HRX: in place ofPrevents our attackAny attack can decrease the measure distance by at most early detection window durationExample: 62ns or 18mDisadvantages:Performance loss33

G. P.

Hancke

, M. G. Kuhn

. Attacks on time-of-flight

distance

bounding channels. WiSec 2008

1.7dBSlide34

Countermeasures

Beyond IEEE 802.15.4a: other modulationsBPSKOOK“Security Enhanced Modulation” M. Kuhn, H. Luecken, N. O. Tippenhauer. UWB Impulse Radio Based Distance Bounding. WPNC 2010 Secret preamble codesSecret payload time-hopping34Slide35

Conclusion

IR-UWB standard IEEE 802.15.4a is vulnerable to a distance-decreasing relay attack140m distance decrease against energy-detection receivers*Attack enabled by BPPM (de)modulationAttack performance99% success rate at minor SNR cost (few dB)Success rate can be made arbitrarily high35

* IEEE 802.15.4a mandatory modesSlide36

Ongoing work

CountermeasuresAttack with a coherent receiverExploits the specifics of the convolutional code used in IEEE 802.15.4aAdditional 75m distance-decreaseNew physical layer attack against rangingMalicious interference disrupting ToA estimationLess effective and precise, but easy to mount36M. Poturalski, M. Flury, P.

Papadimitratos

, J-P.

Hubaux

, J-Y. Le Boudec.

The Cicada Attack: Degradation and Denial of Service in IR Ranging. (under submission)Slide37

To learn more…

http://lca.epfl.ch/projects/sndmarcin.poturalski@epfl.ch37Slide38

Honest Transmitter (HTX)

Honest Receiver (HRX)

Adversarial Transmitter (ATX)

Adversarial Receiver (ARX)

PREAMBLE

PAYLOAD

PREAMBLE

PAYLOAD

PREAMBLE

PAYLOAD

PREAMBLE

PAYLOAD

S

i

S

i

S

i

S

i

0

0

S

i

S

i

S

i

S

i

0

0

0

0

-S

i

-S

i

-S

i

-S

i

S

i

S

i

S

i

S

i

0

0

0

0

0

0

0

0

-S

i

-

S

i

-S

i

-S

i

Start Frame Delimiter

early SFD detection

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

4096ns – 444ns

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

S

i

acquisition

4096ns

1024ns

8ns

early detection:

on/off-keying demodulation

0-symbol*

1-symbol*

late commit:

first half of symbols is identical

<

>

<

>

→ 0

→ 1

→ 0

→ 1

standard detection:

energy comparison

relay time-shift:

444ns = 512ns – 68ns

=

late commit time

– early detection time

=

half

symbol duration – channel spread

*Binary Pulse Position Modulation (BPPM)

0

S

i

0

-S

i

S

i

0

0

-S

i

match with:

late SFD commit

close enough for HRX to

detect the SFD

preamble is shortened, but still long enough for HRX to acquire

Attack overview

38