Security Evaluation with an Indoor UWB Localization Open Platform: Acknowledgment Attack Case Study

Abstract

Indoor localization is a growing field of the Internet of Things (IoT) which is used in various sensitive applications such as manufacturing chain optimization or location-based authentication. Localization protocols rely on physical properties of the transmitted signals, such as Time-of-Flight or Received Signal Strength, which can be altered or impersonated by various types of attacks. Therefore, classical encryption techniques cannot guarantee the security of these localization protocols. Most off-the-shelf positioning platforms do not address the flaws related to localization. In addition, designers have a limited access to the various protocols, filters and algorithms involved in the localization chain, which poses a considerable obstacle to propose security solutions. This paper presents a prototyping platform called SecureLoc, open at every layer, for evaluating secure indoor localization methods based on Ultra-Wide Band Impulse Response (UWB-IR) technology, with respect to the cost and integration constraints of the IoT. We show the potential of SecureLoc for security evaluation and countermeasures through the case study of a spoofed acknowledgment attack. A novel analysis and evaluation of this attack is proposed. The robustness of SecureLoc localization chain against this attack is evaluated. Insights on future enhancements of this attack and possible low-cost countermeasures are provided.