Secure Ranging Measurement

Slides:



Advertisements
Similar presentations
Beamformed HE PPDU Date: Authors: May 2015 Month Year
Advertisements

Submission doc.: IEEE /1349r0 November 2015 Sungho Moon, NewracomSlide 1 Sounding for Uplink Transmission Date: Authors:
Doc.: IEEE /0066r0 Submission January 2015 Yongho Seok, NEWRACOM Downlink OFDMA Protocol Design Date: Authors: Slide 1.
Submission doc.: IEEE /1340r0 November 2015 Narendar Madhavan, ToshibaSlide 1 NDP Announcement for HE Sequence Date: Authors:
PHY Security FRD and SRD Text
Uplink ACK and BA Multiplexing
Security Enhancement to FTM
Location Measurement Protocol for Unassociated STAs
MU BAR Frame Format Date: Authors: November 2015 Month Year
Resource Negotiation for Unassociated STAs in MU Operation
PHY Security FRD and SRD Text
Passive Location Date: Authors: March 2017
Relay Threat Model for TGaz
Relay Threat Model for TGaz
Locationing Protocol for 11az
WUR Synchronization Date: Authors: September 2017
PHY-Level Security Protection
SU Sounding Measurement Exchange and Feedback
Protected LTF Using PMF in SU and MU Modes
Month Year doc.: IEEE yy/xxxxr0 July 2017
Relay Threat Model for TGaz
Relay Threat Model for TGaz
Feedback Element Compression for ax
Functional Requirement for Secure Ranging
TGn Sync Calibration for Beamforming
Link Metric for High Throughput Mesh
Uplink ACK and BA Multiplexing
NDP Ranging Error Recovery
Link Metric for High Throughput Mesh
Feedback Element Compression for ax
11az NDP Announcement Date: July 2008
Pre-Association Security Negotiation (PASN) for 11az
OCT based 6 GHz AP Operation Discussion
Resource Negotiation for Unassociated STAs in MU Operation
MU Ranging Sequence Date: Authors: Nov 2017 Month Year
HEz RTT Location Using Anchor Stations and Client Cooperation
HEz RTT Location Using Anchor Stations and Client Cooperation
Uplink ACK and BA Multiplexing
Existence Indication of Attacker or Jammer in LMR
Intel Secured Location Threat Model
Functional Requirement for Secure Ranging
11az NDP Announcement Date: July 2008
Availability Window Update
Data field in HE PPDU Date: Authors: September 2015
Multi-AP Transmission Procedure
Replay Attack to Secured TB Ranging
Replay Attack to Secured TB Ranging
FTM Frame Exchange Authentication
Explicit Block Ack Request in DL MU PPDU
Explanations for CR on NDP feedback report
PHY-Level Security Protection
Multi-AP Transmission Procedure
Considerations on MU-MIMO Protection in 11ac
Error Recovery Scheme for Scheduled Ack
EHT Multi-link Operation
Phase Shift Based TOA Reporting in Passive Location Ranging
CP Replay Attack Protection
Intel Secured Location Threat Model
NDP Bandwidth Selection in Range Measurement
Secure SU and MU Ranging Measurement Procedure
AoD in Passive Ranging Date: Authors: Name Affiliations
Potential L2 security options for UL BCS
Availability Window Termination
LMR and LCI Reporting For Passive Location
PHY Security SRD Text Update
Location Measurement Protocol for 11ax
BSS Color in NDP Ranging
Functional Requirements for a .11az Scalability Requirements
Intel Secured Location Threat Model
Sounding for AP Collaboration
Presentation transcript:

Secure Ranging Measurement Month Year doc.: IEEE 802.11-yy/xxxxr0 November 2017 Secure Ranging Measurement Date: 2017-11-03 Authors: Yongho Seok, MediaTek Inc. John Doe, Some Company

Background Spoofing attack in PHY level has been discussed in [1]. November 2017 Background Spoofing attack in PHY level has been discussed in [1]. Proposed solution was to encode the LTF sequence by applying variable CSD. Additionally, suppressing spoofing attack in PHY level has been discussed in [2]. Proposed solution was to replace the known LTF sequence by a random binary sequence that is unknown to an attacker. Sequence generation key is exchanged and encrypted before a ranging measurement. Both contributions are saying that the LTF sequence in NDP have to be encoded in the unknown to an attacker. Yongho Seok, MediaTek Inc.

November 2017 Replay Attack Problem Even though a LTF sequence in a NDP is encoded, once a NDP was transmitted, an attacker can use the exposed NDP as a replay attack. In the below figure, the attacker transmits a fake UL-NDP (i.e., UL-NDP1) when a victim transmits an UL-NDP2 transmission. Because an AP didn’t notice that a victim transmitted an UL-NDP1, it considers the fake UL-NDP as a valid frame sequence. Victim NDPA1 UL-NDP1 NDPA2 UL-NDP2 DL-NDP2 LMR AP Copied Jamming a PHY header of UL-NDP1 Fake UL-NDP1 (In more strong TX power) Attacker Yongho Seok, MediaTek Inc.

November 2017 Replay Attack Problem Even though a LTF sequence in a NDP is encoded, once a NDP was transmitted, an attacker can use the exposed NDP as replay attack. In the below figure, the attacker transmits a fake DL-NDP (i.e., DL-NDP1) in more strong transmit power. Because a victim didn’t notice that an AP transmitted an DL-NDP1, it considers the fake DL-NDP as a valid frame sequence. Victim NDPA1 UL-NDP1 DL-NDP1 LMR NDPA2 UL-NDP2 DL-NDP2 LMR AP Jamming a PHY header of DL-NDP1 Copied Fake DL-NDP1 (in more strong TX power) Attacker Yongho Seok, MediaTek Inc.

November 2017 Replay Attack Problem For avoiding such replay attack, a mechanism to verify whether a LTF sequence of a received NDP comes from the valid STA is necessary. For example, In slide 3, after receiving the NDPA2 and the fake UL-NDP1, an AP shall have a mechanism to verify the received UL-NDP1 is not valid. In slide 4, after receiving the fake DL-NDP1 and the LMR, a STA shall have a mechanism to verify the received DL-NDP1 is not valid. Yongho Seok, MediaTek Inc.

Replay Attack Solution November 2017 Replay Attack Solution Possible solutions – Option 1 An UL NDP and a DL NDP include the key values for determining LTF sequences at the end of frame. A Location Measurement Report (LMR) frame includes key values for indicating the LTF sequences carried in the received UL NDP and transmitted DL NDP. DL NDP LTF2 Key2 LMR NDPA UL NDP LTF1 Key1 [Key=Key1, TOA of UL NDP] [Key=Key2, TOD of DL NDP] Yongho Seok, MediaTek Inc.

Replay Attack Solution November 2017 Replay Attack Solution Possible solutions – Option 1 If the key values of the UL NDP and DL NDP used in a ranging measurement from the AP is not matched with those of the transmitted and received NDPs on the STA, the received LMR is not valid. In the below figure, a STA can figure out that the LTF sequence of the UL NDP used in the TOA calculation is different. (Key1 ≠ Key3) DL NDP LTF2 Key2 LMR NDPA UL NDP LTF1 Key1 [Key=Key3, TOA of UL NDP] [Key=Key2, TOD of DL NDP] Attacker UL NDP LTF3 Key3 Yongho Seok, MediaTek Inc.

Replay Attack Solution November 2017 Replay Attack Solution Possible solutions – Option 2 A NDPA includes the key values for determining LTF sequences used in a following UL NDP and DL NDP. Key1 value in NDPA indicates that the UL NDP uses LTF1 sequence. Key2 value in NDPA indicates that the DL NDP uses LTF2 sequence. Comparing Option 1, because key values are opened before the NDP transmission, a nonlinear mapping function between key and LTF sequences have to devised and STA and AP have to exchange related security parameters. DL NDP LTF2 LMR NDPA Key1 Key2 UL NDP LTF1 [TOA of UL NDP] [TOD of DL NDP] Yongho Seok, MediaTek Inc.

Replay Attack Solution November 2017 Replay Attack Solution Possible solutions – Option 2 If an attacker doesn’t know the LTF sequences derived from Key1 or Key2, an AP may consider the LTF sequence received from the attacker as a noise signal. But, considering a worst case that a nonlinear mapping function between key and LTF sequences is broken by an attacker, a LMR frame carrying key values for indicating the LTF sequences in Option 1 can be helpful. DL NDP LTF2 LMR NDPA Key1 Key2 UL NDP LTF1 [TOA of UL NDP] [TOD of DL NDP] Attacker UL NDP LTF3 Yongho Seok, MediaTek Inc.

Replay Attack Solution November 2017 Replay Attack Solution Possible solutions – Option 3 Comparing Option 1 and Option 2, Option 1 does not need a significant change of a security protocol but it needs additional complexity in the PHY layer. Option 2 does not need a significant change of a PHY but it needs a major change of a security protocol and can increase a protocol overhead. Based on pros and cons of Option 1 and Option 2, another Option 3 is that a STA provides key values for each ranging measurement sequences through a new Protected Ranging Measurement Key Management frame or a Protected FTM Response frame. Yongho Seok, MediaTek Inc.

Replay Attack Solution November 2017 Replay Attack Solution Possible solutions – Option 3 Protected Ranging Measurement Key Management (RMKM) frame includes one or more pairs of a Sounding Dialog Token Number and key values (up to 64 entries) for determining LTF sequences used in an UL NDP and a DL NDP for subsequent ranging measurement sequences. In each ranging measurement sequence, LTF sequences used in an UL NDP and a DL NDP are identified by a Sounding Dialog Token Number (SDTN) in a NDPA frame. ACK DL NDP LTF2 LMR DL NDP LTF6 LMR RMKM NDPA SDTN=0 UL NDP LTF1 NDPA SDTN=1 UL NDP LTF5 Yongho Seok, MediaTek Inc.

November 2017 Conclusion This document discusses the replay attack problem and possible solutions. Yongho Seok, MediaTek Inc.

November 2017 References [1] https://mentor.ieee.org/802.11/dcn/17/11-17-0780-02-00az-ranging-phy-security.pptx [2] https://mentor.ieee.org/802.11/dcn/17/11-17-0795-03-00az-phy-level-security-protection.ppt Yongho Seok, MediaTek Inc.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.