"Location services are foreseen as one of the major IoT features in the next years, and have gained a lot of interest over the last decade from the literature of Wireless Sensors Networks, (WSN) and Vehicular Ad Hoc Networks (VANet). Impulse-Radio Ultra-Wideband (UWB), standardized in IEEE 802.15.4-2003, is currently the most performant radio positioning technology with centimeter-level accuracy and is used widely in industrial applications.
It has been proven in the literature that UWB positioning is not completely tamper-proof, as various physical and link layers vulnerabilities have been identified in 802.15.4. Most of the major attacks against IR-UWB are physical-level attacks, such as Early-Detection/Late-Commit (ED/LC). Considering their cost, complexity, and sometimes lack of maturity, they are not necessarily the most realistic attacks against cheap IoT systems. On the other hand, protocol-level flaws expose IR-UWB positioning against attacks that can be mounted with limited expertise and cheap hardware.
Hence, the aim of this work is to identify the most critical vulnerabilities of 802.15.4 IR-UWB, evaluate real-world attacks against UWB IPS and propose low-cost countermeasures suitable for IoT applications. An open platform for IR-UWB positioning security evaluation, SecureLoc, is part of the contributions.
We propose and evaluate various spoofed acknowledgment-based attack schemes against IR-UWB. Several countermeasures, at the physical, medium access control and system level, are proposed, including notably a novel weak PUF-based authentication protocol, a spoofing resilient acknowledgment scheme, a tamper-proof ranging approach, and a cooperative verification protocol for rogue node detection.
All the proposed attacks and countermeasures have been implemented and evaluated on SecureLoc."