On On Secure Pos osition oning (P (Proj oject CSP: SP: Cros - PowerPoint PPT Presentation

On On Secure Pos osition oning (P (Proj oject CSP: SP: Cros oss-La Layer D Desig ign o of Se f Secure Po Positioning) Sr Srdjan Ča Čapkun

Relay attack only takes a couple of seconds si signal stre rength

d we need se secure distance me measu sureme ment

ne need d to kno know whe here ot other er ob objec ects/p s/peop eople ar are ne need d to kno know whe here we we ar are

ne need d to kno know whe here ot other er ob objec ects/p s/peop eople ar are ne need d to kno know whe here we we ar are sec securel rely

Zü Züri rich

un until til no now no no fully fully sec secure d re distance e mea measuremen ement or positioning systems ems

un until til no now no no fully fully sec secure d re distance e mea measuremen ement or positioning system em [s [so we de decide ided d to build build one ne at at ETH] H]

new radio IC low power provably secure precise fast

1-2ns

Se Secu curing distance measurement: Mea Measure e th the e distance e betw tween een V and P P + Auth then enti ticate e Mes Messages es? In Insecu cure sch chemes: NO NON-Ti Time-of of-Flig Flight NFC / RFID (e.g., ISO ) RSSI measurement (e.g., WiFi, Bluetooth, 802.15.4) Phase (multi-carrier) measurement (e.g., Atmel AT86RF233) FMCW (Frequency-Modulated Continuous-Wave) AoA (Angle of Arrival) measurement (e.g., Bluetooth 5.0) Ti Time-of of-Flig Flight Chirp Spread Spectrum (802.15.4a, ISO/IEC 24730-5, NanoLOC) Ultra Wide Band (UWB) 802.15.4 UWB On Only y provably y secure: 802.15. 802. 15.4z 4z LPR singl ngle pul pulse pe per bi bit UW UWB-PR PR multi ti-pul pulse pe per bi bit [Singh17] ngh17]

co common assumpt ption in distance bo bounding unding resear arch: h: on only sh shor ort ( (UWB WB) p pulses a ses and r rapid bit bit exchange hange ar are secur ure

we we sho showed wed [2017] 2017] that that thi this s is s wro wrong ng di distanc ance e bo boundi unding ng can an be be do done ne usi using ng longer nger sym ymbo bols s (we (we ful fully y impl plem emen ented ed it) t)

special secure some clever cryptographic modulation long range algorithms here UWB with pulse reordering (UWB-PR)

special secure modulation long range UWB with pulse reordering (UWB-PR)

Most secure distance measurement schemes => distance cannot be shortened by the attacker This is sufficient to build SECURE POSITIONING

[challenge similar to building a new cellular network]

Lon Long T Ter erm Goa Goal: wi widel ely d dep eployed ed sec secure p e posi osition oning infr infras astr truc uctur ture

St Standardization: : 802. 802.15. 15.4z 4z (UW (UWB) ) - In Interac act t with ith rele levan vant t par partne tners - Inc Increas ase ado adoptio tion n

But RF RF is not ot the e on only sen ensing mod modality

Sou oundProof roof: No Non-In Intera ractiv tive On Onlin line Auth thentic ticatio tion

SoundProof: Non-Interactive Online Authentication IoT: tablets, smart watches or conversational interfaces like Alexa

it it is is tim time to “de de-vir virtualiz tualize” we need we n eed t to “ o “get p physi sical” a ” again t to … o …

it it is is tim time to “de de-vir virtualiz tualize” we n we need eed t to “ o “get p physi sical” a ” again t to … o … … se … secu cure re e exi xisting s systems … e … enable d deployment o of n new s systems

www.securepositioning.com capkuns@inf.ethz.ch

Acknowledgements (in random order): • Mridula Singh (ETH Zurich) • Patrick Leu (ETH Zurich) • Aanjhan Ranganathan (NorthEastern) • Boris Danev (3DB) • David Barras (3DB) • Nils Tippenhauer (CISPA/Helmholtz) • Kasper Rasmussen (Oxford) • Christina Popper (NYU AD) • Nikos Karapanos (Futurae) • Claudio Soriente (NEC) • Claudio Marforio (Futurae) • Hildur Olafsdottir