Search

EP-3700158-B1 - SECURE RANGING

EP3700158B1EP 3700158 B1EP3700158 B1EP 3700158B1EP-3700158-B1

Inventors

  • EL SOUSSI, MOHIEDDINE
  • ROMME, Jacobus, Petrus, Adrianus
  • BOER, PEPIJN
  • PEETERS, ROEL JOHAN CORNEEL

Dates

Publication Date
20260513
Application Date
20190219

Claims (13)

  1. A method (200) of secure wireless ranging between a verifier node (104) and a prover node (102), comprising: for each frequency in a plurality of frequencies (201; 208; 210), performing a measurement procedure resulting in a two-way phase measurement and a round-trip time measurement between said verifier node and said prover node, said measurement procedure comprising: said verifier node (104) transmitting (204) on said frequency a verifier packet (406) comprising a verifier carrier signal (504) and a verifier frame delimiter (502), said prover node (102) receiving (204) said verifier packet (406) and performing a phase measurement of said verifier carrier signal (504) and a time-of-arrival measurement of said verifier frame delimiter (502), said prover node (102) transmitting (206) on said frequency a prover packet (418) comprising a prover carrier signal (506) and a prover frame delimiter (508), and said verifier node (104) receiving (206) said prover packet (418) and performing a phase measurement of said prover carrier signal (506) and a time-of-arrival measurement of said prover frame delimiter (508), wherein each said verifier frame delimiter (502) and each said prover frame delimiter (508) comprises a respective authentication code, wherein said authentication code is based on key a commonly known by said verifier node (104) and said prover node (102), said method (200) further comprising: calculating (214) a distance between said verifier node (104) and said prover node (102) based on the two-way phase measurements and the round-trip time measurements for said plurality of frequencies, wherein each said carrier signal is authenticated based on each corresponding said authentication code of the corresponding said frame delimiter and said commonly known key.
  2. The method (200) of claim 1, wherein each said verifier carrier signal (504) is preceded by said verifier frame delimiter (502) and each said prover carrier signal (506) is followed by said prover frame delimiter (508).
  3. The method of any one of claims 1-2, wherein said authentication code is a sequence of bits selected using a pseudo-random function, preferably from a pre-determined set of sequences.
  4. The method of claim 3, wherein said pseudo-random function has as input said commonly known key and one or more of the following: an index of said carrier signal, a sequence index, an identifier of the node transmitting the corresponding said frame delimiter, and an identifier of the node receiving the corresponding said frame delimiter.
  5. The method of any one of claims 1-4, further comprising: said prover node (102) transmitting said time-of-arrival measurement of said verifier frame delimiter (502) and/or said phase measurement of said verifier carrier signal (504) to said verifier node (104).
  6. The method of any one of claims 1-5, wherein, during said verifier node (104) transmitting (204) said verifier carrier signal (504), said prover node (102) adjusts its local oscillator, LO, based on said phase measurement of said verifier carrier signal (504).
  7. The method of any one of claims 1-6, said calculating of said distance comprising: from the round-trip phase measurements and round-trip time measurements of said measurement procedure for said plurality of frequencies, excluding (606) from further calculation measurements for frequencies wherein at least one of said prover carrier signal (506) and said verifier carrier signal (504) was not authenticated based on the respective said frame delimiter; failing (610) said calculating if the number of remaining frequencies after said excluding does not exceed a pre-determined threshold number; evaluating (612) an average round-trip time based on the round-trip time measurements for frequencies remaining after said excluding; failing (620) said calculating if said average round-trip time exceeds a pre-determined value; and thereafter, calculating (618) said distance based on the phase measurement results remaining after said excluding.
  8. The method of any one of claims 1-6, said calculating said distance comprising: from the two-way phase measurements and round-trip time measurements of said measurement procedure for said plurality of frequencies, excluding (706) from further calculation measurements for frequencies wherein at least one said prover carrier signal (506) and said verifier carrier signal (504) was not authenticated based on the respective said frame delimiter or wherein the measured round-trip time exceeds a pre-determined value; failing (710) said calculating if the number of remaining frequencies after said excluding does not exceed a pre-determined threshold number; assigning (714) said remaining frequencies into a prover group and an adversary group based on their respective measured round-trip times; failing (724) said calculating if the number of frequencies in said prover group does not exceed said threshold number or if the number of frequencies in said adversary group does exceed said threshold number; thereafter, calculating (720) said distance based on the phase measurement results in said prover group.
  9. The method of any one of claims 1-8, wherein said prover node (102) transmits said prover frame delimiter (508) comprising a first authentication code on a condition that said verifier node carrier signal (504) has been authenticated based on the corresponding said authentication code of the corresponding said verifier frame delimiter (502) and a second, different, authentication code otherwise.
  10. The method of any one of claims 3-9, wherein each sequence of said pre-determined set of sequences is a Gold code sequence.
  11. A prover node (102) configured to participate in secure wireless ranging with a verifier node (104), said prover node (102) being configured to: for each frequency in a plurality of frequencies, participate in a measurement procedure resulting in a two-way phase measurement and a round-trip time measurement between said verifier node (104) and said prover node (102), said measurement procedure comprising: said prover node (102) receiving a verifier packet (406) comprising a verifier carrier signal (504) and a verifier frame delimiter (502) from said verifier node (104) and performing a phase measurement of said verifier carrier signal (504) and a time-of-arrival measurement of said verifier frame delimiter (502); and said prover node (102) transmitting on said frequency a prover packet (418) comprising a prover carrier signal (506) and a prover frame delimiter (508), wherein each said verifier frame delimiter (502) and each said prover frame delimiter (508) comprises a respective authentication code, wherein said authentication code is based on key a commonly known by said verifier node (104) and said prover node (102), and each said verifier carrier signal (504) is authenticated by said prover node (102) based on each corresponding said authentication code of the corresponding said frame delimiter and said commonly known key.
  12. A verifier node (104) configured to participate in secure wireless ranging with a prover node (102), said verifier node (104) being configured to: for each frequency in a plurality of frequencies, participate in a measurement procedure resulting in a two-way phase measurement and a round-trip time measurement between said verifier node (104) and said prover node (102), said measurement procedure comprising: said verifier node (104) transmitting on said frequency a verifier packet (406) comprising a verifier carrier signal (504) and verifier frame delimiter (502), said verifier node (104) receiving a prover packet (418) comprising a prover carrier signal (506) and a prover frame delimiter (508) from said prover node (102) and performing a phase measurement of said prover carrier signal (506) and a time-of-arrival measurement of said prover frame delimiter(508), wherein each said verifier frame delimiter (502) and each said prover frame delimiter (508) comprises a respective authentication code, wherein said authentication code is based on key a commonly known by said verifier node (104) and said prover node (102) and each said prover carrier signal (506) is authenticated by said verifier node (104) based on each corresponding said authentication code of the corresponding said frame delimiter and said commonly known key.
  13. A system, comprising the prover node (102) of claim 11 and the verifier node (104) of claim 12.

Description

Technical field The present inventive concept relates to methods and devices for secure wireless ranging. Background Ranging involves determining the distance between wireless nodes. Multi-carrier Phase Difference Ranging (MCPDR) is a known method used to evaluate the range between two wireless nodes based on phase difference of two or more carrier signals. It may be implemented in narrowband systems like Bluetooth, Bluetooth Low Energy (BLE), Zigbee, and others. An example implementation of such a method is disclosed in W. Kluge and D. Eggert, "Ranging with IEEE 802.15.4 narrowband PHY", September 2009, https://mentor.ieee.org/802.15/dcn/09/15-09-0613-01-004franging-with-ieee-802-15-4-narrow-band-phy.ppt . Ranging may be performed in applications where proximity between nodes controls access or activation of some resource, such as opening a door lock; accessing a car, safe, or device; locating Internet-of-Things (IoT) devices, etc. There is always the risk of an adversary attempting to interfere with the ranging procedure. ÓLAFSDÓTTIR HILDUR ET AL : "On the Security of Carrier Phase-Based Ranging", 25 August 2017 (2017-08-25), INTERNATIONAL CONFERENCE ON COMPUTER ANALYSIS OF IMAGES AND PATTERNS. CAIP 2017, PAGE(S) 490-509 relates to the security of multicarrier phase-based ranging systems and specifically focuses on distance decreasing relay attacks that have proven detrimental to the security of proximity-based access control systems. CHITTABRATA GHOSH (INTEL) ET AL: "Sequence Authentication Code (SAC) Signalling in SU and MU Ranging", IEEE DRAFT, vol.802.11az, no. 1 18 January 2018, pages 1-22, relates to the possibilities of how to signal between iSTA and rSTA that enables LTF protection. KASPER BONNE RASMUSSEN ET AL: "Realization of RF Distance Bounding", USENIX, 10 June 2010, pages 1-13, relates to a prototype system that demonstrates that radio distance bounding protocols can be implemented to match the strict processing that these protocols require. Summary An objective of the present inventive concept is to provide a method of wireless ranging that is more secure against attacks from illegitimate devices. The present inventive concept is defined by the appended independent claims. Preferable embodiments are set out in the dependent claims. According to a first aspect, there is provided a method of secure wireless ranging between a verifier node and a prover node, comprising, for each frequency in a plurality of frequencies, performing a measurement procedure resulting in a two-way phase measurement and a round-trip time measurement between the verifier node and the prover node, the measurement procedure comprising the verifier node transmitting on said frequency a verifier packet comprising a verifier carrier signal and a verifier frame delimiter, the prover node receiving the verifier packet and performing a phase measurement of the verifier carrier signal and a time-of-arrival measurement of the verifier frame delimiter, the prover node transmitting on said frequency a prover packet comprising a prover carrier signal and a prover frame delimiter, and the verifier node receiving the prover packet and performing a phase measurement of the prover carrier signal and a time-of-arrival measurement of the prover frame delimiter, wherein each of the verifier frame delimiter and the prover frame delimiter comprises a respective authentication code, wherein the authentication code is based on key a commonly known by the verifier node and the prover node, the method further comprising calculating a distance between the verifier node and the prover node based on the two-way phase measurements and the round-trip time measurements for the plurality of frequencies, wherein each the carrier signal is authenticated based on each corresponding the authentication code of the corresponding the frame delimiter and the commonly known key. With "frame delimiter" should be understood a modulated bit sequence comprised in the transmitted packet. With "carrier signal" should be understood a continuous-wave sinusoidal oscillation with a single frequency-component (neglecting harmonics and other imperfections). Such a signal may typically originate directly from the local oscillator (LO) of the transmitting node. However, as an example, it can also be obtained by applying a constant modulation, such as a frequency shift keying (FSK) modulation with a constant input (all 1s or 0s). In a general case, "prover node" and "verifier node" should be understood as mere labels for, respectively, a first and a second node between which secure ranging is performed. However, as a specific example, the verifier node may control access to a resource and the prover node may be used to gain access to the resource controlled by the verifier node, by virtue, at least in part, of physical proximity between the prover node and the verifier node. With MCPDR, there is a phase ambiguity bound, i.e., a maximum measurable distance above which the p