Full Program »
Security of Multicarrier Time-of-Flight Ranging
OFDM is a widely used modulation scheme. It transmits data over multiple subcarriers in parallel, which provides high resilience against frequency-dependent channel drops (fading) and achieves high throughput. Due to the proliferation of OFDM-enabled devices and the increasing need for location information, the research community has suggested using OFDM symbols for secure (time-of flight) distance measurements. However, a consequence of relying on multiple subcarriers is long symbols (time-wise). This makes OFDM systems not a natural fit for secure ranging, as long symbols allow an attacker longer observation and reaction times to mount a so-called early-detect/late-commit attack. Despite these concerns, a recent standardization effort (IEEE 802.11az) envisions the use of OFDM-based signals for secure ranging. This paper lays the groundwork for analyzing OFDM time-of-flight measurements and studies the security guarantees of OFDM-based ranging against a physical-layer attacker. We use BPSK and 4-QAM, the most robust configurations, as examples to present a strategy that increases the chances for early-detecting the transmitted symbols. Our theoretical analysis and simulations show that such OFDM systems are vulnerable to early-detection/late-commit attacks, irrespective of frame length and number of subcarriers. We identify the underlying causes and explore a possible countermeasure, consisting of orthogonal noise and randomized phase.