What is it about?

We evaluated the distance decreasing attacks on phase-based ranging systems in this work. We assessed the effectiveness of the attack in a multipath environment using simulations and hardware implementation. We presented an attacker model that can spoof any distance between the anchor and the tag, even in a non-direct path setting. Possible countermeasures and their limitations are also discussed.

Featured Image

Why is it important?

Due to their low complexity, low-cost implementation, and compatibility with existing transceivers, phase-based ranging systems are widely deployed. They are also used in security-critical applications such as RFID, smart access cards, and key fobs. Since proximity detection relies on the physical properties of the radio frequency signal, such as phase, they are vulnerable to attacks. Evaluation of the attack scenarios and their mitigation is of critical importance.


The goal of writing this article is to demonstrate a distance decreasing attack on a phase-based ranging system. A threat model is implemented in hardware that supports the simulation results. It is interesting to note that the attacker can choose any distance that is measured by the anchor without the knowledge of communication protocol. Moreover, the attack is effective even if it is not located in the direct line of sight.

Arslan Riaz
Boston University

Read the Original

This page is a summary of: Security Assessment of Phase-Based Ranging Systems in a Multipath Environment, ACM Journal on Emerging Technologies in Computing Systems, October 2022, ACM (Association for Computing Machinery), DOI: 10.1145/3517809.
You can read the full text:



The following have contributed to this page