UWB Impulse Radio Based Distance Bounding

Marc Kuhn1, Heinrich Luecken1, and Nils Ole Tippenhauer21Communication Technology Laboratory, 2System Security Group

ETH Zurich, CH-8092 Zurich, Switzerland{kuhn, luecken}@nari.ee.ethz.ch, tinils@inf.ethz.ch

Abstract— Today’s communication systems are often vulnera-ble to wormhole or relaying attacks, leading to severe securityproblems. Distance Bounding (DB) protocols are authenticationprotocols designed to protect against these attacks. They de-termine an upper bound on the physical distance between twocommunication parties — the verifier V (e.g. a door requiringan access key) and the prover P (e.g. a wireless key device).UWB technology promises an innovative wireless implementationof DB protocols, using low cost components. A crucial aspectfor DB algorithms, besides a high temporal resolution, is theprocessing delay of P between receiving a challenge from V andtransmitting the answer to V . Even current UWB transceiversmay add a considerable processing delay, which decreases theprovided security. We propose and analyze a novel analog UWBtransceiver architecture which is able to both detect incomingUWB pulses and transmit answers with minimal delay.

I. INTRODUCTION

With proliferation of wireless communication to security-related systems, design and analysis of security protocols areessential. Considering for example access control to buildings,it is desirable to use a low-complexity wireless device workingas a key. The door, here referred to as the verifier V and thekey (prover P) share a secret, which legitimates an authorizedperson to enter. A well-known vulnerability of these systemsare relay or wormhole attacks (cf. Fig. 1): The attacker Aestablishes communication between V and a distant P2 byforwarding the respective messages. Using this attack, theattacker can open the door without having to decrypt messagesor guessing the shared key. One solution to protect againstthese attacks is distance bounding [1]–[3]: An authorized Pis only allowed to open the door if it proves to be not furtherfrom V than a certain maximum distance dmax by replying toseveral single bit challenges.

The high bandwidth of UWB enables time-of-arrival mea-surements with high resolution [4]. Moreover, UWB impulseradio enables the implementation of low complexity and lowpower transceivers. In particular, noncoherent receivers can beimplemented very efficiently [5]. In [6], the authors presentedan energy detection (ED) based ultra-low power UWB systemdesign with an overall estimated current consumption of lessthan 1 mW. The theoretical feasibility of the presented designrespecting FCC power limits [7] together with transmission ofonly one pulse per bit (very important for our DB approach)has been shown by means of computer simulation and over theair [8]. This makes an UWB impulse radio (IR) design basedon the ED a very promising candidate for the implementationof DB protocols. The resulting transceiver of P would com-

Fig. 1. Wormhole attack: the attacker A relays communication between thedistant P2 and V although P2 is outside the secure distance dmax.

bine low complexity and low power consumption with fastresponse/ low delay that is essential for DB hardware. In thispaper, we investigate the application of such a UWB IR systemdesign for DB.

Contributions: We present a system concept for DB basedon an analog UWB IR transceiver using the ED of [6] and theoriginal DB protocol [1]. We analyze the false acceptance andfalse rejection ratio of the system when transmitting compliantto the FCC regulation and investigate in which distancesthe system shows acceptable performance. Furthermore, weidentify the disadvantages of the common binary pulse posi-tion modulation (BPPM) approach for UWB IR. Eventually,we propose improvements of the system leading to higheraccuracy of the DB while keeping the low complexity.

II. DISTANCE BOUNDING

A. The Distance Bounding Protocol

DB techniques use measurements of the distance betweenthe verifier V and the prover P to detect wormhole attacks. Ifthe DB protocol finishes successfully, V will conclude that Pis closer than a certain distance dmax. In this paper, we proposethe following three phases approach based on [1]:

In the initialization phase, the protocol first establishes aconnection between V and P on the physical layer. This in-cludes a synchronization of both nodes and channel estimationat V . Further, V sends on a secure channel a fresh and randomnonce s = [s1, . . . , sR] ∈ {0, 1}R to P to be used as ashared secret in this protocol execution. This secure channelhas to guarantee the authenticity, integrity and secrecy of themessages sent on it, which can be achieved e.g. by SSL [9].

The protocol uses this secret in the second phase, the rapidbit exchange. At the start of this phase, V generates anotherfresh and random nonce c = [c1, . . . , cR] ∈ {0, 1}R to use asR single bit challenges for P . This is done by transmittingc in R single UWB IR pulses with a sufficient inter-pulse

978-1-4244-7157-7/10/$26.00 ©2010 IEEE 28

spacing allowing for the answers of P in between. As shownin Fig. 2, immediately after receiving each of these challenges,P computes a reply ri using the received challenge bit ci andthe current shared secret bit si, and transmits this reply toV as soon as possible. V measures the total round trip timebetween challenge and response and checks the response bitaccording to ci and si. This process is repeated until all Rchallenge bits are transmitted and the R challenge responsesare received at V . In general, the round trip time T is two timesthe propagation delay τ between V and P , plus the proverdelay Tp, which includes all delays such as signal processingtime at P , the pulse duration etc.:

T = 2τ + Tp

In each round, an upper bound on the distance d can becomputed by neglecting the prover delay Tp,

d ≤ T

2c, (1)

where c is the propagation speed. An estimate d of the actualdistance of a prover P with unmodified hardware can bedetermined assuming a maximal delay Tmax at P as

d =T − Tmax

2c ≤ d. (2)

After the R rapid bit exchanges, the DB protocol uses athird phase — the challenge retransmission. In this phase, Ptransmits all received bit challenges to V . This is done usinga secure channel, e.g. the same channel used to send s in theinitialization phase. The challenge retransmission is necessaryto ensure that the challenges ci received at P were indeed sentby V .

After the three phases, V can decide based on the challengeresponses and the estimated distances, if P is within thedistance dmax. Depending on the expected Bit Error Rate(BER) variation, V can tolerate a certain number of wrongreply bits. To aggregate the distances measured in each roundof the rapid bit exchange, the max-function should be usedfor maximum security.

B. Attacker Models

In our security analysis, we will discuss standard DB-attacksby an external attacker A (referred to as Mafia fraud inthe literature) or a misbehaving Pm (Distance fraud). Thegoals of these two attackers are the same: to shorten themeasured distance between V and the prover and thus tomake V believe that the prover is closer than he really is.The difference between both attacker models is the following:The misbehaving Pm is in possession of the shared secret s,but more than dmax away from V and therefore has to cheatto successfully complete the protocol. The external attackerA is not in possession of the secret s, but close enough to Vto run the protocol successfully. The case of a misbehavingprover sharing s with an external attacker is also referred toas Terrorist Attack and will not be discussed here; distancebounding protocols can be extended to protect against thisattack in general [10], if needed.

Verifier Prover

1. InitializationPhase

2. Rapid BitExchange

3. Challenge Re-transmission

Secret and coarse sync

...

1 ˆ, , Rc c

pT1c

1r

2c

tt

T

vT

Fig. 2. Schematic figure of protocol timeline.

C. Standard Attacks on Distance Bounding

In this subsection, we will describe relevant standard attackson round trip time based distance measurement protocols andhow to either minimize their impact or to defeat them fully.

Relay or Wormhole attacks: In case of a relay attack, the at-tacker forwards communication to a distant P . This is detectedby the proposed protocol, because the signal propagation speedis limited to c. Therefore, the attacker can not speed up thetransmission of the forwarded message, resulting in a highadditional transmission delay which will be detected by V .Therefore, relay attacks are defeated by the distance boundingprotocol. This fundamental conclusion is analyzed in moredetail in [11], [12].

Minimizing Tp: If an estimate d of the distance betweenV and P is computed under consideration of the maximalprover delay Tmax, using (2), then a malicious Pm can shortenthis distance by shortening the delay Tp, e.g. by using moresophisticated transceiver hardware. The maximal distance ad-vantage an attacker can gain using sophisticated hardwarewhich minimizes Tp is

da =T

2c − T − Tmax

2c =

Tmax

2c. (3)

This effectively extends the radius of the circle in whichPm has to reside to successfully run the protocol (see alsoFigure 1).

For this reason, minimizing the processing time at P isessential for DB because it allows for smaller values of Tmax

and consequently allows smaller da. UWB seems to be idealfor this purpose because it allows for short pulse durations andlow delay receiver architectures.

Guessing attacks: Both an external attacker impersonatingP and a malicious Pm can try to send the replies before

29

actually receiving the respective challenges. As the proposedprotocol is based on an i.i.d. random sequence of R equallydistributed bits, the chance to guess each of the R repliescorrectly is 2−R.

Verifier Impersonation Attack: An external attacker A closeto V could also try to obtain s by sending R random challengesc′1, . . . , c

′R to P before V starts the actual rapid bit exchange.

Then, P computes the correct replies to these challenges andsends them to A. When V starts sending the proper challengebits, A can impersonate P by using P’s earlier replies. If thefunction to compute the replies from the challenge and secretis bijective, knowing the replies to c′i will allow A to perfectlyanswer any ci sent by V . If the function is not bijective, Awill still improve his chances compared to random guessingonly. This attack may result in a shorter distance measuredbecause A is closer to V than P .

In case of the proposed DB protocol, V can detect thisfraud because of the challenge retransmission phase in whichP reports all received challenges ci to V . Unless A guessesall challenges correctly (with a chance 2−R), the attack willbe detected.

Early detection attacks: More sophisticated attacks arethe early detection and late commit attacks [3], [13]. Earlydetection attacks try to obtain information of a symbol earlierthan a normal receiver. On the signal processing level, theattacker could modify the demodulator such that the decisionfor the current symbol’s data content is given earlier thanusually, either by using a superior demodulator or accepting ahigher BER. This way, the attacker would get an advantage ofa fraction of the symbol length, which can be a problem forsymbols with low bandwidth. Therefore, the distance boundingimplementation should have symbols as short as possible tomitigate this attack.

Late commit attacks: The late commit attacks exploit thefact that an honest sender will only start sending a messagewhen the content is ready. Instead of using the correct transmitsignal, a malicious sender could use an alternative waveform,which is constructed such that the decision at the receiveris determined not by the full symbol, but only a part at theend [3], [13]. Similar to early detection attacks, this can yieldan advantage of up to the symbol duration for the attacker andcan be mitigated by choosing short symbols.

III. MINIMAL DELAY UWB TRANSCEIVER FOR DISTANCE

BOUNDING

In the rapid bit exchange, it is essential to detect UWBpulses and transmit answers with minimal delay. Current UWBtransceiver systems detect incoming signals using digital signalprocessing. These approaches may add a considerable delay tothe response of P . Therefore, the proposed receiver structurehas to be able to perform signal processing in analog domain.We propose a noncoherent energy detection (ED) receiverfor P , which is motivated by stringent requirements on lowcomplexity and low power consumption. It is based on thereceiver design according to [6] and consists of a bandpassfilter and a squaring device followed by an integration filter.

BPPM ( )h t 2( ) ( )g t( )pw t

BP

AnalogDetector

MF

( )vw t( )h t Tx

ChannelVerifier Prover

Delay

ED Frontend

is ic

ic

ir

ˆid

( )vs t ( )pr t

( )y t

Fig. 3. System model: Verifier and prover.

This filter is implemented as a first-order low-pass. Besidesthe low duty cycle operation also the usage of low complexityresonant circuits in the analog part is important for thetransceiver to achieve low power consumption. This requiresa moderate relative bandwidth. Hence, the frequency rangefrom 3.5 to 4 GHz has been chosen. The duty cycle of thereceiver can be reduced to 1%, i.e. the analog components ofthe receiver can be switched most of the time to save power, cf.[6]. As a further advantage, the ED receiver is robust to jitterof the symbol clock, which is trained in the first phase of theDB protocol. For the forward path from V to P the challengesare transmitted using UWB IR with Binary Pulse PositionModulation (BPPM) or Security Enhanced Modulation (SEM).We choose a BPPM symbol duration of 20 ns, i.e. 10 ns perPPM half frame. This is motivated by channel measurementsof the rms delay spread (cf. [14], [15]). For this choice theED receiver shows acceptable performance for the consideredscenario, even when multipath is considered.

Since V may not be limited in terms of complexity andpower consumption, we propose to use Binary Phase ShiftKeying (BPSK) for the backward path from P to V andcoherent detection, i.e. a channel matched filter receiver, atV . This enables a better BER performance and also reducesthe effects of late commit attacks.

A. System Model

The system model of the UWB DB system is shown inFig. 3. At V , the challenge bits ci are binary pulse positionmodulated with transmit pulse p(t). For ci = 0 the pulse istransmitted in the first time slot and for ci = 1 the pulse istransmitted in the second time slot. The polarity of the transmitpulse ai = ±1 is chosen randomly to avoid discrete spectrallines in the spectrum of the transmit signal. Otherwise, theFCC rules for UWB could not be exploited to the full extend.Thus, the transmit signal is given by

sv(t) =R∑

i=1

aip(t − ciTppm − iTv),

where Tppm = 10 ns denotes the duration of the PPM halfframe and Tv the challenge repetition time, which has to belarger than the round trip time of a single challenge bit. Thenumber of transmitted bits is R. As transmit pulse shape p(t)

30

AGCBP Squarer AMP LPLNAppmT

Delay

-

1

ic

is

Txir

Energy Detector Frontend Detector

Fig. 4. Block diagram of prover architecture.

we choose the impulse response of a third order butterworthfilter with energy Eb, center frequency fc = 3.75 GHz, andbandwidth B = 500 MHz. To comply with FCC regulation[7], the transmit power is limited to P av

FCC = −14.3 dBm bythe average power constraint and P p

FCC = 0 dBm by the peakpower constraint. Depending on the pulse rate either the firstor the second constraint may be limiting [5]. For a duty cycleof 1%, the maximal allowed transmit power equals 0 dBm.

The multipath channel is modeled as convolution of thetransmit signal s(t) with channel impulse response h(t). It isassumed that the channel is static during the complete protocolrun. The line-of-sight (LOS) path of the frequency selectivechannel exhibits a delay of τ = d

c , where c denotes the speedof light. At prover P , the receive signal is perturbed by additivewhite Gaussian noise (AWGN) with spectral power densityN02 . Hence, the receive signal is given by

rp(t) = s(t) ∗ h(t) + wp(t).

The data detection at P is based on a generalized energydetector frontend followed by analog detection. The gener-alized energy detector frontend consists of a bandpass filter, asquaring device and an integration filter. Thus, we have at theoutput of the generalized energy detector

y(t) =∫ ∞

−∞g(τ)r2

p(t − τ)dτ,

where rp(·) denotes the bandpass filtered receive signal andg(·) the impulse response of the integration filter.

The analog detector consists of a delay element, subtractionand a threshold device. The energy of the first time slot iscompared to the energy of the second time slot. This is doneby subtracting the values and comparing to threshold zero. Thedecision rule for challenge bit i is modeled as

y(iTv) − y(iTv + Tppm)ci=0

≷ci=1

0.

It is the inherent advantage of BPPM that the threshold is zeroand independent of the channel conditions and must not beadapted. We assume for the rapid bit exchange phase perfectsymbol synchronization at prover P . The synchronization isestablished during the training phase before the rapid bitexchange starts. Synchronization algorithms for the consideredreceiver structure are presented e.g. in [16].

To compute the reply bits ri, the estimated challenge bitsci are XORed with the secret si:

ri = ci ⊕ si

The reply bits are transmitted back to the verifier V by BPSK.Thus, the transmit signal at P can be written as

sp(t) =N∑

i=1

(2ri − 1) · p(t − τ − Tp − iTv),

where we assume to use the same transmit pulse p(t) withenergy Eb as in the forward path. The channel is assumed tobe the same in both directions. At V , white Gaussian noisewv(t) with power spectral density N0

2 is added and the replybits ri as well as the delay di are estimated with a channelmatched filter (MF) receiver. As stated before, the constrainson complexity, power consumption and costs are not limitingfor V . Hence, we refer here to standard algorithms for coherentchannel and timing estimation and detection [17].

B. Energy Detection Receiver

Due to the stringent requirements on the hardware of Pin terms of complexity, power consumption and costs, wedescribe the receiver structure of P in detail in this section.A block diagram of the proposed design of P is depicted inFig. 4 and main parameters of the components are summarizedin Table I.

The receive signal from the antenna is first amplified by alow-noise amplifier (LNA) with a gain of 20 dB. To model thehardware imperfections of the LNA, a noise figure of 5 dBis assumed for this component. Subsequently, the signal isbandpass filtered by a third order butterworth filter with anattenuation of 5 dB. The automatic gain control (AGC) isessential to allow for a high dynamic range of the receiver,i.e. when P is close to V (high receive power), the squaringdevice must be prevented from strong signal degradation dueto non-linear effects and clipping. Hence, the AGC supports avariable gain between 26 and 46 dB, which is automaticallyadjusted according to the receive power level. The noise figureof the AGC is assumed to be 10 dB. The squaring deviceattenuates the signal by 5 dB and is modeled with a noisefigure of 20 dB. Then, the signal is amplified in a third stageby 20 dB with noise figure 10 dB.

31

The standard energy detector would assume a running inte-grator after the squaring device, i.e. a rectangular integrationfilter. However, due to complexity reasons, here the integrationfilter is implemented as first order low pass. The impulseresponse of the first order low pass is given by

g(t) =

{gLPT0

exp(− t

T0

)for t > 0

0 else,

with time constant T0 = (2πfLP)−1 and fLP denoting thelow-pass cut-off frequency. The cut-off frequency is chosento fLP = 100 MHz. The voltage gain gLP is modeled such thatthe attenuation of the low-pass filter is 3 dB.

After low-pass filtering, the signal is in baseband and thecomponents of the detector are not required to support an ultrawide bandwidth. The delay element can be implemented assample and hold circuit and the threshold device detects thepolarity of the difference voltage between delay element andactual output. We assume that the hardware imperfections ofthe delay element, subtraction and detection of polarity arenegligible. An exhaustive study on the power consumption ofthis energy detector frontend is presented in [6]. The overallnoise figure of the energy detector frontend is approximately5.4 dB.

TABLE I

COMPONENT PARAMETERS OF ENERGY DETECTOR FRONTEND [6]

Component Gain Noise Figure Group Delay

LNA 20 dB 5 dB 0.25 ps

Bandpass -5 dB 1.798 ns

AGC 26-46 dB 10 dB 0.25 ps

Squaring Device -5 dB 20 dB 320 ps

AMP 20 dB 10 dB 0.25 ps

Low-Pass -3 dB 1.592 ns

C. Processing Time/ Minimal Delay Receiver

An approximation of the processing time based on an ex-haustive literature survey for the proposed prover architectureis given in [18]. The processing time is estimated by the groupdelay of the components in the receiver chain (see Table I).UWB amplifiers show very small delays in the pico secondsrange. Moreover, the squaring device as well as the detectorand XOR show negligible delays. However, it is concludedthat the group delay of the bandpass filter and the low-passfilter are the main contributions to the processing delay of thereceiver. With a group delay of τBP ≈ 1.8 ns for the thirdorder bandpass and τLP ≈ 1.6 ns for the lowpass filter, theprocessing time of the receiver is approximated to

T minproc = 3.71 ns.

Note that this is value is only an approximation or a lowerbound of the receiver processing time based on the singlecomponents and neglecting the transmitter at P .

bE

bE0

0

0 :ic

1:ic

2bE

bE2

bE

0

0 :ic

1:ic

b) Security Enhanced Modulation (SEM)

a) Binary Pulse Position Modulation (BPPM)

t

t

ppmT ppm2T

t

t

Fig. 5. Data modulation for transmission from V to P .

D. Security Enhanced Modulation (SEM)

For data transmission from V to P , the use of BPPM isadvantageous to support the non-coherent receiver structureof P . In particular, the threshold for data detection must notbe adapted and therefore the design requirements of verylow complexity and very low power consumption can bemet. However, concerning attacks on the distance boundingprotocol, the application of BPPM yields also vulnerabilities.As shown in Fig. 5a, the overall duration to transmit a singlechallenge bit becomes Ts = 2Tppm, i.e. for the chosen systemparameters Ts = 20 ns. The energy detection receiver at Pwaits until the end of the second time slot for the symboldecision.

Due to the inherent structure of the BPPM symbol, thesignal can be predicted. If there is no pulse in the firsttime frame, there will be one transmitted in the second timeframe and vice versa. For early detection attacks, this givesan advantage of at least Tppm = 10 ns and in worst caseTs = 20 ns. This can lead to a severe accuracy loss of thedistance bounding system. As a countermeasure, we proposean improved modulation for the forward path, which leadsto a higher accuracy of the distance bounding while keepingthe complexity low. As shown in Fig. 5b, Security EnhancedModulation (SEM) transmits a pulse in the first time slotindependent of the transmit symbol. The pulse is scaled by1√2

leading to an energy of Eb

2 . Then in the second time slot,for ci = 0 nothing is transmitted and for ci = 1 the pulsewith energy Eb. This way, the first time slot does not allowto predict the overall signal. Additionally, SEM still enables

32

non-coherent demodulation and is suited for the proposed low-complexity receiver without any modifications. However, thedownside of SEM lies in the increased bit error probability atthe receiver. The energy difference of the first and second timeslot of SEM is reduced to ±Eb

2 , i.e. a factor of 12 compared

to BPPM, which leads to a loss of 3 dB in bit error rateperformance. Note that this enables an interesting trade-offbetween range and accuracy of the distance bounding system.Depending on the application requirements, we propose touse BPPM for a larger range and SEM for a system, whichaims for higher accuracy. By using SEM the relevant symbolduration is reduced to Ts = Tppm = 10 ns.

IV. FIGURES OF MERIT

In this section, we introduce the false rejection ratio, thefalse acceptance ratio and the effective distance bound asmeasures to evaluate the performance of the proposed DBimplementation.

The goals of the DB protocol are to estimate the distancebetween V and P , and to decide if V should authenticate P .After finishing all three phases of the DB protocol, V countsthe number of the following security relevant errors (SRE) inthe R protocol rounds:

(i) V detects a wrong challenge reply in the rapid bitexchange, (ii) V detects a wrong bit in the challenge retrans-mission phase, (iii) V detects both, i.e. a challenge reply bitin the second round is wrong as well as the corresponding bitin the third phase.

In principle, V could reject P if one security relevant error isdetected in any of the R rounds of the DB protocol. However,such an error may also be caused by the nature of the wirelesschannel, rather than due to a not legitimate P . Hence, the DBprotocol has to be able to cope with bit errors on the wirelesschannel – particularly, as there is no channel coding in therapid bit exchange phase. To achieve this, V may allow fora certain number of unsuccessful rounds in the DB protocol,i.e. for a certain number N of security relevant errors. In thethird phase of the protocol, the challenge retransmission, thecommunication between V and P is not time-critical. Hence,we assume a significantly lower bit error probability pe,r inthis phase due to the use of appropriate channel coding.

A. False Rejection Ratio

The false rejection ratio (FRR) is given by the probabilitypFR that a legitimate prover P will not gain access, althoughhe answered all challenges correctly as defined by the DBprotocol, and he is not further from V than dmax. The FRRdepends on the bit error probability and on the number N oftolerated security relevant errors. In the following, we assumethat the round trip time is determined correctly, i.e. the distancemeasurement is perfect.

We denote the probability of a bit error on the forwardtransmission path with pe,f and a bit error on the backwardpath with pe,b. We assume that these two bit error events areindependent of each other and independent of an error in thechallenge retransmission phase. The probability pe of an SRE

event during the rapid bit exchange due to a bit error on eitherway is given by:

pe = pe,f + (1 − pe,f )pe,b

Note that because of the challenge retransmission phase anyerror in forward direction leads to a security relevant error.The FRR of a legitimate P is given by the probability:

pFR = 1 − (1 − pe,r)N∑

i=0

(R

i

)· pi

e · (1 − pe)R−i

Accepting no security relevant error (N = 0) and using theassumption that pe,r can be made arbitrarily small by channelcoding, this equals to

pFR = (1 − pe)R.

B. False Acceptance Ratio

The false acceptance ratio (FAR) is given by the probabilitypFA that an attacker A is able to gain access; it depends onthe attacker strategy and on the number N of tolerated SREs.We investigate the standard attacks on DB: Mafia frauds anddistance frauds. To derive the FAR, we start with the casethat an attacker inside the secure range dmax establishes awormhole to an authorized P outside the secure range (cf.Fig. 1). As the proposed DB protocol protects reliably againststandard wormhole attacks, A has to use guessing strategies.We start with two of these strategies. The distance fraud caseof a malicious prover Pm outside the secure range will beconsidered afterwards.

For convenience, we define the following Bernoulli randomvariables:

V A =

{1 “Bit error occurred on the path V to A.”

0 “No bit error on the path V to A.”

AV =

{1 “Bit error occurred on the path A to V .”

0 “No bit error on the path A to V .”

AP =

{1 “Bit error occurred on the path A to P .”

0 “No bit error on the path A to P .”

PA =

{1 “Bit error occurred on the path P to A.”

0 “No bit error on the path P to A.”

For the probability of P [X = k] we will use the shorthandnotation pX(k). Note that all these probabilities need not to bethe same as the ones for a legitimate prover, since the attackerdoes not need to comply with FCC regulation and may use amore complex system design.

a) Strategy A - Guessing of Replies: The probabilityof guessing the right response bit in one round is given bypguess = 1 − pguess = 1

2 . Hence, the probability pfake,A, that Ais able to give a correct answer in one rapid bit exchange, is

pfake,A = pguess pAV (0) + (1 − pguess)pAV (1)= pguess pAV (0) + pguesspAV (1)= pguess (pAV (0) + pAV (1)) = pguess.

33

The probability pfake,A does not depend on the bit errorprobability of the path V to A. Knowing the correct challengebit does not provide any advantage for the attacker’s guessing.For the same reason a bit error on the path A to V does nothave impact on the guessing.

However, A must ensure that the challenge will arrivecorrectly at the legitimate prover, otherwise the attack could bedetected in the challenge retransmission phase. The probabilityto achieve this goal is given by:

pchall,A = pV A(0)pAP (0) + pV A(1)pAP (1)

The attacker’s probability to cause no SRE for a given roundof the DB protocol is therefore:

psucc,A = pfake,A · pchall,A = pguess · pchall,A

The path P to A is irrelevant for the rapid bit exchange, sincethe replies of P arrive too late at A to be delivered timely tothe verifier V .

With the previously defined N and R the false acceptanceratio of Strategy A is given by the probability:

pFA,A = (1 − pe,r)N∑

i=0

(R

i

)(1 − psucc,A)ipR−i

succ,A (4)

Allowing no SRE (N = 0) leads to:

pFA,A = (1 − pe,r)pRsucc,A

If we further assume perfect challenge retransmission pe,r ≈ 0and that a sophisticated attacker is able to minimize the BERon all channels, this will yield as expected:

pFA,A = pRguess (5)

b) Strategy B - Guessing of Challenges: This is a ver-ifier impersonating attack. The attacker A tries to guess thechallenges rather than the correct replies with the intentionthat the correct answer of P will arrive through the wormholeearly enough for him to reply to V . We will assume in thefollowing that the reply will always arrive early enough. Witha similar reasoning as above we can compute the probabilityto cause no SRE in a given rapid bit exchange round as:

psucc,B = pfake,B · pchall,B

The latter term describes the probability to find a correctchallenge bit in the retransmission and equals

pchall,B = pguesspAP (0) + (1 − pguess)pAP (1).

Using 1 − pguess = pguess we can simplify this to

pchall,B = pguess.

In order to get a correct challenge retransmission, the channelV to A is of no importance, since the attacker has to guessthe right challenges before he receives the actual challengesfrom the verifier. However, this channel is relevant for theprobability to reply correctly in the corresponding rapid bit

exchange round. The probability pfake,B to reply correct in therespective round is given by:

pfake,B = pV A(0) (pPA(0) pAV (0) + pPA(1) pAV (1))+ pV A(1) (pPA(1) pAV (0) + pPA(0) pAV (1))

Hence, the false acceptance ratio of Strategy B is given by

pFA,B = (1 − pe,r)N∑

i=0

(R

i

)(1 − psucc,B)ipR−i

succ,B,

which is in general different from equation (4). However, withN = 0, pe,r ≈ 0 and the assumption that the attacker will beable to lower the BER on all channels to approximately zero,this simplifies to

pFA,B = pRguess.

c) Access Request by a Distant Prover Pm: This distancefraud scenario is different from the previously discussedwormhole-attacks. Because the malicious prover Pm is outsidethe secure range, he has to guess the challenge bits and replypreemptively. Again, we denote the probability of a bit error onthe forward transmission path V to Pm by pe,f and analogouson the backward path Pm to V by pe,b. Furthermore, weassume that these two bit error probabilities are independentof each other. The probability of causing no SRE in one givenround of the rapid bit exchange phase is given by:

psucc,mal = (pguess(1 − pe,b) + (1 − pguess)pe,b) · (1 − pe,f )= pguess(1 − pe,f )

Consequently the false acceptance probability for this scenarioamounts to

pFA,mal = (1 − pe,r)N∑

i=0

(R

i

)(1 − psucc,mal)ipR−i

succ,mal.

With N = 0, pe,r ≈ 0 this leads to

pFA,mal = (pguess(1 − pe,f ))R,

which is different from the case of wormhole attackers. In casethe prover Pm uses the regular hardware, he cannot enhancethe BER. Therefore, for an advanced attacker using betterhardware, the false acceptance probability will be higher thanfor a malicious prover with regular transceiver.

C. Effective Distance Bound

An important performance criterion is the effective distancebound that the proposed DB protocol can provide. However,if an attack on the protocol is successful, there will not beany guaranty for a distance bound. If the attacker has repliedpreemptively, he could reside far outside the distance boundwithout being noticed. The distance bound is therefore givenonly with the probability 1 − pFA.

In case of a low false acceptance probability, the distancebound can be considered as reliable. Preemptive replies (guess-ing attacks) are not an option for an attacker. In this case,the worst case scenario is given by a certain distance fraudattack of an adversary knowing the secret but still residing

34

01020304010

−4

10−3

10−2

10−1

100

Distance [m]

BE

R

PTX

= −14.3 dBm

PTX

= −11.3 dBm

PTX

= −4.3 dBm

Fig. 6. Bit error ratio BER vs. distance between V and P , parameter is theFCC compliant transmit power PTX (BPPM).

outside the secure distance dmax: The malicious prover Pm

is able to minimize the processing time Tproc and uses earlydetection/late commits as described in section II-C. The upperbound on the distance d between V and Pm according to (1)is still valid (with probability 1− pFA). The effective distancebound is determined by the maximal distance advantage givenin (3) and depends on Tmax, and therefore on the prover delayTp, which is achievable with the chosen implementation of theDB protocol.

V. PERFORMANCE ANALYSIS

A. BER, FRR and FAR

Fig. 6 shows the BER vs. distance between V and P foran AWGN channel and BPPM. An AWGN channel with afree space path loss model has been chosen to model a typicalline-of-sight scenario with a dominant direct path; an examplecould be a badge legitimating to open a door. The plotsare parameterized by three different values of the transmitpower PTX, all compliant to the FCC rules. We conclude thatfor distances up to about 15m the UWB IR system showsacceptable performance at very low transmit power.

The false rejection and false acceptance probabilities forR = 20 rounds of the DB protocol and N = 0 (no SREtolerated) are shown in Fig. 7. Here, the transmit power waschosen to PTX = −14.3 dBm. By exploiting the low dutycycle operation of the considered application, even PTX =0 dBm would meet the FCC regulations [18].

As an example we consider a secure range of dmax =10 m. For this distance the FRR is about 10−2 (even for theconsidered very low transmit power) and the FAR accordingto (5) as well as the FAR of a malicious prover are below10−6. Tolerating one SRE (N = 1) leads to a significantlylower FRR (about 10−4), while the FAR increases to about2 · 10−5.

B. Effective Distance Bound

We consider the following scenario: The goal of the DBprotocol is to provide a secure range of dmax = 10 m. Hence,

510152010

−8

10−6

10−4

10−2

100

Distance [m]

Fal

se A

ccep

tanc

e/F

alse

Rej

ectio

n R

atio

Wormhole Attacker1 Bit error acceptedWormhole Attackerno error acceptedmal. ProverFRR, no error accepted

FRR N=0, R=20

FAR N=0, R=20, (mal. Prover)

Fig. 7. False rejection/false acceptance probabilities vs. distance V to P forPTX = −14.3 dBm (BPPM) and R = 20.

the maximal propagation time from the verifier V to the proverP and back is given by T max

prop ≈ 66.67 ns. The processing timeis considered to be T min

proc ≈ 4 ns. On the forward path a BPPMtransmission scheme with symbol time TS,f = 20 ns is used,whereas on the backward path a BPSK transmission schemewith symbol time TS,b = 10 ns shall be employed. Thereforethe verifier will grant access if his measured round trip timefulfills:

T ≤ T maxprop + TS,f + TS,b + T min

proc = 100.67 ns

Relay or Wormhole attack: In a relay attack, the attackeris simply forwarding the challenges from V to a distant Pfurther away than dmax as described in Section I. Even aperfect attacker, who forwards the original signals without anyadditional delay, will not be able to speed up the messagessent, and consequently fails to provide P’s replies within themaximum round-trip-time.

Malicious Prover attack or Distance fraud: A powerfulmalicious Pm might be able to reply to the challenges withzero processing delay by using superior hardware as discussedin Section II. This would allow the attacker to reply T min

proc ≈4 ns earlier, allowing him to correctly reply from a distance upto da = 0.6 m outside the secure range and still gain access.

Malicious Prover attack or Distance fraud with idealtransceiver: This attacker model extends the previous modelby allowing the attacker to demodulate signals immediatelyafter receiving a first fraction of the symbol (ideal early detec-tion), and to allow the attacker to commit at the latest possibletime to the value of a symbol (ideal late commit). If BPPM isused on the path from V to P , this can yield an advantageup to TS,f = 20 ns on the forward path and accordinglyup to TS,b = 10 ns on the backward path. Considering thezero processing delay, a malicious Pm would consequently beable to gain up to TS,f + TS,b + T min

proc = 34 ns in time. Thiscorresponds to a distance advantage of da = 5.1 m, which anattacker would be able to decrease the measured range.

If our proposed SEM is used, the influence TS,f is decreased

35

200 400 600 800 10000

1

2

3

4

5

6

Bandwidth [MHz]

max

. Dis

tanc

e A

dvan

tage

[m]

BPPM

SEM

Fig. 8. Maximal distance advantage for malicious prover with idealtransceiver vs. bandwidth B of the UWB pulses; BPPM and SEM.

to 10 ns, reducing the maximum distance advantage to 24 nsor da = 3.6 m.

We conclude that even using the strongest possible attackermodel our system provides a tight enough bound for mostapplications.

Until now we considered the worst case scenario in whichideal early detection attacks of A could gain an advantage2 · Tppm = 20 ns of two PPM half frames. In this case, theanalog detector of the receiver at P decides, which bit hasbeen received, after Ts = 2 · Tppm, i.e. after the second PPMhalf frame. To investigate the influence of the bandwidth ofthe used pulses, we consider a different scenario: The analogdetector of the prover comes to the decision in the second PPMhalf frame immediately after the pulse duration Tpuls. Hence,the maximal gain of ideal early detection attacks is Tppm +Tpuls ≤ 2 ·Tppm for BPPM and Tpuls ≤ Tppm for SEM. For thisscenario, Fig. 8 shows how the maximal distance advantage da

depends on the used bandwidth in case of a malicious proverPm using an ideal transceiver. We assume that in the plottedrange of bandwidths the processing time Tproc = 4 ns does notdepend on the bandwidth. For the considered DB system withbandwidth B = 500 MHz this leads to a maximal distanceadvantage of less than 3 m for PPM, less than 1.5 m for SEM,even if the attacker is able to reply with zero processing delayand additionally uses ideal early detection and late commit.

VI. CONCLUSIONS

Due to the high signaling bandwidth and short symbolduration, UWB enables distance measurements with high ac-curacy. Furthermore, the use of UWB impulse radio allows forminimal delay DB transceiver based on noncoherent receiverstructures. This makes UWB impulse radio a perfect candidatefor the implementation of distance bounding systems. Anenergy detection receiver at the prover enables low complexityand low power consumption. We propose to use this incombination with a higher complexity coherent receiver at theverifier to improve the DB performance.

To analyze the performance of the proposed UWB DB im-plementation, the False Rejection Ratio and False AcceptanceRatio for different attacker models are the major figures ofmerit of the system. Based on evaluations of the performanceof the protocol in typical application scenarios, we concludethat a low FAR is possible for a secure distance of up to 10 m,using a very low transmit power of PTX = −14.3 dBm; this iseven low compared to the transmit power allowed according tothe FCC regulations. By using Security Enhanced Modulation(SEM) the impact of early detection attacks on the UWB IRdistance bounding system can be reduced. Due to the low FAR,the accuracy of the DB system for a worst case attack is givenby 3.6 m in case of SEM, or 5.1 m for the BPPM approachof UWB IR.

The presented novel system architecture enables the realiza-tion of efficient UWB impulse radio based distance boundingsystems with very low power consumption at P; it offersefficient protection against wormhole attacks at low costs.

ACKNOWLEDGMENTS

This work was supported by the Zurich Information SecurityCenter and by the Communication Technology Laboratory ofETH Zurich. It represents the views of the authors. The authorsthank Armin Wittneben and Srdjan Capkun for their supportand valuable suggestions, as well as Michael Schaub and FelixSchulthess for their excellent work during their student project.

REFERENCES

[1] S. Brands and D. Chaum, “Distance-bounding protocols,” in Workshopon the theory and application of cryptographic techniques on Advancesin cryptology (EUROCRYPT). Springer, 1994, pp. 344–359.

[2] G. P. Hancke and M. G. Kuhn, “An RFID Distance Bounding Protocol,”in Proceedings of the International Conference on Security and Privacyfor Emerging Areas in Communications Networks (SecureComm). IEEEComputer Society, 2005, pp. 67–73.

[3] J. Clulow, G. P. Hancke, M. G. Kuhn, and T. Moore, “So near andyet so far: Distance-bounding attacks in wireless networks,” in ESAS,ser. Lecture Notes in Computer Science, L. Buttyn, V. D. Gligor, andD. Westhoff, Eds., vol. 4357. Springer, 2006, pp. 83–97.

[4] S. Gezici, Z. Tian, G. Giannakis, H. Kobayashi, A. Molisch, H. Poor,and Z. Sahinoglu, “Localization via ultra-wideband radios: a look atpositioning aspects for future sensor networks,” IEEE Signal ProcessingMagazine, vol. 22, no. 4, pp. 70–84, July 2005.

[5] K. Witrisal, G. Leus, G. Janssen, M. Pausini, F. Troesch, T. Zasowski,and J. Romme, “Noncoherent ultra-wideband systems,” IEEE SignalProcessing Magazine, vol. 26, no. 4, pp. 48 –66, july 2009.

[6] F. Troesch, C. Steiner, T. Zasowski, T. Burger, and A. Wittneben, “Hard-ware aware optimization of an ultra low power UWB communicationsystem,” in IEEE International Conference on Ultra-Wideband, ICUWB2007, September 2007, pp. 174–179.

[7] FCC, “Revision of part 15 of the commission’s rules regarding ultra-wideband transmission systems,” First Report and Order, ET Docket98-153, FCC 02-48, adopted/released Feb. 14/ Apr. 22 2002.

[8] C. Steiner, H. Luecken, T. Zasowski, F. Troesch, and A. Wittneben,“Ultra low power UWB modem design: Experimental verification andperformance evaluation,” Union Radio Scientifique Internationale, URSI,Aug. 2008.

[9] E. Rescorla, SSL and TLS: Designing and Building Secure Systems.Addison-Wesley Professional, Oct. 2000.

[10] L. Bussard and W. Bagga, “Distance-bounding proof of knowledge toavoid real-time attacks,” in Proceedings of SEC, 2005.

[11] C. Meadows, R. Poovendran, D. Pavlovic, L. Chang, and P. Syverson,“Distance bounding protocols: Authentication logic analysis and col-lusion attacks,” in Secure Localization and Time Synchronization forWireless Sensor and Ad Hoc Networks, vol. 30. Springer, 2007.

36

[12] P. Papadimitratos, M. Poturalski, P. Schaller, P. Lafourcade, D. Basin,S. Capkun, and J.-P. Hubaux, “Secure neighborhood discovery: A funda-mental element for mobile ad hoc networking,” IEEE CommunicationsMagazine, vol. 40, no. 2, pp. 132–139, February 2008.

[13] G. Hancke and M. G. Kuhn, “Attacks on ‘Time-of-Flight’ DistanceBounding Channels,” in Proceedings of the ACM Conference on WirelessSecurity (WiSeC). ACM, 2008.

[14] T. Zasowski, F. Althaus, M. Staeger, A. Wittneben, and G. Troester,“UWB for noninvasive wireless body area networks: Channel measure-ments and results,” in IEEE Conference on Ultra Wideband Systems andTechnologies, UWBST, November 2003, pp. 285–289.

[15] F. Althaus, F. Troesch, T. Zasowski, and A. Wittneben, “STS measure-ments and characterization,” PULSERS Deliverable D3b6a, vol. IST-2001-32710 PULSERS, 2005.

[16] H. Luecken, C. Steiner, and A. Wittneben, “ML timing estimation forgeneralized UWB-IR energy detection receivers,” in IEEE InternationalConference on Ultra-Wideband, ICUWB 2009, Sept. 2009, pp. 829–833.

[17] J. G. Proakis, Digital Communications, 4th ed. McGraw-Hill HigherEducation, 2001.

[18] M. Schaub and F. Schulthess, “UWB impulse radio: Secure ranging anddistance bounding,” ETH Zurich, Tech. Rep., 2009.

37