Message Time of Arrival Codes: A Fundamental Primitive for Secure Distance Measurement
This work addresses security vulnerabilities in distance measurement systems for applications like contactless payments and keyless entry, though it appears incremental by building on existing protocols and standards.
The paper tackles the problem of secure Time-of-Arrival (ToA) measurement by introducing Message Time of Arrival Codes (MTACs) as a fundamental primitive, enabling formal security definitions and a unified analysis of existing methods while addressing unaddressed attacks and exploring security-performance tradeoffs.
Secure distance measurement and therefore secure Time-of-Arrival (ToA) measurement is critical for applications such as contactless payments, passive-keyless entry and start systems, and navigation systems. This paper initiates the study of Message Time of Arrival Codes (MTACs) and their security. MTACs represent a core primitive in the construction of systems for secure ToA measurement. By surfacing MTACs in this way, we are able for the first time to formally define the security requirements of physical-layer measures that protect ToA measurement systems against attacks. Our viewpoint also enables us to provide a unified presentation of existing MTACs (such as those proposed in distance-bounding protocols and in a secure distance measurement standard) and to propose basic principles for protecting ToA measurement systems against attacks that remain unaddressed by existing mechanisms. We also use our perspective to systematically explore the tradeoffs between security and performance that apply to all signal modulation techniques enabling ToA measurements.