A. UWB Security

B. Distance Bounding Protocols

Distance-bounding protocols belong to a category of protocols that cope with attacks against distance-based authentication systems. The concept of utilizing distance-bounding protocols to mitigate relay attacks, also known as mafia fraud, was first introduced by Brands and Chaum [27]. The idea has since evolved in the past decades [28], [29], [30], [31], [32], [33], [34]. The underlying principle of the protocols involves measuring the duration between the transmission of challenge bits by the verifier (V) and the receipt of response bits from the prover (P). The verifier can determine an upper bound on a physical distance, computing the ratio between the round trip delay time and the speed of light. In the context of an attacker involved in mafia fraud, any action taken to relay or transmit messages will inevitably increase the ToF between the prover and verifier. UWB communication emerged as a prominent technology that effectively implements distance-bounding protocols. The LRP mode in particular can detect individual pulses and is an affordable solution to implement a distance-bounding protocol [11]. We refer readers to [35] for a comprehensive analysis of the evolution and security of the distance-bounding protocol.

A. IEEE 802.15.4

The IEEE 802.15.4 task group sequentially released standards for UWB communication as IEEE 802.15.4a [36], 802.15.4f [37], and 802.15.4z [9]. The standards establish the channel bandwidth of 500 MHz within the frequency range of approximately 3–10 GHz for UWB communication. The latest standard, IEEE 802.15.4z [9] introduces the LRP mode and the HRP mode, employing distinct pulse repetition frequencies (PRFs) and modulation schemes. Due to its wide channel bandwidth, the maximum transmitted energy of UWB communication is strictly regulated as -41.3 dBm MHz to mitigate potential interference from concurrent radio communications [9]. The LRP mode utilizes a smaller number of high-power pulses; individual pulses can be easily detected/decoded by receivers, which allows cost-effective implementation. Conversely, the HRP mode employs a large number of low-power pulses, supporting higher data rates. However, due to its low-power individual pulses, multiple pulses must be aggregated to ensure a certain energy level to decode information without error.

An HRP UWB frame comprises several fields, including the preamble, SFD, physical-layer header, and data payload. Each employs distinct modulation schemes to represent physical-layer symbols. Specifically, the physical-layer header and data payload fields leverage a burst position modulation and binary phase-shift keying (BPM-BPSK), the combination of pulse position, and pulse polarity. On the other hand, the STS field employs a binary phase-shift keying (BPSK) modulation, representing “1” and “0” bits as positive and negative polarity pulses, respectively. The STS field incorporates a pseudo-random number derived from a random number generator based on AES-128, as illustrated in Fig. 1. An STS key is securely exchanged between the initiator and responder via alternative communication interfaces (e.g., Bluetooth) and employed as an input to the AES-128 algorithm together with STS data that consists of a 96-bit constant value and a 32-bit counter. This process is repeated 32 times, resulting in the generation of a 4096-bit pseudo-random number. The IEEE standard allows a frame to incorporate multiple STS segments (i.e., long STS field) to enhance the security and processing gain of the ranging system. However, when a transceiver is configured to employ multiple segments, it is not compatible with a legacy UWB frame that does not contain the STS field due to its different configuration parameters. As a result, the COTS devices employ a single segment to provide backward compatibility with the legacy UWB frame.

Fig. 1.

STS generation procedure.

Show All

B. Two-Way Ranging

In the IEEE 802.15.4z standard, HRP UWB ranging incorporates three distinct methods: 1) single-sided two-way ranging (SS-TWR); 2) double-sided two-way ranging (DS-TWR); and 3) TDoA. In this article, we focus specifically on SS-TWR and DS-TWR, which enable distance measurement between two nodes without requiring time synchronization. In both SS-TWR and DS-TWR, the distance estimation is derived by determining the ToF, denoted as $\widehat {T}_{\text {prop}}$ , and multiplying it by the speed of light to obtain distance measurements. ToF represents the time taken by a UWB signal to travel a specific distance. Fig. 2 illustrates the process of distance measurement in the TWR methods. In the SS-TWR method, the initiator triggers a ranging procedure by transmitting a Poll frame to the responder. Subsequently, the responder responds with a Response frame, providing information for $T_{\text {reply}}$ to the initiator node. The initiator measures the time interval, $T_{\text {round}}$ , between its transmission time and the reception time of the Response frame. The initiator computes a distance, $\widehat {d}$ , as follows:

View Source\begin{equation*} \widehat {d} = c{\cdot }\widehat {T}_{\text {prop}}= \frac {c}{2}\left ({{T_{\text {round}} - T_{\text {reply}}}}\right). \tag {1}\end{equation*}

$$\begin{equation*} \widehat {d} = c{\cdot }\widehat {T}_{\text {prop}}= \frac {c}{4}\left ({{T_{\text {round1}} + T_{\text {round2}} - T_{\text {reply1}} - T_{\text {reply2}}}}\right) \tag {2}\end{equation*}$$ View Source\begin{equation*} \widehat {d} = c{\cdot }\widehat {T}_{\text {prop}}= \frac {c}{4}\left ({{T_{\text {round1}} + T_{\text {round2}} - T_{\text {reply1}} - T_{\text {reply2}}}}\right) \tag {2}\end{equation*}

Fig. 2.

Two-way ranging: (a) SS-TWR and (b) DS-TWR.

Show All

1) ToA Measurement:

The ToA indicates the exact moment when a receiver captures a UWB frame. In general, the receiver cross-correlates the received signal with its local template, which contains the identical sequence as the transmitted one. This cross-correlation operation allows the receiver to estimate wireless channel conditions, with the output often referred to as the CIR. Before the IEEE 802.15.4z standard, ToA was determined upon the reception of the SFD field. However, because the SFD field contains a public value, an attacker can easily predict the remaining structure by only observing partial structure. Specifically, the attacker can transmit a valid SFD field earlier than the legitimate SFD field to reduce the ToA measurement (i.e., early detect and late commit (ED/LC) attack) [38]. To enhance the security of the ToA measurement, the standard introduces the STS field that contains unpredictable binary information. In the rest of this article, we consider a receiver that employs the STS field as the designated field for a ToA measurement. In HRP mode, the receiver computes the cross-correlation between the received STS field and its local template as expressed by the following equation [39]:

$$\begin{equation*} \text { CIR}\left [{{\tau }}\right ] = \left ({{{g}_{\text {loc}}\star s}}\right)\left [{{\tau }}\right ] = \sum _{n=0}^{|{g}_{\text {loc}}|-1}\overline {{g}_{\text {loc}}[n]}{\cdot } s\left [{{n+\tau }}\right ] \tag {3}\end{equation*}$$ View Source\begin{equation*} \text { CIR}\left [{{\tau }}\right ] = \left ({{{g}_{\text {loc}}\star s}}\right)\left [{{\tau }}\right ] = \sum _{n=0}^{|{g}_{\text {loc}}|-1}\overline {{g}_{\text {loc}}[n]}{\cdot } s\left [{{n+\tau }}\right ] \tag {3}\end{equation*} where $s[{\cdot }]$ denotes samples from the received STS field. In addition, ${g}_{\text {loc}}[{\cdot }]$ denotes samples from the local template, which incorporates a pseudo-random number generated by the receiver. When the initiator and responder securely exchange a secret key, ensuring that the same pseudo-random number is included in both the received STS field and the local template, only a legitimate device possessing the symmetric key can transmit the correct STS field. In the case of a LoS channel with no obstacles between the transmitter and receiver, a single distinct peak is observed in the cross-correlation [40]. The receiver determines the Time of Arrival (ToA) based on the magnitude of the CIR, which is a complex number. Under LoS conditions, the ToA corresponds to the point where the single maximum peak occurs. However, in real-world scenarios, the presence of multiple distinct peaks in the CIR is commonly observed due to multipath effects that result from signals reaching the receiver through multiple paths. In circumstances like this, the receiver needs to accurately identify the signal that propagated through the direct path. Fig. 3(a) illustrates an example of a multipath channel condition and the corresponding magnitude of the CIR $(|\text {CIR}|)$ . It can be observed that a signal propagated via a reflected path may have a higher strength than a signal transmitted directly. When the receiver only considers the maximum peak of the CIR to determine the ToA, distance measurements can exhibit errors due to the presence of both the reflected and direct paths. Therefore, a back-search algorithm is required to identify the leading edge from the maximum peak. Once the maximum peak is detected in the CIR, the receiver compares it with other peaks within a back-search window that may deviate from the maximum peak. Unfortunately, as back-search algorithms implemented on COTS devices are proprietary. Alternatively, we consider a method that has been widely adopted in recent studies on UWB ranging systems [11], [41], [42], [43]. This method considers two parameters: 1) the maximum peak-to-earlier peak ratio (MPEP) and 2) the peak-to-average power ratio (PAPR) to detect leading edge. The MPEP represents the ratio between the magnitude of the leading-edge candidate and the maximum peak, while the PAPR indicates the ratio between the magnitude of the leading-edge candidate and the average power of the CIR. By applying these parameters, potential leading-edge candidates within the back-search window are determined based on the following condition: $$\begin{equation*} \frac {P_{\max }}{P_{i}}\lt \text { MPEP}\wedge \frac {P_{i}}{P_{\text {rms}}}\gt \text { PAPR} \tag {4}\end{equation*}$$ View Source\begin{equation*} \frac {P_{\max }}{P_{i}}\lt \text { MPEP}\wedge \frac {P_{i}}{P_{\text {rms}}}\gt \text { PAPR} \tag {4}\end{equation*} where $P_{\max }$ represents the magnitude of the maximum peak, $P_{\text {rms}}$ denotes the root mean square of the CIR, and $P_{i}$ corresponds to the magnitude of the ith sample within the back-search window. Consequently, the leading edge is determined to be the first peak among the multiple candidates. Fig. 3(b) presents an example of a CIR with multiple peaks from a multipath channel environment.

Fig. 3.

Back-search scenario: the reflected signal is stronger than the direct signal. (a) Signal propagation path under an NLoS channel. (b) CIR under NLoS channel.

Show All

A. Attacker Model

Attackers are assumed to have the ability to conduct a distance reduction attack by manipulating the STS field of an HRP UWB frame. The fundamental security flaw in verifying the STS is that the cross-correlation method does not verify individual pulses (i.e., bits). A receiver detects a leading edge without integrity verification only if its magnitude exceeds a predefined threshold. As a result, an attacker can generate a fake leading edge in the CIR even when they transmit incorrect bits (i.e., pulses). This fabricated leading edge causes the measured ToA to register earlier than the original ToA from the legitimate leading edge or the maximum peak.

To create this fake leading edge, an attacker needs to be time-synchronized with a legitimate device that is transmitting the targeted UWB frame. The attacker may transmit the preamble field and the SFD field with low power to avoid triggering a new receive event. However, the STS field, which includes an incorrect pseudo-random number $(\text {STS}^{\prime })$ , is transmitted with high power to overshadow the legitimate pulses of the STS field. Fig. 4 illustrates the transmission strategy employed by an attacker, where the preamble field and SFD field are transmitted with low power, followed by the STS field containing the incorrect pseudo-random number $(\text {STS}^{\prime })$ transmitted with high power, aiming to manipulate the ToA.

Fig. 4.

Synchronization with a legitimate frame to overshadow the STS field with high power.

Show All

B. Attack Parameters

We assume the attacker is able to control both power and repetition frequency of attack pulses to overshadow legitimate pulses. Inspired by the Cicada++ attack [25], which introduced the first systematic distance-reduction attack against the HRP UWB ranging system, we consider attack parameter R and k to determine the structure of attack pulses. The parameter, k, represents the relative power of the attack pulse compared to the legitimate pulse. The power of the attack pulses is given by $k{\cdot } p$ , where p denotes the power of the legitimate pulses. In real-world attack scenarios, the value of k can be controlled by adjusting the distance between the attacker’s device and the victim’s device or by increasing the transmission power of the attacker’s device. The parameter, R, represents the relative repetition frequency of attack pulses compared to the legitimate pulses. In other words, when the attack parameters are set as R, the corresponding attack pulses have a PRF of ${}({{\mathrm { PRF}}_{l}}/{R})$ MHz, where ${\mathrm { PRF}}_{l}$ is the PRF of the legitimate STS field. In the Ghost Peak attack, which has been demonstrated on off-the-shelf devices [12], the attack is conducted with $R = 1$ , resulting in all legitimate pulses of the STS field being overshadowed. In Sections VII and VIII, we focus on the Ghost Peak attack scenario where R is fixed at 1, and we vary the value of k to evaluate the attack detection performance of UWB-CA.

A. Probabilistic Model for CIR

Employing discrete random variables, we build a probabilistic model for CIR. This model provides a rationale for attack detection by demonstrating how the attack signal manipulates the distribution of CIR. To simplify understanding of the probabilistic model, we assume that one sample represents one pulse in the STS field. A sample with a positive value is mapped to 1, while a sample with a negative value is mapped to −1. This approach aligns with the mapping of each bit in the STS field to either a positive or negative pulse, as described in Section III. Therefore, elements of $\overline {{g}_{\text {loc}}[n]}$ and ${s}[n+\tau]$ in (3) can be simplified as $\{-1, 1\}\in {s}[n+\tau]$ and $\{-1, 1\}\in \overline {{g}_{\text {loc}}[n]}$ , respectively. Since the STS field includes a pseudo-random number, values from $\overline {{g}_{\text {loc}}[n]}$ and ${s}[n+\tau]$ are 1 or −1 with an equal probability of 0.5. At this point, it is worth noting that an actual CIR value is a complex number. For the simplicity of the probabilistic model, however, we assumed the imaginary part of CIR equals 0. This simplification is possible because we consider no frequency offset between transmitter and receiver. In addition, we also consider the ideal wireless channel condition without a multipath component.

With this assumption, CIR (denoted by $\text {CIR}[\tau]$ ) under the benign scenario can be modeled according to $\tau = 0$ or $\tau \neq 0$ . First, when $\tau = 0$ , the same values from the STS field and the local template are multiplied; accordingly, $\text {CIR}[{0}]$ has a constant value of $|{g}_{\text {loc}}|$ . When $\tau \neq 0$ , each multiplication can be one of four possible cases [i.e., $1\times 1$ , $1\times (-1)$ , $(-1)\times 1$ , and $(-1)\times (-1)$ ]. Therefore, CIR[$\tau$ ] can be represented as

View Source\begin{equation*} \text { CIR}\left [{{\tau }}\right ] = n_{+1} - n_{-1} \tag {5}\end{equation*}

In the Ghost Peak attack scenario, however, attack pulses are modeled as stronger ones amplified by $\sqrt {k} \gt 1$ . We set the amplitude of attack pulse as $\sqrt {k}$ because the power of signal is the sum of the absolute squares. When the attack pulses overshadow to the legitimate pulses, $\overline {{g}_{\text {loc}}[n]}$ and ${s}[n+\tau]$ in (3) can be represented as $\{\sqrt {k}+1, \sqrt {k}-1, -\sqrt {k}+1, -\sqrt {k}-1\}\in {s}[n+\tau]$ and $\{-1, 1\}\in \overline {{g}_{\text {loc}}[n]}$ , respectively. Therefore, there are eight possible cases for the multiplication results between two samples from $\overline {{g}_{\text {loc}}[n]}$ and ${s}[n+\tau]$ but actual outputs become one of the four values (i.e., $\sqrt {k}+1$ , $\sqrt {k}-1$ , $-\sqrt {k}+1$ , and $-\sqrt {k}-1$ ) with an equal probability of 0.25. As a result, in the Ghost Peak attack, the $\text {CIR}[\tau]$ can be represented as

View Source\begin{align*} \text { CIR}\left [{{\tau }}\right ]=& \left ({{\sqrt {k}+1}}\right){\cdot } n_{\sqrt {k}+1} + \left ({{\sqrt {k}-1}}\right){\cdot } n_{\sqrt {k}-1} \\& {}- \left ({{\sqrt {k}-1}}\right){\cdot } n_{-\sqrt {k}+1} - \left ({{\sqrt {k}+1}}\right){\cdot } n_{-\sqrt {k}-1} \tag {6}\end{align*}

B. Analysis

In this section, we demonstrate how UWB-CA is able to detect a distance reduction attack based on the probabilistic model in Section V-A. We build a probability density function (PDF) for $\text {CIR}[\tau]$ employing the Monte Carlo method in each $\tau$ and k. By doing so, we can sample CIR from different distribution of side peak (i.e., CIR$[\tau \neq 0]$ ) depending on the n. Specifically, we set the number of samples in the STS field by 4096 and compute $\text {CIR}[\tau]$ value using n, $\sqrt {k}+1$ , $\sqrt {k}-1$ , $-\sqrt {k}+1$ , and $-\sqrt {k}-1$ that were sampled from the multinomial distribution described in (6) with the probabilities of $n_{k+1}$ , $n_{k-1}$ , $n_{-k+1}$ , and $n_{-k-1}$ are all equal to 0.25. We conduct 10000 iterations in each k. The distribution of $\text {CIR}[\tau]$ when $\tau \neq 0$ is shown in Fig. 5. Since the magnitude of CIR is employed to find a leading edge, the mean and variance of CIR would increase as a power of attack pulses gets stronger. Accordingly, since back-search algorithm finds a leading edge based on the magnitude of the CIR, $|\text {CIR}_{\tau \neq 0}|$ should exceed a certain level of magnitude to be detected a fake leading edge that satisfies the leading edge detection criteria (4). From this analysis, an attacker is required to inject strong attack pulses to create fake leading edge successfully. However, at the same time, it manipulate the distribution of CIR, which enables UWB-CA to detect the attack easily.

Fig. 5.

Distribution of $|\text {CIR}[\tau]|$ from STS field and local template when $\tau \neq 0$ as a function of k.

Show All

A. Preprocessing

In general, an RF signal propagates through the wireless channel and is processed by analog RF hardware, such as an antenna, low-noise amplifier, or filters. We consider an in-phase/quadrature (I/Q) receiver, which is widely used in modern digital communication systems for receiving and processing HRP UWB signals. As depicted in Fig. 7, the real component of a received signal is extracted by mixing the sinusoidal signal (i.e., cosine wave) with a carrier frequency $f_{c}$ , while the imaginary component is extracted by mixing the 90° phase-shifted sinusoidal signal (i.e., sine wave) with the carrier frequency $f_{c}$ . In the end, the squared root sum of the real and imaginary components is sampled via an analog-to-digital converter (ADC) represents the $\text {CIR}[\tau]$ . UWB-CA employs 512 CIR samples for the following feature extraction procedure. Specifically, we employ 383 samples that precede the maximum peak and 128 samples that follow the maximum peak.

Fig. 7.

I/Q receiver.

Show All

B. Feature Extraction

1) CIR-Specific Features:

We extract CIR-specific features that are available during the leading edge detection procedure. First, we extract threshold parameters used to find a leading edge. Since the back-search algorithm finds the leading edge based on the parameters determined by the distribution of CIR, UWB-CA can extract meaningful features that represent channel characteristics from the threshold parameters. In addition, UWB-CA extracts the magnitude of the maximum peak and corresponding leading edge detected by a back-search algorithm. The first four rows in Table I show the CIR-specific features and its description.

TABLE I Features Considered in the Selection, Where $|\text {CIR}[\tau]|$ Is the Magnitude Value in the Time Domain, and N Is the Number of Elements

C. Training and Verification

The core concept of UWB-CA is to train a model based on legitimate signals, which would detect any anomalies or deviations from the established model. In many studies on anomaly and intrusion detection, classification is typically performed using both normal and abnormal class data during the training process. However, considering real-world implementation, generating attack signals that cover all possible attack scenarios and channel environments is impractical. Therefore, we focus on building a model trained exclusively with legitimate signals. Among the various approaches to anomaly detection, we employ one-class classification algorithms. These techniques assume that all training instances belong to a single (i.e., normal) class [58], [59], [60], [61]. This approach allows us to identify data points, such as attack signals, that significantly deviate from the majority of the data, which consists of legitimate signals collected in nonadversarial scenarios. We employ well-known algorithms, such as the one-class support vector machine (OC-SVM) and local outlier factor (LOF). The OC-SVM aims to find a hyperplane in the feature space that maximizes the margin between the data and the legitimate class. On the other hand, the LOF utilizes the concept of local density, meaning the density estimation is based on the distances to the k nearest neighbors. Using a trained model, UWB-CA verifies a newly received STS field by determining whether the output score of model exceeds the threshold or not. When the output score exceeds the threshold, UWB-CA sounds the alarm and the receiver discards the ToA measurement.

A. Pulse Generation

As described in Section VI-A, we consider the I/Q receiver for processing the received HRP UWB signal. The receiver is configured with the default parameters for the simulation with default parameters for an HRP UWB device, as specified in the IEEE 802.15.4z standard [9]. To generate individual pulses, an eighth-order Butterworth filter with a cutoff frequency of 500 MHz is employed. Within the STS field, 4096 BPSK-modulated pulses are included with the PRF of 62.4 MHz. We also consider a clock offset that represents clock difference between the victim and attack devices of up to ±20 parts per million (ppm) as suggested by the IEEE standard [8], [9]. Finally, we assume the sample rate of the receiver’s ADC is 1 GHz, a commonly found value in COTS devices [64].

B. Channel Simulation and ToA Estimation

In the real-world channel, a transmitted RF signal reaches the receiver’s antenna via two or more paths (the so-called multipath effect). When the signals are superimposed due to the multipath effect, the amplitude and phase of the original signal can be distorted. To generate UWB pulses affected by the channel, we employ the IEEE channel model [63] that provides CIRs under LoS and Non-LoS (NLoS) channel conditions in the four different environments. Specifically, the channel model provides eight distinct impulse responses for both LoS and NLoS channels in residential, office, outdoor, and industrial environments. Table II shows the mean and standard deviation of time difference between the maximum peak and corresponding leading edge for each environment. The NLoS channel conditions exhibit larger time differences compared to the LoS channel conditions.

TABLE II Time Difference Between the Maximum Peak and Leading Edge Under Various Channel Conditions

To configure the back-search algorithm, we investigate the combinations of the MPEP and PAPR parameter set that yields the highest precision in ToA measurement. Since the channel model also provides a reference ToA value for each CIR, which allows for accurate evaluation of the ToA measurement. We vary the MPEP from 10 to 25 in increments of 5 and the PAPR from 4 to 10 in increments of 2. We consider it a ranging error case when the time difference exceeded 7 ns, compared to the reference ToA provided by the IEEE channel model. According to (1) and (2), this timing error in the ToA by 7 ns corresponds to a distance reduction of 1.05 and 0.5 m for SS-TWR and DS-TWR, respectively. Considering that commercial HRP UWB devices exhibit a measurement error of approximately 1.5 m under NLoS channel conditions [25], [55], [65], we assume a ToA reduction of less than 7 ns was a tolerable ranging error. Table III presents the ranging error rates for different channel environments. Among the tested parameter combinations (MPEP, PAPR), we identify (10, 4), (10, 6), (10, 8), (15, 8), (20, 8), and (25, 8) as suitable choices for a ToA measurement, exhibiting average ranging error rates of 1.09%, 1.09%, 1.49%, 1.53%, 1.53%, and 1.74%, respectively.

TABLE III Ranging Error Rate (%) Under Different Channel Environments, According to the Combination of MPEP and PAPR

C. ML Algorithm

UWB-CA is designed to detect distance reduction attacks by building a classifier that employs features collected under nonadversarial scenarios. By doing so, UWB-CA can cope with potential distance reduction attacks, which manipulate the CIR. For this purpose, we employ the OC-SVM and LOF algorithm provided by the MATLAB package. In our evaluation, a radial basis function (RBF) is used as a kernel function of OC-SVM. For the LOF, we set the distance metric to Mahalanobis and the number of neighbors to 20, which is also a default value of the MATLAB implementation. To simulate a legitimate STS field under various channel environments, we collect 1000 STS fields for each channel condition while varying the SNR as −10, 0, 10, and 20 dB. During the training phase, we set the number of outliers mixed with the legitimate feature to 1%. As a result, the threshold is set to a value such that there is false alarm rate of 1% in each model. Real-world experiments evaluating the ranging accuracy of the COTS HRP UWB device have shown that a 1% ranging error occurred due to NLoS channel conditions [57].

D. Performance Metrics

An HRP UWB ranging system configured with a maximum communication range, according to the relevant application scenarios—such as the PKES system, indoor positioning, and asset tracking. Usually, the HRP UWB transceivers have a maximum communication range of 100 m [66]. According to the (1), a distance is reduced by 100 m for SS-TWR when the attack reduces a ToA by 666 ns. As a result, an HRP UWB transceiver using SS-TWR may consider a measured distance as abnormal if the reduced amount of the ToA is larger than 666 ns due to the attack. In this case, we do not classify this a successful attack because it causes a denial-of-ranging. At the same time, we assume that a distance reduction attack succeeds if the ToA is reduced by at least 7 ns compared to the nonadversarial scenario (i.e., $\delta \gt {\mathrm {7~\text {n}\text {s} }}$ ). Accordingly, we define two performance metrics to evaluated UWB-CV: 1) distance reduction rate and 2) attack detection rate as follows.

1. Distance Reduction Rate: A rate at which the attacker reduces a ToA larger than 7 ns but less than 666 ns.

2. Attack Detection Rate: A rate at which attacks are detected by UWB-CA only when the attacker successfully accomplishes distance reduction. Therefore, if the attacker fails to reduce the distance, the attack detection rate is not computed.

E. Feature Selection

Excluding inadequate features is essential to enhance the performance of UWB-CA in terms of the attack detection rate, computational overhead, and energy consumption. However, because the feature selection problem is NP-hard, we consider a suboptimal search strategy: we employ the sequential forward feature selection algorithm, in which features are sequentially added to an empty candidate set until the addition of more features does not decrease the criterion [67]. In UWB-CA, we use the criterion as the attack detection rate. Table IV shows the order of selected features. We select the four common features from the results as follows: $\Gamma _{\text {MPEP}}$ , $\Gamma _{\text {PAPR}}$ , skew, and kurt. We note that the selected features are commonly used regardless of ML algorithms.

TABLE IV Selected Features for Attack Detection by Rank

F. Ghost Peak Attack Detection

1) Digital Key Application Scenarios:

We consider an attacker who aims to reduce the distance measurement between a car and a smartphone paired with the “Digital Key” service. We create a realistic attack scenario in which the attacker overshadows the legitimate STS field under the outdoor LoS channel conditions with one of the victim devices (car or smartphone). The attacker’s goal is to deceive the car and make it think the smartphone is in close proximity. When the attack succeeds, then he/she can unlock and steal the car. Figs. 8 and 9 show the attack success rate before and after applying UWB-CA according to the ML algorithm as a function of attack parameter k. It can be seen that different rates for distance reduction depends on the (MPEP, PAPR) parameter set. For instance, in Fig. 8(a), the distance reduction rate increases up to $\approx 90\%$ when a PAPR of 4 is employed. Similarly, in Fig. 8(b), the distance reduction rate increases up to $\approx 60\%$ when a PAPR of 6 is employed. This is because strong attack pulses increase the variation of CIR and the receivers with a lower PAPR are more likely to detect these fake leading edges. As shown in Table III, the receiver configured with PAPR values of 4 and 6 show the most precise ranging capabilities. Based on the results, we observe that receivers with precise ranging capabilities (i.e., lower PAPR values) are more vulnerable to distance reduction attacks. This results aligns with previous research conducted by Singh et al. [25], which suggests that a receiver exhibiting higher precision is more vulnerable to distance reduction attacks.

Fig. 8.

Success rate of distance reduction before and after applying the LOF, including the attack detection rate (%) as a function of attack pulse power: (10, 4) indicates MPEP and PAPR are set to 10 and 4, respectively. (a) (10, 4). (b) (10, 6). (c) (10, 8). (d) (15, 8). (e) (20, 8). (f) (25, 8).

Show All

Fig. 9.

Success rate of distance reduction before and after applying OC-SVM, including the attack detection rate (%) as a function of attack pulse power: (10, 4) indicates MPEP and PAPR are set to 10 and 4, respectively. (a) (10, 4). (b) (10, 6). (c) (10, 8). (d) (15, 8). (e) (20, 8). (f) (25, 8).

Show All

On the other hand, as can be seen in Fig. 8(c) and (f), a receiver with a higher PAPR (i.e., PAPR of 8) is less likely to detect a fake leading edge. However, when the k is around 30 dB, the distance reduction rate increases up to 8% in all (MPEP, PAPR) parameter sets. In terms of attack detection, the LOF had a higher attack detection rate compared to the OC-SVM. When the attack parameter k is less than 10 dB, the attack success rate is much smaller after applying UWB-CA. This is because when the weak attack pulses create a fake leading edge, the distribution of manipulated CIR is not distinct enough to be considered an attack compared to the legitimate CIR. However, when the attack parameter k is larger than 15 dB, both models begin to effectively detect the attack. For a PAPR of higher value (i.e., PAPR of 8), the best case results in the attack success rate decreasing to $\approx$ 1% in both models. When the attack parameter k is less than 5 dB, the attacker can bypass UWB-CA, but the attack success rate is still small. This is because the model in unable to distinguish feature variations due to the low SNR of the small attack parameter k. However, the best attack success rate against the LOF and OC-SVM is 0.4% and 1.9%, respectively. From these result, we conclude that UWB-CA can effectively detect a ghost peak attack under an outdoor channel when there is a receiver configured with a higher PAPR value.

2) Various Channels:

For the stealthiness of attack, an attacker may prefer to inject attack pulses under NLoS channels with victim devices, especially when attempting something like stealing a car. To extend the performance evaluation under various channel conditions, we further consider the channel conditions between the victim devices (i.e., initiator or responder) as well as the channel conditions between the victim devices and the attack device. Using the IEEE channel model, we consider both the LoS and NLoS channels in four different environments described in Table II. As a result, there are four possible channel conditions between the victim device and the attack device in each environment: LoS-LoS, LoS-NLoS, NLoS-LoS, and NLoS-NLoS. As noted in Section VII-C, we generate attack pulses 1000 times per channel and parameter k. For each iteration, we randomly select the CIR from the channel model. Additionally, we set the SNR between the initiator and responder to 10 dB. Tables V and VI show the distance reduction rate before and after applying UWB-CA with the attack detection rate (%). For example, each row indicates the channel condition between the victim device (i.e., initiator) and the attacker. In addition, the corresponding column indicates the channel condition between two victim devices (i.e., initiator and responder). As can be seen in Tables V and VI, the attacker achieves a lower distance reduction rate when he/she mounts the attack under an NLoS channel with a victim device, compared to a LoS channel. In other words, the attacker can inject attack pulses outside the victim’s line of sight but faces a disadvantage in terms of successful distance reduction.

TABLE V Average 1) Distance Reduction Without UWB-CA; 2) Attack Detection Rate; and 3) Distance Reduction Rate (%) With the LOF According to Channel Conditions Between the Victim Device and Attack Device

TABLE VI Average 1) Distance Reduction Rate Without UWB-CA; 2) Attack Detection Rate; and 3) Distance Reduction Rate (%) With OC-SVM According to the Channel Condition Between Victim Device and Attack Device

3) Feature Importance:

We conduct the forward feature selection procedure again according to the attack parameter k. Different from the feature selection procedure conducted in Section VII-E, we limit the feature set to selected features and conduct the forward feature selection again. Tables VII and VIII show the rank of individual features by attack parameter k. For the OC-SVM, the PAPR feature shows the highest contribution regardless of k.

TABLE VII Feature Importance of an LOF Algorithm as a Function of Attack Parameter k

TABLE VIII Feature Importance of the OC-SVM Algorithm as a Function of Attack Parameterk

A. CIR Collection

We employ two nRF52840-DK boards with Qorvo DWM3000 modules to implement an initiator and responder. The Qorvo DWM3000 provide the API software, which enables users to collect diagnostic information during the ranging. Unlike previous studies [12], [26], [55], [65], [68], in which DWM3000 was employed to evaluate the performance in terms of ranging accuracy, energy consumption, and reliability, UWB-CA analyzes the raw CIR samples to verify a received STS field. We employ the dwt_readaccdata API function to collect actual CIR samples computed at the receiver. The DWM3000 collects a number of 512 CIR samples, which is the same number of samples used for feature extraction in previous evaluations (Section VII). We consider three relevant application scenarios: 1) indoors; 2) in an underground parking lot; and 3) in an outdoor parking lot. These are shown in Fig. 10. The initiator and responder are configured to conduct SS-TWR to measure the physical distance between them. The indoor channel is considered for tracking assets. The underground/outdoor parking lot considered for Digital Key application scenarios, i.e., when the driver locks/unlocks the car. The initiator is placed on tripod in a static position while the responder is placed on a tripod in a static scenario but carried by a human for a moving scenario. We collect 1000 CIRs under both static and moving scenarios in each environment and extract selected features for attack detection. Fig. 11 shows a distribution of distance measurements for collecting actual CIRs. At this point, we note that the CIR-specific feature, $\Gamma _{\text {PAPR}}$ , is unavailable in real-world experiments since back-search parameters employed in DWM3000 are proprietary intellectual property. Therefore, in real-world experiments, we employ the rms feature since the $\Gamma _{\text {PAPR}}$ feature is the multiplication between an actual rms value with the back-search parameter PAPR (4). The rms and the magnitude of maximum peak were extracted by employing the dwt_readdiagnostics function provided by DWM3000. Other statistical features, such as skew and kurt, were additionally computed by UWB-CA from the CIRs. For the attack detection, as in previous experiments, UWB-CA build anomaly detection models and set the threshold with the assumption that FPR is 1%.

Fig. 10.

Real-world channel environment for collecting actual CIRs. (a) Indoor office. (b) Underground parking lot. (c) Outdoor parking lot.

Show All

Fig. 11.

Distributions of distance measurements by channel environment. (a) Indoor office. (b) Underground parking lot. (c) Outdoor parking lot.

Show All

B. Ghost Peak Attack Detection

Besides the initiator and responder, another NUCLEO-Z429 board with the Qorvo DWM3000 module is employed to implement the attack device. Following the attack procedure described in [12], we implement the attack device to overshadow a legitimate STS field transmitted by the responder. The distance between the attack device and the initiator is set to 1 m. We then configure the initiator to collect both CIRs and diagnostic data to determine the success of the attack. We consider the attack as successful when the index of the leading edge is less than 7 ns in comparison to the legitimate case. In addition, we only consider an attack as successful when the stsQuality measured in the DWM3000 module is a positive value. According to the DWM3000 API, when stsQuality has a negative value, the UWB chip registers a ranging error and discards the ToA measurement. We conduct overshadowing attacks 800 times, and the distance reduction rate was computed by 4.47%. With the OC-SVM algorithm, UWB-CA detects the distance reduction attack with the 99.74% attack detection rate, which implies the attacker can bypass UWB-CA with a probability of 0.01%. With the LOF algorithm, UWB-CA detects the attack with the 99.48% attack detection rate, which implies the attacker can bypass UWB-CA with a probability of 0.02%. From these results, we conclude that UWB-CA can effectively detect the distance reduction rate while simultaneously maintaining a low false alarm rate.

C. Computational Overhead and Power Consumption

We implement feature extraction and attack detection model on the nRF52840-DK board. The board is integrated with the 32-bit ARM Cortex-M4 processor with a 64-MHz clock cycle. Table IX shows the execution time for feature extraction and verification on the nRF52840-DK board. Through our evaluation, we repeat each execution 100 times and calculate the average time. In the results, the preprocessing procedure causes the most processing delay. This is because the dwt_readaccdata function accesses registers that contains the CIR samples and converts the data to a complex number. The rms and MP feature extracted by the dwt_readdiagnostics function also access registers that contain the information. To implement OC-SVM for the verification procedure, we first use Python code provided by scikit-learn and then convert that to C-language by employing the micromlgen repository [69]. In our evaluation, 40–50 support vectors were observed during the training phase. We could not measure the processing delay of the LOF since no C-language implementation of an LOF was available. However, as the LOF model is based on pair-wise distance computation, we expect a large amount of hardware resources would be required to store features and compute distances. From preprocessing to verification, verify a newly received STS field causes a $\approx {\mathrm {3~\text {m}\text {s} }}$ additional delay. This computational overhead is practically acceptable when it comes to a ranging cycle, generally defined as 10–100 ms. It is known that COTS devices, such as the AirTag and SmartTag, have the nRF52832 SoC chipset built-in Arm Cortex-M4 processor [70], [71], [72], [73], and UWB-CA can effectively detect a distance reduction attack in these current COTS devices. Therefore, we conclude that UWB-CA can be implemented without hindering a ranging cycle in the current HRP UWB system.

TABLE IX Execution Time According to Detection Phases

To understand how much power UWB-CA requires, we employ a power monitoring device [74] to measure the average power before and after implementing UWB-CA on the nRF52840-DK board with Qorvo DWM3000 module. The power monitor measures the average current and voltage with the sample rate of 500 Hz. Since UWB-CA is implemented in the initiator in the SS-TWR scenario, we power the initiator using the power monitoring device and measured the power consumption. Before applying UWB-CA, during the SS-TWR, the average power consumption of the nRF52840-DK board was 689.34 mW. After applying UWB-CA, the average power consumption of the nRF52840-DK board was 701.19 mW. This result shows that UWB-CA increases can induce a power consumption of 1.72% during the SS-TWR.