Cryptology ePrint Archive: Report 2021/070

Secure, Accurate, and Practical Narrow-Band Ranging System

Aysajan Abidin and Mohieddine El Soussi and Jac Romme and Pepijn Boer and Dave Singelée and Christian Bachmann

Abstract: Relay attacks pose a serious security threat to wireless systems, such as, contactless payment systems, keyless entry systems, or smart access control systems. Distance bounding protocols, which allow an entity to not only authenticate another entity but also determine whether it is physically close by, effectively mitigate relay attacks. However, secure implementation of distance bounding protocols, especially of the time critical challenge-response phase, has been a challenging task. In this paper, we design and implement a secure and accurate distance bounding protocol based on Narrow-Band signals, such as Bluetooth Low Energy (BLE), to particularly mitigate relay attacks. Narrow-Band ranging, specifically, phase-based ranging, enables accurate distance measurement, but it is vulnerable to phase rollover attacks. In our solution, we mitigate phase rollover attacks by also measuring time-of-flight (ToF) to detect the delay introduced by such attacks. Therefore, our protocol effectively combines the best of both worlds: phase-based ranging for accuracy and time-of-flight (ToF) measurement for security. To demonstrate the feasibility and practicality of our solution, we prototype it on NXP KW36 BLE chips and evaluate its performance and relay attack resistance. The obtained precision and accuracy of the presented ranging solution are 2.5 cm and 30 cm, respectively, in wireless measurements.

Category / Keywords: cryptographic protocols / Distance Bounding; Relay Attacks; Narrow-Band Ranging; Phase-based Ranging; Time of Flight.

Original Publication (in the same form): IACR-CHES-2021

Date: received 19 Jan 2021

Contact author: aysajan at kuleuven be,mohieddine elsoussi@imec-nl nl

Available format(s): PDF | BibTeX Citation

Version: 20210122:202951 (All versions of this report)

Short URL: ia.cr/2021/070


[ Cryptology ePrint archive ]