January 2019 doc.: 15-19-0058-00-004z. Project: IEEE P802.15 Working

January 2019 doc.: 15-19-0058-00-004z. Project: IEEE P802.15 Working

January 2019 doc.: 15-19-0058-00-004z. Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Secure Ranging Definitions and Interoperability] Date Submitted: [16 January 2019] Source: Dr. Boris Danev [3db Access, Switzerland], Prof. Dr. Srdjan Capkun [ETH Zurich, Switzerland] Re: [Changes proposal for the LRP/HRP UWB PHY] Abstract: [Contribute to a proposal to the enhanced impulse radio group w.r.t. 4z Security ] Purpose: [Discussion, current 4z LRP/HRP Security, definitions, questions, interoperability] Notice: This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15. 3db Access, ETH Zurich January 2019 doc.: 15-19-0058-00-004z. Scope

Discussion on LRP/HRP Security including Security Definitions & Interoperability Motivation Provide status on defining security for SRDevs and discuss IEEE standard compliance and interoperability 3db Access, ETH Zurich January 2019 doc.: 15-19-0058-00-004z. Agenda Introduction of Security Definitions Current Status and Questions Standard Compliance and Interoperability 3db Access, ETH Zurich January 2019 doc.: 15-19-0058-00-004z. Security Definitions

Security Verification Procedures of verification of ranging sessions to ensure secure ranging transaction PHY layer and MAC layer (Clause 9) Security Levels Definition of SRDev Security Levels with respect to entropy bits of security (as mandated by IEEE standards) Security Proofs Definition of threat model for analysis Resistance to known attacks such as Cicada, Early/Detect & Late Commit, Preamble Injection, Guess-and-Compensate, First path injection, etc. Investigation of new attacks (if appropriate) 3db Access, ETH Zurich January 2019 doc.: 15-19-0058-00-004z.

Current Status and Questions (1/2) 4z LRP SRDev 4z HRP SRDev - Distance Bounding approach - Defined in the contributions - Being integrated and refined in Clause 6 MAC Func Description - How is the threshold defined for secure timestamp? - What is the procedure to qualify as secure timestamp? - Complies to Clause 9 (Security) - Verification is defined in Clause 9 - How is the secure exchange of the timestamps planed? - Would an exchange procedure be defined? IEEE 802.15.4 - IEEE Security Level 1 (32 bits)

- IEEE Security Level 2 (64 bits) - IEEE Security Level 3 (128 bits) - Other SLs are possible - What Security Levels can be achieved (bit-equivalent entropy)? - What are the RX implementation details to ensure security and Security Levels? Security Proofs Next slide Next slide Security Verification - PHY layer - MAC layer Security Levels 3db Access, ETH Zurich

January 2019 doc.: 15-19-0058-00-004z. Current Status and Questions (2/2) 4z LRP 4z HRP - Thread model of Distance Bounding (well defined in security literature) - What is the threat model? STS concept is not documented in open security literature - Resilience to all known PHY & MAC layer attacks is proven in Annex G - What is the resilience of proposed scheme with respect to known PHY, TIMESTAMP & MAC attacks?

Security Proofs - Are their more attacks? - Does a security analysis exist? 3db Access, ETH Zurich January 2019 doc.: 15-19-0058-00-004z. Standard Compliance & Interoperability Standard compliance Ensure precise security definitions for threat analysis E.g., IEEE 802.11az Secure Ranging 11-17-1122-00-00az-cp-replay-threat-model-for-11az.docx Interoperability

Precisely defined security is a must for interoperability between vendors Precisely defined security is a must for application-level standards (e.g., ISO/ECMA) 3db Access, ETH Zurich January 2019 doc.: 15-19-0058-00-004z. Summary and Conclusions Security definitions need to be carefully elaborated for standard compliance and interoperability Preliminary analysis of STS-based schemes raise security concerns 3db Access, ETH Zurich

Recently Viewed Presentations

  • 2nd Grade Language Arts (ELA)

    2nd Grade Language Arts (ELA)

    Keep at Home. will have items for your information to be kept at home-Return to school. will have items that need your signature or response and homework. Planner - will have daily conduct sheet:-Should be signed DAILY this will reflect...
  • Kinesiology for Manual Therapies - Podbean

    Kinesiology for Manual Therapies - Podbean

    Kinesiology for Manual Therapies ... shoulder girdle surrounds the trunk and provides a mechanism for the upper extremity to attach to the body. ... Ballistic stretching Passive stretching Static stretching Proprioceptive neuromuscular facilitation stretching (PNF) Active Isolated Stretching ...
  • Statistical analysis of DNA microarray data

    Statistical analysis of DNA microarray data

    * (a) The linear sequence of amino acid residues defines the primary structure. (b) Secondary structure consists of regions of regularly repeating conformations of the peptide chain, such as alpha helices and beta sheets.
  • Targeting, Screening and Assessment

    Targeting, Screening and Assessment

    in advance, that is, preset for future payments. Warehousing must be set up through your DPM Liaison Accountant. Second. is the . Expected. Disbursement. Amount. This is the . amount of checks. being cut to cover grant program expenses or...
  • Light - Uplift Education

    Light - Uplift Education

    Vision. We see when light when visible light enters our eyes and focuses on our retinas.The light may come from a luminous source (something that emits light, such as the sun or a light bulb) or may bounce (reflect) off...
  • PHP - An Introduction

    PHP - An Introduction

    Brief History of PHP. PHP (PHP: Hypertext Preprocessor)was created by RasmusLerdorf in 1994. It was initially developed for HTTP usage logging and server-side form generation in Unix.
  • Gold catalysis for the cyclization of polyunsaturates

    Gold catalysis for the cyclization of polyunsaturates

    Author: Dominic Campeau Created Date: 02/10/2018 09:14:01 Title: Gold catalysis for the cyclization of polyunsaturates Last modified by: Bouho Ali Osman
  • Les Trusts

    Les Trusts

    The different types of trusts . C. The various uses . Validity of a trust in the French legal system . A. Trusts and other French notions. ... Express/ Implied ( Appendix 2) The Letter of Wishes. I. The Legal...