The Insecurity of Time-of-Arrival Distance-Ranging in IEEE 802.11 Wireless Networks
MetadataShow full item record
Two-way Time-of-Arrival (TOA) distance-ranging is well-suited for use in IEEE 802.11 MANETs and wireless mesh networks because it is simple, efficient and does not require precise time synchronization between network stations. Despite its utility we show that this distance-ranging procedure is completely insecure and demonstrate how it can be subverted by a simple but highly effective attack. This attack allows the adversary comprehensive and fine-grained control over the distance reported by the procedure. Such adversaries can appear to be either much further away or much closer than they are in reality. We demonstrate the attack experimentally and also show how it can be implemented using ordinary wireless network interfaces. Finally, the necessary and sufficient conditions for the secure use of two-way TOA distance-ranging procedure in IEEE 80
Proceedings: 2010 IEEE 30th International Conference on Distributed Computing Systems Workshops ICDCSW 2010
Copyright 2010 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Information and Computing Sciences not elsewhere classified