Presentation is loading. Please wait.

Presentation is loading. Please wait.

Relay Threat Model for TGaz

Published byLoraine Rose Modified over 5 years ago

Similar presentations

Presentation on theme: "Relay Threat Model for TGaz"— Presentation transcript:

1 Relay Threat Model for TGaz
Month Year doc.: IEEE yy/xxxxr0 July 2017 Relay Threat Model for TGaz Date: Authors: Name Affiliations Address Phone Wei Wang Google Inc. Roy Want Roy Want et al., Google Inc John Doe, Some Company

2 Month Year doc.: IEEE yy/xxxxr0 July 2017 Abstract The relay threat model occurs when two attackers collaborate to fake the distance between two stations, making them appear closer than they really are. 11az should be resilient to a relay attack in both associated and unassociated modes. Roy Want et al., Google Inc John Doe, Some Company

3 Month Year doc.: IEEE yy/xxxxr0 July 2017 Background Wireless Relay Attacks have been used to defeat wireless car locks and pose a real threat to property Attacker Box A Near Owner Attacker Box B Near Car Bridging the gap Roy Want et al., Google Inc John Doe, Some Company

4 Mitigating Relay Attacks
Month Year doc.: IEEE yy/xxxxr0 July 2017 Mitigating Relay Attacks Using range and location can be a good defense against relay attacks, assuming that the range/location of each party can be validated. Roy Want et al., Google Inc John Doe, Some Company

5 Applications using RTT range for secure operation
Month Year doc.: IEEE yy/xxxxr0 July 2017 Applications using RTT range for secure operation Associated (with prior shared keys) Building door locks Car door locks Document access (e.g. only at work) Cloud Service Access (e.g. only within home) Unassociated (no prior shared keys) Proof of presence at a location Proximity transfer of a redeemable wireless coupon Control of a public IoT device with a wireless token Roy Want et al., Google Inc John Doe, Some Company

6 Ranging in 11mc FTM_Req Ack FTM t1
Month Year doc.: IEEE yy/xxxxr0 July 2017 Ranging in 11mc FTM RESPONDER MOBILE FTM_Req Ack t1 FTM Distance (d) can be used to verify a condition: d < [opening criterion], But ONLY if you can trust it. t2 Ack t3 t4 FTM(t4- t1) Ack Roy Want et al., Google Inc John Doe, Some Company

7 Relay Attack #1: Faking a Range in 11mc
Month Year doc.: IEEE yy/xxxxr0 July 2017 Relay Attack #1: Faking a Range in 11mc Attacker Box A Attacker Box B MOBILE FTM RESPONDER FTM_Req FTM_Req_Ack t1 FTM t2 ‘ t1 ‘ t2 t3 ‘ Ack t3 t4 t4’ FTM(t4- t1) FAKE (t4- t1) Roy Want et al., Google Inc John Doe, Some Company

8 Relay Attack #2: Faking a Range in 11mc
Month Year doc.: IEEE yy/xxxxr0 July 2017 Relay Attack #2: Faking a Range in 11mc Attacker Box A Attacker Box B MOBILE FTM RESPONDER FTM_Req FTM_Req_Ack t1 FTM t2 ‘ t1 ‘ t2 FAKE (Ack) t3 ‘ t4 t3 Ignore t4’ FTM(t4- t1) FTM (t4- t1) VALID_SIG Roy Want et al., Google Inc John Doe, Some Company

9 11az Authentication can prevent a relay attack if…
Month Year doc.: IEEE yy/xxxxr0 July 2017 11az Authentication can prevent a relay attack if… each packet is authenticated there is a shared symmetric key Roy Want et al., Google Inc John Doe, Some Company

10 July 2017 What about the unassociated mode in 11az as there are likely no shared keys via AP association? But unassociated modes are useful for: Proof of presence at a location Proximity transfer of a redeemable wireless coupon Control of a public IoT device with a wireless token Solutions Ref: r1 (Qi Wang et al., Broadcom) “FTM Security in Associated and Un-associated States” Ref: r0 (Naveen Kakani et al., Qualcomm) “FTM Frame Exchange Authentication” Roy Want et al., Google Inc

11 Separation of Concerns
July 2017 Separation of Concerns CLOUD SERVICE CHECKS IF X1 = X2, THERE IS NO RELAY ATTACK APP/OS APP/OS 11az 11az DERIVED X1 Relay Attack DERIVED X2 Roy Want et al., Google Inc

12 Relay Attack Defense without Shared Keys
July 2017 Relay Attack Defense without Shared Keys FTM RESPONDER MOBILE t1 FTM + Nonce-A t2 t4 (Ack + Nonce-B) t3 FTM(t4- t1) + Nonce-AB Verify AB + (t4-t1) at APP Level Verify AB + (t4-t1) at APP Level Roy Want et al., Google Inc

13 Simplified relay attack solution for unassociated 11az
July 2017 Simplified relay attack solution for unassociated 11az FTM RESPONDER Attacker Box A Attacker Box B MOBILE FTM_Req FTM_Req_Ack t1 FTM + Nonce-A t2’ t1’ (Ack + Nonce-X) FTM + Nonce-A t3’ generated t4 t2 Ack + Nonce-B ignored t4’ t3 FTM(t4- t1) + Nonce-AX FTM (t4- t1) + Nonce-AB Verify AB + (t4-t1) at APP Level Verify AB + (t4-t1) at APP Level Roy Want et al., Google Inc

14 July 2017 Conclusion If encryption is not supported in the FTM negotiation - because of silicon complexity - because of interaction time - because of power consumption Then range integrity can still be obtained by making the 2 nonces + (t4-t1) accessible to the App layer At the expense of having the range data overheard [which may not be a problem in many use cases]. Roy Want et al., Google Inc

15 July 2017 Straw Poll 11az protocol shall support a mode where range integrity can be obtained without authentication and encryption protecting against type A adversaries. Y: N: A: 7 Roy Want et al., Google Inc

16 July 2017 Motion Move to adopt the functional requirement depicted below, and instruct the FRD editor to include it in the FRD under section 2.1.6, in a subsection dealing with ranging integrity without cryptography, and give editorial license. “11az protocol shall support a mode where range integrity can be obtained without authentication and encryption protecting against type A adversaries.” Mover: Roy Want Seconder: SK Yong Y: N: A: 2 Roy Want et al., Google Inc

17 Month Year doc.: IEEE yy/xxxxr0 July 2017 References r1 (Qi Wang et al., Broadcom) “FTM Security in Associated and Un-associated States” r0 (Naveen Kakani et al., Qualcomm) “FTM Frame Exchange Authentication” Radio attack lets hackers steal 24 different car models Roy Want et al., Google Inc John Doe, Some Company

Download ppt "Relay Threat Model for TGaz"

Similar presentations

Doc.: IEEE 802.11-07/2778r1 Submission November 2007 Sandra Qin et al., SamsungSlide 1 Content Protection Support in 802.11 Date: 2007-11-12 Authors:

Doc.: IEEE /2778r1 Submission November 2007 Sandra Qin et al., SamsungSlide 1 Content Protection Support in Date: Authors:
PHY Security FRD and SRD Text

PHY Security FRD and SRD Text
Content Protection Support in

Content Protection Support in
Proposed Functional Requirements for 11az

Proposed Functional Requirements for 11az
Authentication and Upper-Layer Messaging

Authentication and Upper-Layer Messaging
Security for location determination at a Public Domain

Security for location determination at a Public Domain
Security Enhancement to FTM

Security Enhancement to FTM
Resource Negotiation for Unassociated STAs in MU Operation

Resource Negotiation for Unassociated STAs in MU Operation
Trigger Frame Format for az

Trigger Frame Format for az
PHY Security FRD and SRD Text

PHY Security FRD and SRD Text
Passive Location Date: Authors: March 2017

Passive Location Date: Authors: March 2017
CP-replay Threat Model for 11az

CP-replay Threat Model for 11az
Relay Threat Model for TGaz

Relay Threat Model for TGaz
Locationing Protocol for 11az

Locationing Protocol for 11az
Broadcast Service on WLAN

Broadcast Service on WLAN
Security for location determination at a Public Domain

Security for location determination at a Public Domain
Triggering the Broadcast Probe Response

Triggering the Broadcast Probe Response
Broadcast Service on WLAN

Broadcast Service on WLAN
Protected LTF Using PMF in SU and MU Modes

Protected LTF Using PMF in SU and MU Modes
Month Year doc.: IEEE yy/xxxxr0 July 2015

Month Year doc.: IEEE yy/xxxxr0 July 2015

Similar presentations

Ads by Google