Bernhard Etzlinger

Bernhard Etzlinger, Florian Meyer, Franz Hlawatsch et al.

Cooperative localization in agent networks based on interagent time-of-flight measurements is closely related to synchronization. To leverage this relation, we propose a Bayesian factor graph framework for cooperative simultaneous localization and synchronization (CoSLAS). This framework is suited to mobile agents and time-varying local clock parameters. Building on the CoSLAS factor graph, we develop a distributed (decentralized) belief propagation algorithm for CoSLAS in the practically important case of an affine clock model and asymmetric time stamping. Our algorithm allows for real-time operation and is suitable for a time-varying network connectivity. To achieve high accuracy at reduced complexity and communication cost, the algorithm combines particle implementations with parametric message representations and takes advantage of a conditional independence property. Simulation results demonstrate the good performance of the proposed algorithm in a challenging scenario with time-varying network connectivity.

Nikola Antonijević, Bernhard Etzlinger, Dave Singelée et al.

Ranging and localisation have become critical for many applications and services. The Wi-Fi (IEEE 802.11) standard is a natural candidate for providing these functions across diverse environments, given its widespread deployment. The IEEE 802.11az amendment, finalised in 2023, introduces "Next Generation Positioning" mechanisms to secure and harden the existing insecure Wi-Fi Fine Timing Measurement (FTM) ranging solution. Moreover, the recent IEEE 802.11bk amendment increases the available bandwidth with the goal of approaching the centimetre-level ranging accuracy of ultra-wideband (UWB) systems. This paper examines to what extent these promises hold from a security and deployability perspective. We analyse the core mechanisms of secure Wi-Fi ranging as defined in IEEE 802.11az and IEEE 802.11bk at both the logical and physical layers, combining standards analysis with simulations and measurements on commercial and development hardware. At the logical layer, we show how common deployment choices can result in unauthenticated ranging, downgrade attacks, and simple denial-of-service attacks, making it difficult to securely realise many high-stakes use cases. At the physical layer, we study the predictability of secure ranging waveforms, the security impact of symbol repetition, and how waveform design choices affect compliance with spectral masks under realistic RF behaviour. Our results show that secure Wi-Fi ranging is highly sensitive to configuration choices and is non-trivial to implement on existing hardware. This is also evidenced by the currently limited support for secure Wi-Fi ranging in commodity devices. This paper provides practical guidelines for using secure FTM safely and recommendations to vendors and standardisation bodies to improve its robustness and deployability.

Bernhard Etzlinger, Barbara Nußbaummüller, Philipp Peterseil et al.

Mobile contact tracing apps are -- in principle -- a perfect aid to condemn the human-to-human spread of an infectious disease such as COVID-19 due to the wide use of smartphones worldwide. Yet, the unknown accuracy of contact estimation by wireless technologies hinders the broader use. We address this challenge by conducting a measurement study with a custom testbed to show the capabilities and limitations of Bluetooth Low Energy (BLE) in different scenarios. Distance estimation is based on interpreting the signal pathloss with a basic linear and a logarithmic model. Further, we compare our results with accurate ultra-wideband (UWB) distance measurements. While the results indicate that distance estimation by BLE is not accurate enough, a contact detector can detect contacts below 2.5 m with a true positive rate of 0.65 for the logarithmic and of 0.54 for the linear model. Further, the measurements reveal that multi-path signal propagation reduces the effect of body shielding and thus increases detection accuracy in indoor scenarios.

Amr Alanwar, Bernhard Etzlinger, Henrique Ferraz et al.

Research evidence in Cyber-Physical Systems (CPS) shows that the introduced tight coupling of information technology with physical sensing and actuation leads to more vulnerability and security weaknesses. But, the traditional security protection mechanisms of CPS focus on data encryption while neglecting the sensors which are vulnerable to attacks in the physical domain. Accordingly, researchers attach utmost importance to the problem of state estimation in the presence of sensor attacks. In this work, we present SecSens, a novel approach for secure nonlinear state estimation in the presence of modeling and measurement noise. SecSens consists of two independent algorithms, namely, SecEKF and SecOPT, which are based on Extended Kalman Filter and Maximum Likelihood Estimation, respectively. We adopt a holistic approach to introduce security awareness among state estimation algorithms without requiring specialized hardware, or cryptographic techniques. We apply SecSens to securely localize and time synchronize networked mobile devices. SecSens provides good performance at run-time several order of magnitude faster than the state of art solutions under the presence of powerful attacks. Our algorithms are evaluated on a testbed with static nodes and a mobile quadrotor all equipped with commercial ultra-wide band wireless devices.