US20220104019A1 - Secure Channel Estimation Architecture - Google Patents
Secure Channel Estimation Architecture Download PDFInfo
- Publication number
- US20220104019A1 US20220104019A1 US17/549,517 US202117549517A US2022104019A1 US 20220104019 A1 US20220104019 A1 US 20220104019A1 US 202117549517 A US202117549517 A US 202117549517A US 2022104019 A1 US2022104019 A1 US 2022104019A1
- Authority
- US
- United States
- Prior art keywords
- wireless signal
- preamble
- wireless
- signal
- channel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012937 correction Methods 0.000 claims description 20
- 238000012545 processing Methods 0.000 claims description 19
- 238000000034 method Methods 0.000 claims description 16
- 238000001914 filtration Methods 0.000 claims description 9
- 230000005670 electromagnetic radiation Effects 0.000 claims description 4
- 230000002596 correlated effect Effects 0.000 claims 1
- 230000003111 delayed effect Effects 0.000 claims 1
- 238000001514 detection method Methods 0.000 claims 1
- 238000004891 communication Methods 0.000 abstract description 10
- 230000004044 response Effects 0.000 abstract description 10
- 239000003999 initiator Substances 0.000 description 43
- 238000010586 diagram Methods 0.000 description 22
- 230000001413 cellular effect Effects 0.000 description 5
- 230000006399 behavior Effects 0.000 description 4
- 238000004519 manufacturing process Methods 0.000 description 4
- 238000003860 storage Methods 0.000 description 4
- 101150012579 ADSL gene Proteins 0.000 description 2
- 229920001621 AMOLED Polymers 0.000 description 2
- 102100020775 Adenylosuccinate lyase Human genes 0.000 description 2
- 108700040193 Adenylosuccinate lyases Proteins 0.000 description 2
- 101100127285 Drosophila melanogaster unc-104 gene Proteins 0.000 description 2
- 230000002238 attenuated effect Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- WHXSMMKQMYFTQS-UHFFFAOYSA-N Lithium Chemical compound [Li] WHXSMMKQMYFTQS-UHFFFAOYSA-N 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 229910052744 lithium Inorganic materials 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 229920000642 polymer Polymers 0.000 description 1
- 238000003825 pressing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01S—RADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
- G01S11/00—Systems for determining distance or velocity not using reflection or reradiation
- G01S11/02—Systems for determining distance or velocity not using reflection or reradiation using radio waves
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01S—RADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
- G01S11/00—Systems for determining distance or velocity not using reflection or reradiation
- G01S11/02—Systems for determining distance or velocity not using reflection or reradiation using radio waves
- G01S11/06—Systems for determining distance or velocity not using reflection or reradiation using radio waves using intensity measurements
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01S—RADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
- G01S5/00—Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
- G01S5/02—Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
- G01S5/0205—Details
- G01S5/0215—Interference
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01S—RADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
- G01S5/00—Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
- G01S5/02—Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
- G01S5/0273—Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves using multipath or indirect path propagation signals in position determination
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01S—RADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
- G01S5/00—Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
- G01S5/02—Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
- G01S5/0278—Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves involving statistical or probabilistic considerations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/14—Direct-mode setup
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01S—RADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
- G01S5/00—Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
- G01S5/02—Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
- G01S5/0205—Details
- G01S5/0218—Multipath in signal reception
Definitions
- This disclosure relates to systems and methods for securely identifying a wireless channel in a shortest free-space path between a transmitting device and a receiving device.
- Many electronic devices such as smartphones and computers, include antennas that are used for various forms of wireless communication. Some electronic devices may benefit from determining an accurate estimate of proximity to another electronic device using wireless signals. This may be accomplished by calculating a time-of-flight estimation for a wireless signal sent over a wireless channel of the shortest free-space path between a transmitting device and a receiving device.
- a simple way to determine the wireless channel of the shortest free-space path involves identifying the wireless channel between the receiving device and the transmitting device that provides the strongest signal. However, the strongest signal may not always represent the shortest free-space path between the receiving device and the transmitting device.
- an obstruction such as a person—may be positioned in the shortest free-space path between the receiving device and the transmitting device.
- identifying the shortest free-space path may involve identifying the wireless channel with the signal having the earliest arrival time.
- the signal from the transmitting device may include a defined preamble that can be used to determine which of the possible channels provides the earliest signal, even if the earliest signal is not the strongest signal. While this may allow the receiving device to accurately identify the proximity to the transmitting device in many cases, an attacker could provide a spoofed signal using the defined preamble. The spoofed signal could appear, from the perspective of the receiving device, to be earlier than the signal from the actual shortest free-space path. In this way, an attacker could cause the receiving device to misidentify the shortest free-space path between the receiving device and the transmitting device, which could thereby cause the receiving device to calculate a false proximity.
- this disclosure provides several architectures that use both a preamble and a shared secret. Indeed, since a universally defined, plaintext preamble could be spoofed by an attacker, the systems and methods of this disclosure do not rely exclusively on a universally defined preamble to determine a shortest free-space path between a transmitting device and a receiving device. Instead, the transmitting device may send a signal that includes both a defined preamble and a cryptographically secure shared secret. Even if the attacker spoofs the preamble, the attacker may not be able to spoof the shared secret. As such, while the preamble may assist the receiving device in determining the earliest signal, and therefore the signal received over the wireless channel in the shortest free-space path, the receiving device may also rely on the shared secret.
- the receiving device may use the shared secret differently according to different architectures.
- the preamble and the shared secret may be used together to perform channel estimation for identifying the wireless channel in the shortest free-space path to the transmitting device.
- the preamble may be defined specifically to enable identifying the earliest signal
- the shared secret may not be as effective as the preamble for this purpose.
- the receiving device may use the preamble to identify the earliest signal, while using the shared secret to identify the attacker signal that lacks the correct shared secret present in the signals from the transmitting device. Having identified the attacker signal, the receiving device may filter away the attacker signal.
- the receiving device may estimate the wireless channel of the shortest free-space path using the preambles of the remaining non-attacker signals. In this way, a true wireless channel of the shortest free-space path between the transmitting device and the receiving device may be identified, even in the presence of an attacker.
- FIG. 1 is a schematic block diagram of an electronic device, in accordance with an embodiment
- FIG. 2 is a perspective view of a notebook computer representing an embodiment of the electronic device of FIG. 1 , in accordance with an embodiment
- FIG. 3 is a front view of a hand-held device representing another embodiment of the electronic device of FIG. 1 , in accordance with an embodiment
- FIG. 4 is a front view of another hand-held device representing another embodiment of the electronic device of FIG. 1 , in accordance with an embodiment
- FIG. 5 is a front view of a desktop computer representing another embodiment of the electronic device of FIG. 1 , in accordance with an embodiment
- FIG. 6 is a front view and side view of a wearable electronic device representing another embodiment of the electronic device of FIG. 1 , in accordance with an embodiment
- FIG. 7 is a diagram of wireless signals between a transmitting device (initiator) and a receiving device (responder) in a room that includes a wireless channel in the free-space path and a wireless channel of a reflected path, in accordance with an embodiment
- FIG. 8 is a signal diagram illustrating a signal strength and timing of signals received via the wireless channel of the shortest free-space path and the wireless channel of the reflected path of FIG. 7 , in accordance with an embodiment
- FIG. 9 is a diagram of wireless signals between the transmitting device (initiator) and the receiving device (responder) in the room of FIG. 7 in which the wireless channel in the free-space path is obstructed, in accordance with an embodiment
- FIG. 10 is a signal diagram illustrating a signal strength and timing of signals received via the obstructed channel of the shortest free-space path and the wireless channel of the reflected path of FIG. 9 , in accordance with an embodiment
- FIG. 11 is a block diagram of a system for identifying the wireless channel in the shortest free-space path to determine a time-of-flight through the shortest free-space path between the transmitting device (initiator) and the receiving device (responder), in accordance with an embodiment
- FIG. 12 is a timing diagram of signals transmitted and received between the transmitting device (initiator) and the receiving device (responder) using the system of FIG. 11 , in accordance with an embodiment
- FIG. 13 is a diagram of wireless signals between the transmitting device (initiator) and the receiving device (responder) in the room of FIG. 9 in which an attacker is sending a spoofed signal, in accordance with an embodiment
- FIG. 14 is a timing diagram of signals transmitted by the transmitting device (initiator) and the attacker and received by the receiving device (responder) using the system of FIG. 11 , in accordance with an embodiment
- FIG. 15 is a block diagram of a system for securely identifying the wireless channel in the shortest free-space path to determine a time-of-flight through the shortest free-space path between the transmitting device (initiator) and the receiving device (responder) in the presence of an attacker, in accordance with an embodiment
- FIG. 16 is a block diagram of another system for securely identifying the wireless channel in the shortest free-space path to determine a time-of-flight through the shortest free-space path between the transmitting device (initiator) and the receiving device (responder) in the presence of an attacker, in accordance with an embodiment
- FIG. 17 is a set of signal diagrams representing the operation of the system of FIG. 16 to securely identify the wireless channel in the shortest free-space by filtering away a signal from the attacker, in accordance with an embodiment.
- the articles “a,” “an,” and “the” are intended to mean that there are one or more of the elements.
- the terms “comprising,” “including,” and “having” are intended to be inclusive and mean that there may be additional elements other than the listed elements.
- references to “one embodiment” or “an embodiment” of the present disclosure are not intended to be interpreted as excluding the existence of additional embodiments that also incorporate the recited features.
- the phrase A “based on” B is intended to mean that A is at least partially based on B.
- the term “or” is intended to be inclusive (e.g., logical OR) and not exclusive (e.g., logical XOR). In other words, the phrase A “or” B is intended to mean A, B, or both A and B.
- Wireless communication between two electronic devices may be used to determine a distance between the two devices.
- a time-of-flight estimate for a signal may indicate the distance between two devices when the signal is received over a wireless channel of the shortest free-space path between the two devices.
- a simple way to determine the wireless channel of the shortest free-space path involves identifying the wireless channel between a receiving device and a transmitting device that provides the strongest signal.
- the strongest signal may not always represent the shortest free-space path between the receiving device and the transmitting device.
- an obstruction such as a person
- an obstruction may be positioned in the shortest free-space path between the receiving device and the transmitting device. This may lower the signal strength of the wireless channel of the shortest free-space path.
- a wireless channel in a non-direct path such as a reflection off a wall that goes around the obstruction, could provide a stronger signal. In cases like these, then, signal strength alone may not accurately identify the shortest free-space path between the receiving device and the transmitting device.
- identifying the shortest free-space path may involve identifying the wireless channel with the signal having the earliest arrival time.
- the signal from the transmitting device may include a defined preamble that can be used to determine which of the possible channels provides the earliest signal, even if the earliest signal is not the strongest signal. While this may allow the receiving device to accurately identify the proximity to the transmitting device in many cases, an attacker could provide a spoofed signal using the defined preamble. The spoofed signal could appear, from the perspective of the receiving device, to be earlier than the actual earliest signal from the actual shortest free-space path. In this way, an attacker could cause the receiving device to misidentify the shortest free-space path between the receiving device and the transmitting device, which could thereby cause the receiving device to calculate a false proximity.
- the systems and methods of this disclosure do not rely exclusively on a defined preamble to determine a shortest free-space path between the transmitting device and the receiving device. Instead, the transmitting device may send a signal that includes both a defined preamble and a cryptographically secure shared secret. Even if the attacker spoofs the preamble, the attacker may not be able to spoof the shared secret. As such, while the preamble may assist the receiving device in determining the earliest signal, and therefore the signal received over the wireless channel in the shortest free-space path, the receiving device may use the shared secret to identify the true shortest free-space path.
- the receiving device may use the shared secret differently according to different architectures.
- the preamble and the shared secret may be used together to perform channel estimation for identifying the wireless channel in the shortest free-space path to the transmitting device.
- the preamble may be defined specifically to enable identifying the earliest signal, whereas the shared secret may not be as effective for this purpose.
- the receiving device may use the preamble to identify the earliest signal, while using the shared secret to identify the attacker signal that lacks the correct shared secret present in the signals from the transmitting device. Having identified the attacker signal, the receiving device may filter away the attacker signal.
- the receiving device may thus estimate the wireless channel of the shortest free-space path using the preambles of the remaining non-attacker signals.
- a true wireless channel of the shortest free-space path may be identified to determine the proximity between the transmitting device and the receiving device, even in the presence of an attacker.
- an electronic device 10 may include, among other things, one or more processor(s) 12 , memory 14 , nonvolatile storage 16 , a display 18 , input structures 22 , an input/output (I/O) interface 24 , a network interface 26 , a transceiver 28 , and a power source 29 .
- processor(s) 12 may include, among other things, one or more processor(s) 12 , memory 14 , nonvolatile storage 16 , a display 18 , input structures 22 , an input/output (I/O) interface 24 , a network interface 26 , a transceiver 28 , and a power source 29 .
- processor(s) 12 may include, among other things, one or more processor(s) 12 , memory 14 , nonvolatile storage 16 , a display 18 , input structures 22 , an input/output (I/O) interface 24 , a network interface 26 , a transceiver 28 , and a power source 29 .
- FIG. 1 may include hardware elements (including circuitry), software elements (including computer code stored on a computer-readable medium) or a combination of both hardware and software elements. It should be noted that FIG. 1 is merely one example of a particular implementation and is intended to illustrate the types of components that may be present in electronic device 10 .
- the electronic device 10 may represent a block diagram of the notebook computer depicted in FIG. 2 , the handheld device depicted in FIG. 3 , the handheld device depicted in FIG. 4 , the desktop computer depicted in FIG. 5 , the wearable electronic device depicted in FIG. 6 , or similar devices.
- the processor(s) 12 and other related items in FIG. 1 may be generally referred to herein as “data processing circuitry”. Such data processing circuitry may be embodied wholly or in part as software, firmware, hardware, or any combination thereof. Furthermore, the data processing circuitry may be a single contained processing module or may be incorporated wholly or partially within any of the other elements within the electronic device 10 .
- the processor(s) 12 may be operably coupled with the memory 14 and the nonvolatile storage 16 to perform various algorithms.
- Such programs or instructions executed by the processor(s) 12 may be stored in any suitable article of manufacture that includes one or more tangible, computer-readable media at least collectively storing the instructions or routines, such as the memory 14 and the nonvolatile storage 16 .
- the memory 14 and the nonvolatile storage 16 may include any suitable articles of manufacture for storing data and executable instructions, such as random-access memory, read-only memory, rewritable flash memory, hard drives, and optical discs.
- programs e.g., an operating system
- encoded on such a computer program product may also include instructions that may be executed by the processor(s) 12 to enable the electronic device 10 to provide various functionalities.
- the display 18 may be a liquid crystal display (LCD), which may allow users to view images generated on the electronic device 10 .
- the display 18 may include a touch screen, which may allow users to interact with a user interface of the electronic device 10 .
- the display 18 may include one or more organic light emitting diode (OLED) displays, or some combination of liquid crystal display (LCD) panels and OLED panels.
- OLED organic light emitting diode
- the display 18 may receive images, data, or instructions from processor 12 or memory 14 , and provide an image in display 18 for interaction. More specifically, the display 18 includes pixels, and each of the pixels may be set to display a color at a brightness based on the images, data, or instructions from processor 12 or memory 14 .
- the input structures 22 of the electronic device 10 may enable a user to interact with the electronic device 10 (e.g., pressing a button to increase or decrease a volume level).
- the I/O interface 24 may enable electronic device 10 to interface with various other electronic devices, as may the network interface 26 .
- the network interface 26 may include, for example, one or more interfaces for a personal area network (PAN), such as a Bluetooth network, for a local area network (LAN) or wireless local area network (WLAN), such as an 802.11x Wi-Fi network, and/or for a wide area network (WAN), such as a 3rd generation (3G) cellular network, 4th generation (4G) cellular network, long term evolution (LTE) cellular network, or long term evolution license assisted access (LTE-LAA) cellular network.
- PAN personal area network
- LAN local area network
- WLAN wireless local area network
- WAN wide area network
- 3G 3rd generation
- 4G 4th generation
- LTE long term evolution
- LTE-LAA long term evolution license assisted access
- the network interface 26 may also include one or more interfaces for, for example, broadband fixed wireless access networks (WiMAX), mobile broadband Wireless networks (mobile WiMAX), asynchronous digital subscriber lines (e.g., ADSL, VDSL), digital video broadcasting-terrestrial (DVB-T) and its extension DVB Handheld (DVB-H), ultra-Wideband (UWB), alternating current (AC) power lines, and so forth.
- WiMAX broadband fixed wireless access networks
- mobile WiMAX mobile broadband Wireless networks
- asynchronous digital subscriber lines e.g., ADSL, VDSL
- DVD-T digital video broadcasting-terrestrial
- DVD-H digital video broadcasting-terrestrial
- UWB ultra-Wideband
- AC alternating current
- the electronic device 10 may include a transceiver 28 .
- the transceiver 28 may include any circuitry that may be useful in both wirelessly receiving and wirelessly transmitting signals (e.g., data signals). Indeed, in some embodiments, as will be further appreciated, the transceiver 28 may include a transmitter and a receiver combined into a single unit, or, in other embodiments, the transceiver 28 may include a transmitter separate from the receiver. Indeed, in some embodiments, the transceiver 28 may include several transmitters and receivers, some or none of which are combined into single units.
- the transceiver 28 may transmit and receive OFDM signals (e.g., OFDM data symbols) to support data communication in wireless applications such as, for example, PAN networks (e.g., Bluetooth), WLAN networks (e.g., 802.11x Wi-Fi), WAN networks (e.g., 3G, 4G, and LTE cellular networks), WiMAX networks, mobile WiMAX networks, ADSL and VDSL networks, DVB-T and DVB-H networks, UWB networks, and so forth. Further, in some embodiments, the transceiver 28 may be integrated as part of the network interfaces 26 . As further illustrated, the electronic device 10 may include a power source 29 .
- the power source 29 may include any suitable source of power, such as a rechargeable lithium polymer (Li-poly) battery and/or an alternating current (AC) power converter.
- the electronic device 10 may take the form of a computer, a portable electronic device, a wearable electronic device, or other type of electronic device.
- Such computers may include computers that are generally portable (such as laptop, notebook, and tablet computers) as well as computers that are generally used in one place (such as conventional desktop computers, workstations, and/or servers).
- the electronic device 10 in the form of a computer may be a model of a MacBook®, MacBook® Pro, MacBook Air®, iMac®, Mac® mini, or Mac Pro® available from Apple Inc.
- the electronic device 10 taking the form of a notebook computer 10 A, is illustrated in FIG. 2 in accordance with one embodiment of the present disclosure.
- the depicted computer 10 A may include a housing or enclosure 36 , a display 18 , input structures 22 , and ports of an I/O interface 24 .
- the input structures 22 (such as a keyboard and/or touchpad) may be used to interact with the computer 10 A, such as to start, control, or operate a GUI or applications running on computer 10 A.
- a keyboard and/or touchpad may allow a user to navigate a user interface or application interface displayed on display 18 .
- FIG. 3 depicts a front view of a handheld device 10 B, which represents one embodiment of the electronic device 10 .
- the handheld device 10 B may represent, for example, a portable phone, a media player, a personal data organizer, a handheld game platform, or any combination of such devices.
- the handheld device 10 B may be a model of an iPod® or iPhone® available from Apple Inc. of Cupertino, Calif.
- the handheld device 10 B may include an enclosure 36 to protect interior components from physical damage and to shield them from electromagnetic interference.
- the enclosure 36 may surround the display 18 .
- Enclosure 36 may also include sensing and processing circuitry that may be used to provide correction schemes described herein to provide smooth images in display 18 .
- the I/O interfaces 24 may open through the enclosure 36 and may include, for example, an I/O port for a hardwired connection for charging and/or content manipulation using a standard connector and protocol, such as the Lightning connector provided by Apple Inc., a universal service bus (USB), or other similar connector and protocol.
- a standard connector and protocol such as the Lightning connector provided by Apple Inc., a universal service bus (USB), or other similar connector and protocol.
- User input structures 22 may allow a user to control the handheld device 10 B.
- the input structures 22 may activate or deactivate the handheld device 10 B, navigate user interface to a home screen, a user-configurable application screen, and/or activate a voice-recognition feature of the handheld device 10 B.
- Other input structures 22 may provide volume control, or may toggle between vibrate and ring modes.
- the input structures 22 may also include a microphone may obtain a user's voice for various voice-related features, and a speaker may enable audio playback and/or certain phone capabilities.
- the input structures 22 may also include a headphone input to provide a connection to external speakers and/or headphones.
- FIG. 4 depicts a front view of another handheld device 10 C, which represents another embodiment of the electronic device 10 .
- the handheld device 10 C may represent, for example, a tablet computer, or one of various portable computing devices.
- the handheld device 10 C may be a tablet-sized embodiment of the electronic device 10 , which may be, for example, a model of an iPad® available from Apple Inc. of Cupertino, California.
- a computer 10 D may represent another embodiment of the electronic device 10 of FIG. 1 .
- the computer 10 D may be any computer, such as a desktop computer, a server, or a notebook computer, but may also be a standalone media player or video gaming machine.
- the computer 10 D may be an iMac®, a MacBook®, or other similar device by Apple Inc.
- the computer 10 D may also represent a personal computer (PC) by another manufacturer.
- a similar enclosure 36 may be provided to protect and enclose internal components of the computer 10 D such as the display 18 .
- a user of the computer 10 D may interact with the computer 10 D using various peripheral input devices, such as the keyboard 22 A or mouse 22 B (e.g., input structures 22 ), which may connect to the computer 10 D.
- FIG. 6 depicts a wearable electronic device 10 E representing another embodiment of the electronic device 10 of FIG. 1 that may be configured to operate using the techniques described herein.
- the wearable electronic device 10 E which may include a wristband 43 , may be an Apple Watch® by Apple, Inc.
- the wearable electronic device 10 E may include any wearable electronic device such as, for example, a wearable exercise monitoring device (e.g., pedometer, accelerometer, heart rate monitor), or other device by another manufacturer.
- a wearable exercise monitoring device e.g., pedometer, accelerometer, heart rate monitor
- the display 18 of the wearable electronic device 10 E may include a touch screen display 18 (e.g., LCD, OLED display, active-matrix organic light emitting diode (AMOLED) display, and so forth), as well as input structures 22 , which may allow users to interact with a user interface of the wearable electronic device 10 E.
- a touch screen display 18 e.g., LCD, OLED display, active-matrix organic light emitting diode (AMOLED) display, and so forth
- input structures 22 may allow users to interact with a user interface of the wearable electronic device 10 E.
- Wireless communication to an electronic device 10 from a transmitting device may be used to determine a distance between the electronic device 10 and the transmitting device. This may be referred to as “wireless ranging.”
- an initiator 60 e.g., a first electronic device 10
- a responder 62 e.g., a second electronic device 10
- the room 64 may have walls 66 A, 66 B, 66 C, and 66 D.
- the initiator 60 may communicate wirelessly with the responder 62 by sending a wireless ranging signal in the form of a first wireless signal 68 that travels directly to the responder 62 via a free-space channel 69 through a shortest free-space path.
- a second copy of the wireless ranging signal in the form of a second wireless signal 70 reaches the responder 62 via a reflected channel 71 that reflects off of the wall 66 A.
- a signal timing diagram 78 of FIG. 8 shows that, as a consequence, the responder 62 may initially receive the free-space first wireless signal 68 in time 80 before receiving the reflected second wireless signal 70 . Because the reflected second wireless signal 70 loses energy when the second wireless signal 70 reflects against the wall 66 A, the free-space first wireless signal 68 has a greater signal strength than the reflected second wireless signal 70 . In a situation like this, the stronger signal strength correlates with the channel in the most direct path between the initiator 60 and the responder 62 .
- an obstruction 90 may stand in the free-space path of the first wireless signal 68 . This could happen, for example, when a person or furniture is located directly between the initiator 60 and the responder 62 .
- the free-space first wireless signal 68 may still arrive earlier in time 80 than the reflected second wireless signal 70 .
- the free-space first wireless signal 68 is attenuated and may even have a lower signal strength than the reflected second wireless signal 70 .
- the responder 62 may employ a receiver system 100 as shown in FIG.
- the receiver system 100 may aim to identify the shortest free-space channel 69 that conveys the first wireless signal 68 , even when the first wireless signal 68 has a lower signal strength than signals from other channels (such as the reflected second wireless signal 70 in the reflected channel 71 ).
- the receiver system 100 is described in block diagram form in FIG. 11 .
- the various components of the receiver system 100 may be implemented in digital circuitry, software running on a processor (e.g., firmware), or some combination of these.
- the receiver system 100 of FIG. 11 may receive digitized analog-to-digital (ADC) samples 102 received from an antenna of the transceiver 28 .
- a correlator 104 may compare the received ADC samples 102 to a known preamble p.
- the preamble p may be a predefined set of values that is known at least to the initiator 60 and responder 62 .
- the preamble p may be publicly known. As such, the preamble p may be sent via plaintext in at least some embodiments.
- the preamble p may take any suitable signal structure that enables the correlator 104 to accurately and/or efficiently (e.g., with reduced or minimal signal sidelobes) produce a preamble correlation signal 105 .
- the correlator 104 may provide the preamble correlation signal 105 to a channel estimation block 106 and a start-of-frame delimiter (SFD) detector 108 .
- the channel estimation block 106 may identify characteristics of the various channels (e.g., free-space channel 69 , reflected channel 71 ), including which of the channels provides the earliest signal, by analyzing the preamble correlation signal 105 from the correlator 104 .
- a first path correction block 110 may identify when the signal from the earliest channel was received (e.g., when in time the first wireless signal 68 was received on the free-space channel 69 ) as a first path correction value.
- the first path correction value can be used in combination with other information to determine a proximity between the initiator 60 and the responder 62 .
- the ADC samples 102 may also enter a channel-matched filter 112 that analyzes the ADC samples 102 for each channel based on the channel estimation from the channel estimation block 106 .
- the filtered results may be aligned in a frame timing block 114 according to the start-of-frame delimiter from the SFD detector 108 to extract data that can be demodulated in a demodulation block 116 and decoded in a decode block 118 to identify a timestamp 120 .
- the timestamp 120 represents the time provided by the initiator 60 that indicates when the initiator 60 transmitted the communication to the responder 62 .
- a time-of-flight value 124 may be computed.
- the time-of-flight value 124 represents the time taken for the first wireless signal 68 to travel the shortest free-space path via the free-space channel 69 between the initiator 60 and the responder 62 .
- the time-of-flight value 124 and the physical parameter of the speed of electromagnetic radiation can be estimated.
- a timing diagram 130 shown in FIG. 12 provides an example of the communication that may take place between the initiator 60 and the responder 62 using the system of FIG. 11 .
- the timing diagram 130 shows that, at a time 132 , the initiator 60 begins to transmit a wireless signal 134 .
- the wireless signal 134 may contain several components, including an initial preamble p 136 and a start-of-frame delimiter (SFD) 138 , followed by data 140 (which may encode the timestamp 120 ).
- SFD start-of-frame delimiter
- the wireless signal 134 may be received by the responder 62 as the free-space first wireless signal 68 and the reflected second wireless signal 70 .
- the correlator 104 of the responder 62 may begin to analyze the received free-space first wireless signal 68 and the reflected second wireless signal 70 for a matching preamble p sequence (e.g., as the preamble correlation signal 105 shown in FIG. 11 ).
- a first preamble match is identified as signal 144 and occurs when a first preamble p sequence of the free-space first wireless signal 68 is received. Thereafter, a preamble match signal 146 occurs every time the preamble p sequence is found in a corresponding received preamble sequence 136 A of the free-space first wireless signal 68 . A preamble match signal 148 occurs every time the preamble p sequence is found in a corresponding received preamble sequence 136 B in the reflected second wireless signal 70 . In the example of FIG.
- the preamble match signal 146 appears earlier than the preamble match signal 148 , but the preamble match signal 146 has a lower magnitude than the preamble match signal 148 because the signal strength of the free-space first wireless signal 68 is lower the reflected second wireless signal 70 (e.g., due to some obstruction along the free-space channel 69 ).
- the correlator 104 may also identify components of a received start-of-frame delimiter (SFD) 138 A of the free-space first wireless signal 68 and of a received start-of-frame delimiter (SFD) 138 B of the reflected second wireless signal 70 as SFD match signals 150 .
- SFD start-of-frame delimiter
- positive SFD match signal 152 relates to the received SFD 138 A
- positive SFD match signal 154 relates to the received SFD 138 B
- negative SFD match signal 156 relates to the received SFD 138 A
- negative SFD match signal 158 relates to the received SFD 138 B.
- the SFD match signals 150 allow the responder 62 to identify the start of received data 140 A or 140 B received via each wireless channel.
- the correlator 104 is used to determine which of the signals 68 or 70 are in the earliest channel.
- an attacker 170 may intercept the transmission from the initiator 60 (represented as intercepted wireless signal 172 ) and then delay and retransmit the intercepted wireless signal 172 as a false wireless ranging signal in the form of an attack signal 174 to the responder 62 .
- an attack channel 176 the channel through which the attack signal 174 reaches the responder 62 will be referred to in this disclosure as an attack channel 176 .
- the attacker 170 is shown to be between the initiator 60 and the responder 62 , it is possible for the attacker 170 to be remote from the initiator 60 and the responder 62 and still mount an attack. In some cases, the attacker 170 could be very far (e.g., hundreds or even thousands of meters) from the initiator 60 and the responder 62 .
- the effect of the attack signal 174 on the receiver system 100 is shown by a signal timing diagram 188 in FIG. 14 , which builds on the example signal timing diagram 130 of FIG. 12 . As such, a description of elements that appear in both FIGS. 12 and 14 may be found in the previous discussion with reference to FIG. 12 .
- the attacker 170 is shown to receive the intercepted wireless signal 172 quickly after it has been transmitted by the initiator 60 .
- the intercepted wireless signal 172 includes a preamble 136 C and a start-of-frame delimiter (SFD) 138 C that corresponds to the preamble 136 and the SFD 138 from the initiator 60 .
- SFD start-of-frame delimiter
- the attacker 170 holds the signal for an attacker delay period 190 before transmitting the attack signal 174 , which includes a preamble 136 D and an SFD 138 D that corresponds to the preamble 136 C and the SFD 138 C.
- the attacker delay period 190 delays the attack signal 174 just enough to cause the attack signal 174 , when received by the responder 62 as a received attack signal 192 , to appear to be arriving earlier than either the free-space first wireless signal 68 or the reflected second wireless signal 70 due to the periodicity of the preambles 136 A, 136 B, and 136 D.
- the correlator 104 when the correlator 104 generates a preamble match signal 194 corresponding to a match to the preamble 136 D, it recurs before the preamble match signals 144 and 146 in a repeating pattern 196 .
- the responder 62 may interpret the attack channel 176 that carries the attack signal 174 to be the earliest channel. This may prevent or complicate the efforts by the responder 62 to correctly identify the free-space channel 69 .
- a secure receiver system 210 may allow the responder 62 to thwart attacks like those discussed above, while still allowing the responder 62 to identify the shortest free-space channel 69 that conveys the first wireless signal 68 .
- the receiver system 210 is described in block diagram form in FIG. 15 .
- the various components of the receiver system 210 may be implemented in digital circuitry, software running on a processor (e.g., firmware), or some combination of these.
- the receiver system 210 of FIG. 15 may receive digitized analog-to-digital (ADC) samples 102 received from an antenna of the transceiver 28 .
- a first correlator 104 A may compare the received ADC samples 102 to a known preamble p.
- the preamble p may be a predefined set of values that is known at least to the initiator 60 and responder 62 .
- the preamble p may be publicly known. As such, the preamble p may be sent via plaintext in at least some embodiments.
- the preamble p may take any suitable signal structure that enables the first correlator 104 A to accurately and/or efficiently (e.g., with reduced or minimal signal sidelobes) produce a preamble correlation signal 105 .
- the first correlator 104 A may provide the preamble correlation signal 105 to a first channel estimation block 106 A and a start-of-frame delimiter (SFD) detector 108 .
- the first channel estimation block 106 A may estimate the various channels (e.g., free-space channel 69 , reflected channel 71 , attack channel 176 ), by analyzing the preamble correlation signal 105 from the first correlator 104 A.
- the first channel estimation block 106 A may not alone identify the earliest channel if the attack signal 174 is being sent through the attack channel 176 in a way that makes the attack signal 174 appear to be the earliest signal. Instead, the first channel estimation block 106 A may be used identify the various channels over which the responder 62 may be receiving signals, since it is possible that an attacker signal (e.g., the attack signal 174 ) could spoof the preamble. Instead, as will be discussed further below, the receiver system 210 may use a shared secrete b to identify the earliest channel.
- the ADC samples 102 may also enter a channel-matched filter 112 that analyzes the ADC samples 102 for each channel identified by the first channel estimation block 106 A.
- the filtered results may be aligned in a first frame timing block 114 A according to the start-of-frame delimiter from the SFD detector 108 to extract data that can be demodulated in a demodulation block 116 and decoded in a decode block 118 to identify a timestamp 120 .
- the timestamp 120 represents the time provided by the initiator 60 that indicates when the initiator 60 transmitted the communication to the responder 62 .
- the receiver system 210 may identify the earliest channel using a shared secret b.
- the shared secret b may be any cryptographically secure value that is known by both the initiator 60 and the responder 62 , but which is not known by the attacker 170 .
- the shared secret b appears as a cryptographically secure pseudorandom number.
- the attacker 170 attempts to retransmit the shared secret b, which does not have a known periodicity like the preamble p that the attacker 170 could exploit, the retransmitted shared secret b would arrive later and could be identified as late for that reason.
- the attacker 170 attempts to use a false shared secret b′, it will not match the shared secret b that is known by the responder 62 .
- the receiver system 210 may use a second frame timing block 114 B (which may reuse the same circuitry, software, or other processing logic as the first frame timing block 114 A) to align the ADC samples 102 to the start of the frame to begin receiving data that ostensibly contains the shared secret b.
- a second correlator 104 B (which may reuse the same circuitry, software, or other processing logic as the first correlator 104 A) may provide shared secret match signals 212 to a second channel estimation block 106 B (which may reuse the same circuitry, software, or other processing logic as the first channel estimation block 106 A).
- the shared secret match signals 212 output by the second correlator 104 B may have a higher-order behavior in comparison to the preamble match signals 105 output by the first correlator 104 A.
- the higher-order behavior of the shared secret match signals 212 may manifest as sidelobes or other higher-order signal features.
- channel estimation may be more difficult when the signal strength is relatively low, which could happen if the earliest free-space channel is obstructed in some way (e.g., if there is an obstruction 90 that lowers the signal strength of the free-space first wireless signal 68 in the free-space channel 69 ).
- the second channel estimation block 106 B may not estimate the attack channel 176 . Consequently, when the results of the channel estimation from the second channel estimation block 106 B enter a first path correction block 110 , only the channels for the true signals may be estimated. Thus, provided the signal strength is sufficient to overcome the higher-order behavior of the shared secret match signals 212 , the first path correction block 110 may be able to determine the arrival time of the first wireless signal 68 on the free-space channel 69 .
- a time-of-flight value 124 may be computed.
- the time-of-flight value 124 represents the time taken for the first wireless signal 68 to travel the shortest free-space path via the free-space channel 69 between the initiator 60 and the responder 62 .
- the time-of-flight value 124 and the physical parameter of the speed of electromagnetic radiation e.g., the speed of light
- Another secure receiver system 240 may allow the responder 62 to thwart attacks like those discussed above by filtering out the attack signal 174 using the shared secret b.
- the receiver system 240 is described in block diagram form.
- the various components of the receiver system 240 may be implemented in digital circuitry, software running on a processor (e.g., firmware), or some combination of these.
- the receiver system 240 of FIG. 16 may receive digitized analog-to-digital (ADC) samples 102 received from an antenna of the transceiver 28 .
- a first correlator 104 A may compare the received ADC samples 102 to a known preamble p.
- the preamble p may be a predefined set of values that is known at least to the initiator 60 and responder 62 .
- the preamble p may be publicly known. As such, the preamble p may be sent via plaintext in at least some embodiments.
- the preamble p may take any suitable signal structure that enables the first correlator 104 A to accurately and/or efficiently (e.g., with reduced or minimal signal sidelobes) produce a preamble correlation signal 105 .
- the first correlator 104 A may provide the preamble correlation signal 105 to a first channel estimation block 106 A and a start-of-frame delimiter (SFD) detector 108 .
- the first channel estimation block 106 A may estimate the various channels (e.g., free-space channel 69 , reflected channel 71 , attack channel 176 ) by analyzing the preamble correlation signal 105 from the first correlator 104 A.
- the result may include a channel impulse response (CIR) that includes the impulse response from the preambles of the various received signals (e.g., free-space first wireless signal 68 , reflected second wireless signal 70 , attack signal 174 ).
- CIR channel impulse response
- This may be provided to a first path correction block 110 , but the first path correction block 110 may not alone rely on the CIR that includes all of the signals to identify the earliest signal arrival to perform first path correction.
- the receiver system 210 may use a shared secrete b to identify the attack signal 174 so it can be filtered out of the CIR at the first path correction block 110 . This will be discussed further below.
- the ADC samples 102 may also enter a channel-matched filter 112 that analyzes the ADC samples 102 for each channel identified by the first channel estimation block 106 A.
- the filtered results may be aligned in a first frame timing block 114 A according to the start-of-frame delimiter from the SFD detector 108 to extract data that can be demodulated in a demodulation block 116 and decoded in a decode block 118 to identify a timestamp 120 .
- the timestamp 120 represents the time provided by the initiator 60 that indicates when the initiator 60 transmitted the communication to the responder 62 .
- the receiver system 240 may identify the attack signal 174 using a shared secret b.
- the shared secret b may be any cryptographically secure value that is known by both the initiator 60 and the responder 62 , but which is not known by the attacker 170 .
- the shared secret b appears as a cryptographically secure pseudorandom number.
- the attacker 170 attempts to retransmit the shared secret b, which does not have a known periodicity like the preamble p that the attacker 170 could exploit, the retransmitted shared secret b would arrive later and could be identified as late for that reason.
- the attacker 170 attempts to use a false shared secret b′, it will not match the shared secret b that is known by the responder 62 .
- the receiver system 240 may use a second frame timing block 114 B (which may reuse the same circuitry, software, or other processing logic as the first frame timing block 114 A) to align the ADC samples 102 to the start of the frame to begin receiving data that ostensibly contains the shared secret b.
- a local copy 242 of the shared secret b may be provided to a second channel match filter 112 B (which may reuse the same circuitry, software, or other processing logic as the first channel matched filter 112 A) and the result subtracted in a subtraction operation 244 from the received data. Because the attacker 170 does not know the shared secret b, the attack signal 174 may use a false shared secret b′ that does not match the shared secret b.
- any component related to a non-attacker signal e.g., the free-space first wireless signal 68 or the reflected second wireless signal 70
- any component related to a non-attacker signal may result in perfect correlation.
- any data from the attack signal 174 that includes a false shared secret b′ will produce a noise signal when passed through the second correlator 104 B.
- the noise signal will have a random pattern since the false shared secret b′ can be expected only to randomly correlate with the true shared secret b.
- an attacker estimation block 246 may use this predictable noise pattern to identify the attack signal 174 on the attack channel 176 .
- An attack signal estimate 248 that corresponds to the attack signal 174 may be provided to the first path correction block 110 .
- the first path correction block 110 may filter out the component of the CIR that corresponds to the attack signal estimate 248 , relying on the channel estimation from the channel estimation block 106 based on the preamble b to determine the first path correction.
- the first path correction block 110 of the receiver system 240 of FIG. 16 may be able to determine the arrival time of the first wireless signal 68 on the free-space channel 69 based on the preamble b without performing channel estimation on a shared secret match signal that could have higher-order behavior (e.g., sidelobes), as in the receiver system 210 of FIG. 15 . Accordingly, the receiver system 240 of FIG. 16 may be more sensitive to a weaker signal through a true free-space path.
- a time-of-flight value 124 may be computed.
- the time-of-flight value 124 represents the time taken for the first wireless signal 68 to travel the shortest free-space path via the free-space channel 69 between the initiator 60 and the responder 62 .
- the time-of-flight value 124 and the physical parameter of the speed of electromagnetic radiation e.g., the speed of light
- the operational results of processing the preamble may be represented as follows:
- h true represents the true free-space channel 69
- h attack represents the attack channel 176
- p represents the preamble sequence known to both the initiator 60 and the attacker 170
- p RX represents the correlation of the preambles from the various channels received by the responder 62
- ⁇ represents the estimated earliest channel due to the combined true free-space channel 69 and attack channel 176 .
- the known preamble p has perfect autocorrelation.
- the operational results of processing the true shared secret b in the true free-space first wireless signal 68 and the false shared secret b′ sent in the attack signal 174 may be represented as follows:
- h true represents the true free-space channel 69
- h attack represents the attack channel 176
- b represents the true shared secret known to the initiator 60 but not the attacker 170
- b′ represents a false shared secret sent by the attacker 170
- b RX represents the correlation of the false and true shared secrets from the various channels received by the responder 62
- ⁇ ′ represents the estimated attack channel 176 .
- the true shared secret b, but not the false shared secret b′ has at least partial autocorrelation.
- the use of the shared secret b, and the fact that it is not known to the attacker 170 can be used to estimate the attacker channel 176 and reject the attack signal 174 on the attack channel 176 .
- a plot 270 represents a channel impulse response (CIR) that includes the impulse response from the preambles of various received signals, including true signals from an initiator 60 (e.g., the free-space first wireless signal 68 from the free-space channel 69 , and the reflected second wireless signal 70 from the reflected channel 71 ), as well as a false signal from an attacker 170 (e.g., the attack signal 174 from the attack channel 176 ).
- a plot 272 represents a channel impulse response (CIR) from an attack channel estimate 248 as determined using the receiver system 240 , as discussed above.
- a corrected CIR may be obtained as shown in a plot 274 .
- the corrected CIR of plot 274 may include substantially only true signals from the initiator 60 . Indeed, this may allow even a faint CIR signal 276 to be detected, which may be due to the true free-space first wireless signal 68 of the free-space channel 69 because it is the earliest signal.
- an accurate first path correction may be determined even in the presence of an attacker that spoofs a preamble, and even when the rue free-space first wireless signal 68 of the free-space channel 69 is attenuated.
- an accurate and secure wireless ranging operation may be performed via the time-of-flight, to thereby determine a proximity between the initiator 60 and the responder 62 .
Abstract
Wireless communication between two electronic devices may be used to determine a distance between the two devices, even in the presence of an otherwise-disruptive attacker. A wireless receiver system of one device may receive a true wireless ranging signal from a first transmitting device and a false wireless ranging signal from an attacker. The wireless receiver system may correlate the wireless signals with a known preamble sequence and perform channel estimation using the result, obtaining a channel impulse response for the wireless signals. The wireless receiver system may filter the channel impulse response for the plurality of wireless signals by removing at least part of the channel impulse response due to the false wireless ranging signal while not removing at least part of the channel impulse response due to the true wireless ranging signal. The receiver system may perform a wireless ranging operation using the filtered channel impulse response.
Description
- This application is a continuation of U.S. application Ser. No. 15/883,785, entitled “Secure Channel Estimation Architecture,” filed Jan. 30, 2018, which claims priority to U.S. Provisional Application No. 62/564,901, entitled “Secure Channel Estimation Architecture,” filed Sep. 28, 2017, each of which is incorporated by reference herein in its entirety for all purposes.
- This disclosure relates to systems and methods for securely identifying a wireless channel in a shortest free-space path between a transmitting device and a receiving device.
- This section is intended to introduce the reader to various aspects of art that may be related to various aspects of the present techniques, which are described and/or claimed below. This discussion is believed to be helpful in providing the reader with background information to facilitate a better understanding of the various aspects of the present disclosure. Accordingly, it should be understood that these statements are to be read in this light, and not as admissions of prior art.
- Many electronic devices, such as smartphones and computers, include antennas that are used for various forms of wireless communication. Some electronic devices may benefit from determining an accurate estimate of proximity to another electronic device using wireless signals. This may be accomplished by calculating a time-of-flight estimation for a wireless signal sent over a wireless channel of the shortest free-space path between a transmitting device and a receiving device. A simple way to determine the wireless channel of the shortest free-space path involves identifying the wireless channel between the receiving device and the transmitting device that provides the strongest signal. However, the strongest signal may not always represent the shortest free-space path between the receiving device and the transmitting device. In some cases, an obstruction—such as a person—may be positioned in the shortest free-space path between the receiving device and the transmitting device. This may lower the signal strength of the wireless channel of the shortest free-space path. Meanwhile, a wireless channel in a non-direct path, such as a reflection off a wall that goes around the obstruction, could provide a stronger signal. In cases like these, then, signal strength alone may not accurately identify the shortest free-space path between the receiving device and the transmitting device.
- Since the signal strength does not always indicate the wireless channel of the shortest free-space path between the receiving device and the transmitting device, identifying the shortest free-space path may involve identifying the wireless channel with the signal having the earliest arrival time. For example, the signal from the transmitting device may include a defined preamble that can be used to determine which of the possible channels provides the earliest signal, even if the earliest signal is not the strongest signal. While this may allow the receiving device to accurately identify the proximity to the transmitting device in many cases, an attacker could provide a spoofed signal using the defined preamble. The spoofed signal could appear, from the perspective of the receiving device, to be earlier than the signal from the actual shortest free-space path. In this way, an attacker could cause the receiving device to misidentify the shortest free-space path between the receiving device and the transmitting device, which could thereby cause the receiving device to calculate a false proximity.
- A summary of certain embodiments disclosed herein is set forth below. It should be understood that these aspects are presented merely to provide the reader with a brief summary of these certain embodiments and that these aspects are not intended to limit the scope of this disclosure. Indeed, this disclosure may encompass a variety of aspects that may not be set forth below.
- To protect against attacks that spoof a signal in a shortest free-space wireless channel, this disclosure provides several architectures that use both a preamble and a shared secret. Indeed, since a universally defined, plaintext preamble could be spoofed by an attacker, the systems and methods of this disclosure do not rely exclusively on a universally defined preamble to determine a shortest free-space path between a transmitting device and a receiving device. Instead, the transmitting device may send a signal that includes both a defined preamble and a cryptographically secure shared secret. Even if the attacker spoofs the preamble, the attacker may not be able to spoof the shared secret. As such, while the preamble may assist the receiving device in determining the earliest signal, and therefore the signal received over the wireless channel in the shortest free-space path, the receiving device may also rely on the shared secret.
- The receiving device may use the shared secret differently according to different architectures. In one example, the preamble and the shared secret may be used together to perform channel estimation for identifying the wireless channel in the shortest free-space path to the transmitting device. However, while the preamble may be defined specifically to enable identifying the earliest signal, the shared secret may not be as effective as the preamble for this purpose. As such, in another architecture, the receiving device may use the preamble to identify the earliest signal, while using the shared secret to identify the attacker signal that lacks the correct shared secret present in the signals from the transmitting device. Having identified the attacker signal, the receiving device may filter away the attacker signal. Thus, the receiving device may estimate the wireless channel of the shortest free-space path using the preambles of the remaining non-attacker signals. In this way, a true wireless channel of the shortest free-space path between the transmitting device and the receiving device may be identified, even in the presence of an attacker.
- Various refinements of the features noted above may be made in relation to various aspects of the present disclosure. Further features may also be incorporated in these various aspects as well. These refinements and additional features may be made individually or in any combination. For instance, various features discussed below in relation to one or more of the illustrated embodiments may be incorporated into any of the above-described aspects of the present disclosure alone or in any combination. The brief summary presented above is intended to familiarize the reader with certain aspects and contexts of embodiments of the present disclosure without limitation to the claimed subject matter.
- Various aspects of this disclosure may be better understood upon reading the following detailed description and upon reference to the drawings in which:
-
FIG. 1 is a schematic block diagram of an electronic device, in accordance with an embodiment; -
FIG. 2 is a perspective view of a notebook computer representing an embodiment of the electronic device ofFIG. 1 , in accordance with an embodiment; -
FIG. 3 is a front view of a hand-held device representing another embodiment of the electronic device ofFIG. 1 , in accordance with an embodiment; -
FIG. 4 is a front view of another hand-held device representing another embodiment of the electronic device ofFIG. 1 , in accordance with an embodiment; -
FIG. 5 is a front view of a desktop computer representing another embodiment of the electronic device ofFIG. 1 , in accordance with an embodiment; -
FIG. 6 is a front view and side view of a wearable electronic device representing another embodiment of the electronic device ofFIG. 1 , in accordance with an embodiment; -
FIG. 7 is a diagram of wireless signals between a transmitting device (initiator) and a receiving device (responder) in a room that includes a wireless channel in the free-space path and a wireless channel of a reflected path, in accordance with an embodiment; -
FIG. 8 is a signal diagram illustrating a signal strength and timing of signals received via the wireless channel of the shortest free-space path and the wireless channel of the reflected path ofFIG. 7 , in accordance with an embodiment; -
FIG. 9 is a diagram of wireless signals between the transmitting device (initiator) and the receiving device (responder) in the room ofFIG. 7 in which the wireless channel in the free-space path is obstructed, in accordance with an embodiment; -
FIG. 10 is a signal diagram illustrating a signal strength and timing of signals received via the obstructed channel of the shortest free-space path and the wireless channel of the reflected path ofFIG. 9 , in accordance with an embodiment; -
FIG. 11 is a block diagram of a system for identifying the wireless channel in the shortest free-space path to determine a time-of-flight through the shortest free-space path between the transmitting device (initiator) and the receiving device (responder), in accordance with an embodiment; -
FIG. 12 is a timing diagram of signals transmitted and received between the transmitting device (initiator) and the receiving device (responder) using the system ofFIG. 11 , in accordance with an embodiment; -
FIG. 13 is a diagram of wireless signals between the transmitting device (initiator) and the receiving device (responder) in the room ofFIG. 9 in which an attacker is sending a spoofed signal, in accordance with an embodiment; -
FIG. 14 is a timing diagram of signals transmitted by the transmitting device (initiator) and the attacker and received by the receiving device (responder) using the system ofFIG. 11 , in accordance with an embodiment; -
FIG. 15 is a block diagram of a system for securely identifying the wireless channel in the shortest free-space path to determine a time-of-flight through the shortest free-space path between the transmitting device (initiator) and the receiving device (responder) in the presence of an attacker, in accordance with an embodiment; -
FIG. 16 is a block diagram of another system for securely identifying the wireless channel in the shortest free-space path to determine a time-of-flight through the shortest free-space path between the transmitting device (initiator) and the receiving device (responder) in the presence of an attacker, in accordance with an embodiment; and -
FIG. 17 is a set of signal diagrams representing the operation of the system ofFIG. 16 to securely identify the wireless channel in the shortest free-space by filtering away a signal from the attacker, in accordance with an embodiment. - One or more specific embodiments of the present disclosure will be described below. These described embodiments are only examples of the presently disclosed techniques. Additionally, in an effort to provide a concise description of these embodiments, all features of an actual implementation may not be described in the specification. It should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another. Moreover, it should be appreciated that such a development effort might be complex and time consuming, but may nevertheless be a routine undertaking of design, fabrication, and manufacture for those of ordinary skill having the benefit of this disclosure.
- When introducing elements of various embodiments of the present disclosure, the articles “a,” “an,” and “the” are intended to mean that there are one or more of the elements. The terms “comprising,” “including,” and “having” are intended to be inclusive and mean that there may be additional elements other than the listed elements. Additionally, it should be understood that references to “one embodiment” or “an embodiment” of the present disclosure are not intended to be interpreted as excluding the existence of additional embodiments that also incorporate the recited features. Furthermore, the phrase A “based on” B is intended to mean that A is at least partially based on B. Moreover, unless expressly stated otherwise, the term “or” is intended to be inclusive (e.g., logical OR) and not exclusive (e.g., logical XOR). In other words, the phrase A “or” B is intended to mean A, B, or both A and B.
- Many electronic devices, such as smartphones and computers, include antennas that are used for various forms of wireless communication. Wireless communication between two electronic devices may be used to determine a distance between the two devices. For example, a time-of-flight estimate for a signal may indicate the distance between two devices when the signal is received over a wireless channel of the shortest free-space path between the two devices. As noted above, a simple way to determine the wireless channel of the shortest free-space path involves identifying the wireless channel between a receiving device and a transmitting device that provides the strongest signal. However, the strongest signal may not always represent the shortest free-space path between the receiving device and the transmitting device. In some cases, an obstruction—such as a person—may be positioned in the shortest free-space path between the receiving device and the transmitting device. This may lower the signal strength of the wireless channel of the shortest free-space path. Meanwhile, a wireless channel in a non-direct path, such as a reflection off a wall that goes around the obstruction, could provide a stronger signal. In cases like these, then, signal strength alone may not accurately identify the shortest free-space path between the receiving device and the transmitting device.
- Since the signal strength does not always indicate the wireless channel of the shortest free-space path between the receiving device and the transmitting device, identifying the shortest free-space path may involve identifying the wireless channel with the signal having the earliest arrival time. For example, the signal from the transmitting device may include a defined preamble that can be used to determine which of the possible channels provides the earliest signal, even if the earliest signal is not the strongest signal. While this may allow the receiving device to accurately identify the proximity to the transmitting device in many cases, an attacker could provide a spoofed signal using the defined preamble. The spoofed signal could appear, from the perspective of the receiving device, to be earlier than the actual earliest signal from the actual shortest free-space path. In this way, an attacker could cause the receiving device to misidentify the shortest free-space path between the receiving device and the transmitting device, which could thereby cause the receiving device to calculate a false proximity.
- Several systems and methods may be used to defend against such an attack. Since a known, plaintext preamble could be spoofed by an attacker, the systems and methods of this disclosure do not rely exclusively on a defined preamble to determine a shortest free-space path between the transmitting device and the receiving device. Instead, the transmitting device may send a signal that includes both a defined preamble and a cryptographically secure shared secret. Even if the attacker spoofs the preamble, the attacker may not be able to spoof the shared secret. As such, while the preamble may assist the receiving device in determining the earliest signal, and therefore the signal received over the wireless channel in the shortest free-space path, the receiving device may use the shared secret to identify the true shortest free-space path.
- The receiving device may use the shared secret differently according to different architectures. In one example, the preamble and the shared secret may be used together to perform channel estimation for identifying the wireless channel in the shortest free-space path to the transmitting device. The preamble may be defined specifically to enable identifying the earliest signal, whereas the shared secret may not be as effective for this purpose. As such, in another architecture, the receiving device may use the preamble to identify the earliest signal, while using the shared secret to identify the attacker signal that lacks the correct shared secret present in the signals from the transmitting device. Having identified the attacker signal, the receiving device may filter away the attacker signal. The receiving device may thus estimate the wireless channel of the shortest free-space path using the preambles of the remaining non-attacker signals. Thus, a true wireless channel of the shortest free-space path may be identified to determine the proximity between the transmitting device and the receiving device, even in the presence of an attacker.
- With the foregoing in mind, a general description of suitable electronic devices that may use both a defined preamble and a shared secret to accurately and securely identify a shortest free-space path to another electronic device follows below. Turning first to
FIG. 1 , anelectronic device 10 according to an embodiment of the present disclosure may include, among other things, one or more processor(s) 12,memory 14,nonvolatile storage 16, adisplay 18,input structures 22, an input/output (I/O)interface 24, anetwork interface 26, atransceiver 28, and apower source 29. The various functional blocks shown inFIG. 1 may include hardware elements (including circuitry), software elements (including computer code stored on a computer-readable medium) or a combination of both hardware and software elements. It should be noted that FIG. 1 is merely one example of a particular implementation and is intended to illustrate the types of components that may be present inelectronic device 10. - By way of example, the
electronic device 10 may represent a block diagram of the notebook computer depicted inFIG. 2 , the handheld device depicted inFIG. 3 , the handheld device depicted inFIG. 4 , the desktop computer depicted inFIG. 5 , the wearable electronic device depicted inFIG. 6 , or similar devices. It should be noted that the processor(s) 12 and other related items inFIG. 1 may be generally referred to herein as “data processing circuitry”. Such data processing circuitry may be embodied wholly or in part as software, firmware, hardware, or any combination thereof. Furthermore, the data processing circuitry may be a single contained processing module or may be incorporated wholly or partially within any of the other elements within theelectronic device 10. - In the
electronic device 10 ofFIG. 1 , the processor(s) 12 may be operably coupled with thememory 14 and thenonvolatile storage 16 to perform various algorithms. Such programs or instructions executed by the processor(s) 12 may be stored in any suitable article of manufacture that includes one or more tangible, computer-readable media at least collectively storing the instructions or routines, such as thememory 14 and thenonvolatile storage 16. Thememory 14 and thenonvolatile storage 16 may include any suitable articles of manufacture for storing data and executable instructions, such as random-access memory, read-only memory, rewritable flash memory, hard drives, and optical discs. In addition, programs (e.g., an operating system) encoded on such a computer program product may also include instructions that may be executed by the processor(s) 12 to enable theelectronic device 10 to provide various functionalities. - In certain embodiments, the
display 18 may be a liquid crystal display (LCD), which may allow users to view images generated on theelectronic device 10. In some embodiments, thedisplay 18 may include a touch screen, which may allow users to interact with a user interface of theelectronic device 10. Furthermore, it should be appreciated that, in some embodiments, thedisplay 18 may include one or more organic light emitting diode (OLED) displays, or some combination of liquid crystal display (LCD) panels and OLED panels. Thedisplay 18 may receive images, data, or instructions fromprocessor 12 ormemory 14, and provide an image indisplay 18 for interaction. More specifically, thedisplay 18 includes pixels, and each of the pixels may be set to display a color at a brightness based on the images, data, or instructions fromprocessor 12 ormemory 14. - The
input structures 22 of theelectronic device 10 may enable a user to interact with the electronic device 10 (e.g., pressing a button to increase or decrease a volume level). The I/O interface 24 may enableelectronic device 10 to interface with various other electronic devices, as may thenetwork interface 26. Thenetwork interface 26 may include, for example, one or more interfaces for a personal area network (PAN), such as a Bluetooth network, for a local area network (LAN) or wireless local area network (WLAN), such as an 802.11x Wi-Fi network, and/or for a wide area network (WAN), such as a 3rd generation (3G) cellular network, 4th generation (4G) cellular network, long term evolution (LTE) cellular network, or long term evolution license assisted access (LTE-LAA) cellular network. Thenetwork interface 26 may also include one or more interfaces for, for example, broadband fixed wireless access networks (WiMAX), mobile broadband Wireless networks (mobile WiMAX), asynchronous digital subscriber lines (e.g., ADSL, VDSL), digital video broadcasting-terrestrial (DVB-T) and its extension DVB Handheld (DVB-H), ultra-Wideband (UWB), alternating current (AC) power lines, and so forth. - In certain embodiments, to allow the
electronic device 10 to communicate over the aforementioned wireless networks (e.g., Wi-Fi, WiMAX, mobile WiMAX, 4G, LTE, and so forth), theelectronic device 10 may include atransceiver 28. Thetransceiver 28 may include any circuitry that may be useful in both wirelessly receiving and wirelessly transmitting signals (e.g., data signals). Indeed, in some embodiments, as will be further appreciated, thetransceiver 28 may include a transmitter and a receiver combined into a single unit, or, in other embodiments, thetransceiver 28 may include a transmitter separate from the receiver. Indeed, in some embodiments, thetransceiver 28 may include several transmitters and receivers, some or none of which are combined into single units. Thetransceiver 28 may transmit and receive OFDM signals (e.g., OFDM data symbols) to support data communication in wireless applications such as, for example, PAN networks (e.g., Bluetooth), WLAN networks (e.g., 802.11x Wi-Fi), WAN networks (e.g., 3G, 4G, and LTE cellular networks), WiMAX networks, mobile WiMAX networks, ADSL and VDSL networks, DVB-T and DVB-H networks, UWB networks, and so forth. Further, in some embodiments, thetransceiver 28 may be integrated as part of the network interfaces 26. As further illustrated, theelectronic device 10 may include apower source 29. Thepower source 29 may include any suitable source of power, such as a rechargeable lithium polymer (Li-poly) battery and/or an alternating current (AC) power converter. - In certain embodiments, the
electronic device 10 may take the form of a computer, a portable electronic device, a wearable electronic device, or other type of electronic device. Such computers may include computers that are generally portable (such as laptop, notebook, and tablet computers) as well as computers that are generally used in one place (such as conventional desktop computers, workstations, and/or servers). In certain embodiments, theelectronic device 10 in the form of a computer may be a model of a MacBook®, MacBook® Pro, MacBook Air®, iMac®, Mac® mini, or Mac Pro® available from Apple Inc. By way of example, theelectronic device 10, taking the form of anotebook computer 10A, is illustrated inFIG. 2 in accordance with one embodiment of the present disclosure. The depictedcomputer 10A may include a housing orenclosure 36, adisplay 18,input structures 22, and ports of an I/O interface 24. In one embodiment, the input structures 22 (such as a keyboard and/or touchpad) may be used to interact with thecomputer 10A, such as to start, control, or operate a GUI or applications running oncomputer 10A. For example, a keyboard and/or touchpad may allow a user to navigate a user interface or application interface displayed ondisplay 18. -
FIG. 3 depicts a front view of ahandheld device 10B, which represents one embodiment of theelectronic device 10. Thehandheld device 10B may represent, for example, a portable phone, a media player, a personal data organizer, a handheld game platform, or any combination of such devices. By way of example, thehandheld device 10B may be a model of an iPod® or iPhone® available from Apple Inc. of Cupertino, Calif. Thehandheld device 10B may include anenclosure 36 to protect interior components from physical damage and to shield them from electromagnetic interference. Theenclosure 36 may surround thedisplay 18.Enclosure 36 may also include sensing and processing circuitry that may be used to provide correction schemes described herein to provide smooth images indisplay 18. The I/O interfaces 24 may open through theenclosure 36 and may include, for example, an I/O port for a hardwired connection for charging and/or content manipulation using a standard connector and protocol, such as the Lightning connector provided by Apple Inc., a universal service bus (USB), or other similar connector and protocol. -
User input structures 22, in combination with thedisplay 18, may allow a user to control thehandheld device 10B. For example, theinput structures 22 may activate or deactivate thehandheld device 10B, navigate user interface to a home screen, a user-configurable application screen, and/or activate a voice-recognition feature of thehandheld device 10B.Other input structures 22 may provide volume control, or may toggle between vibrate and ring modes. Theinput structures 22 may also include a microphone may obtain a user's voice for various voice-related features, and a speaker may enable audio playback and/or certain phone capabilities. Theinput structures 22 may also include a headphone input to provide a connection to external speakers and/or headphones. -
FIG. 4 depicts a front view of anotherhandheld device 10C, which represents another embodiment of theelectronic device 10. Thehandheld device 10C may represent, for example, a tablet computer, or one of various portable computing devices. By way of example, thehandheld device 10C may be a tablet-sized embodiment of theelectronic device 10, which may be, for example, a model of an iPad® available from Apple Inc. of Cupertino, California. - Turning to
FIG. 5 , acomputer 10D may represent another embodiment of theelectronic device 10 ofFIG. 1 . Thecomputer 10D may be any computer, such as a desktop computer, a server, or a notebook computer, but may also be a standalone media player or video gaming machine. By way of example, thecomputer 10D may be an iMac®, a MacBook®, or other similar device by Apple Inc. It should be noted that thecomputer 10D may also represent a personal computer (PC) by another manufacturer. Asimilar enclosure 36 may be provided to protect and enclose internal components of thecomputer 10D such as thedisplay 18. In certain embodiments, a user of thecomputer 10D may interact with thecomputer 10D using various peripheral input devices, such as thekeyboard 22A ormouse 22B (e.g., input structures 22), which may connect to thecomputer 10D. - Similarly,
FIG. 6 depicts a wearableelectronic device 10E representing another embodiment of theelectronic device 10 ofFIG. 1 that may be configured to operate using the techniques described herein. By way of example, the wearableelectronic device 10E, which may include awristband 43, may be an Apple Watch® by Apple, Inc. However, in other embodiments, the wearableelectronic device 10E may include any wearable electronic device such as, for example, a wearable exercise monitoring device (e.g., pedometer, accelerometer, heart rate monitor), or other device by another manufacturer. Thedisplay 18 of the wearableelectronic device 10E may include a touch screen display 18 (e.g., LCD, OLED display, active-matrix organic light emitting diode (AMOLED) display, and so forth), as well asinput structures 22, which may allow users to interact with a user interface of the wearableelectronic device 10E. - Wireless communication to an
electronic device 10 from a transmitting device may be used to determine a distance between theelectronic device 10 and the transmitting device. This may be referred to as “wireless ranging.” For example, as shown inFIG. 7 , an initiator 60 (e.g., a first electronic device 10) may communicate with a responder 62 (e.g., a second electronic device 10) in aroom 64. Theroom 64 may havewalls initiator 60 may communicate wirelessly with theresponder 62 by sending a wireless ranging signal in the form of afirst wireless signal 68 that travels directly to theresponder 62 via a free-space channel 69 through a shortest free-space path. Meanwhile, a second copy of the wireless ranging signal in the form of asecond wireless signal 70 reaches theresponder 62 via a reflectedchannel 71 that reflects off of thewall 66A. A signal timing diagram 78 ofFIG. 8 shows that, as a consequence, theresponder 62 may initially receive the free-spacefirst wireless signal 68 intime 80 before receiving the reflectedsecond wireless signal 70. Because the reflectedsecond wireless signal 70 loses energy when thesecond wireless signal 70 reflects against thewall 66A, the free-spacefirst wireless signal 68 has a greater signal strength than the reflectedsecond wireless signal 70. In a situation like this, the stronger signal strength correlates with the channel in the most direct path between theinitiator 60 and theresponder 62. - But this is not always the case. Indeed, in some cases, such as the one shown by
FIG. 9 , anobstruction 90 may stand in the free-space path of thefirst wireless signal 68. This could happen, for example, when a person or furniture is located directly between theinitiator 60 and theresponder 62. Here, as shown by a signal timing diagram 98 ofFIG. 10 , the free-spacefirst wireless signal 68 may still arrive earlier intime 80 than the reflectedsecond wireless signal 70. However, the free-spacefirst wireless signal 68 is attenuated and may even have a lower signal strength than the reflectedsecond wireless signal 70. Accordingly, in some embodiments, theresponder 62 may employ areceiver system 100 as shown inFIG. 11 , which may aim to identify the shortest free-space channel 69 that conveys thefirst wireless signal 68, even when thefirst wireless signal 68 has a lower signal strength than signals from other channels (such as the reflectedsecond wireless signal 70 in the reflected channel 71). Thereceiver system 100 is described in block diagram form inFIG. 11 . The various components of thereceiver system 100 may be implemented in digital circuitry, software running on a processor (e.g., firmware), or some combination of these. - The
receiver system 100 ofFIG. 11 may receive digitized analog-to-digital (ADC)samples 102 received from an antenna of thetransceiver 28. Acorrelator 104 may compare the receivedADC samples 102 to a known preamble p. The preamble p may be a predefined set of values that is known at least to theinitiator 60 andresponder 62. In some embodiments, the preamble p may be publicly known. As such, the preamble p may be sent via plaintext in at least some embodiments. Moreover, the preamble p may take any suitable signal structure that enables thecorrelator 104 to accurately and/or efficiently (e.g., with reduced or minimal signal sidelobes) produce apreamble correlation signal 105. Thecorrelator 104 may provide thepreamble correlation signal 105 to achannel estimation block 106 and a start-of-frame delimiter (SFD)detector 108. Thechannel estimation block 106 may identify characteristics of the various channels (e.g., free-space channel 69, reflected channel 71), including which of the channels provides the earliest signal, by analyzing the preamble correlation signal 105 from thecorrelator 104. The channel that provides the earliest signal may be referred to in this disclosure as the “earliest channel.” Having identified the earliest channel, a firstpath correction block 110 may identify when the signal from the earliest channel was received (e.g., when in time thefirst wireless signal 68 was received on the free-space channel 69) as a first path correction value. The first path correction value can be used in combination with other information to determine a proximity between theinitiator 60 and theresponder 62. - The
ADC samples 102 may also enter a channel-matchedfilter 112 that analyzes theADC samples 102 for each channel based on the channel estimation from thechannel estimation block 106. The filtered results may be aligned in a frame timing block 114 according to the start-of-frame delimiter from theSFD detector 108 to extract data that can be demodulated in ademodulation block 116 and decoded in adecode block 118 to identify atimestamp 120. Thetimestamp 120 represents the time provided by theinitiator 60 that indicates when theinitiator 60 transmitted the communication to theresponder 62. By comparing the result of the firstpath correction block 110 and thetimestamp 120 in anadder 122, a time-of-flight value 124 may be computed. The time-of-flight value 124 represents the time taken for thefirst wireless signal 68 to travel the shortest free-space path via the free-space channel 69 between theinitiator 60 and theresponder 62. Using the time-of-flight value 124 and the physical parameter of the speed of electromagnetic radiation, the physical distance between theinitiator 60 and theresponder 62 can be estimated. - A timing diagram 130 shown in
FIG. 12 provides an example of the communication that may take place between theinitiator 60 and theresponder 62 using the system ofFIG. 11 . The timing diagram 130 shows that, at atime 132, theinitiator 60 begins to transmit awireless signal 134. Thewireless signal 134 may contain several components, including aninitial preamble p 136 and a start-of-frame delimiter (SFD) 138, followed by data 140 (which may encode the timestamp 120). Thewireless signal 134 may be received by theresponder 62 as the free-spacefirst wireless signal 68 and the reflectedsecond wireless signal 70. At atime 142, thecorrelator 104 of theresponder 62 may begin to analyze the received free-spacefirst wireless signal 68 and the reflectedsecond wireless signal 70 for a matching preamble p sequence (e.g., as thepreamble correlation signal 105 shown inFIG. 11 ). - In
FIG. 12 , a first preamble match is identified assignal 144 and occurs when a first preamble p sequence of the free-spacefirst wireless signal 68 is received. Thereafter, apreamble match signal 146 occurs every time the preamble p sequence is found in a corresponding receivedpreamble sequence 136A of the free-spacefirst wireless signal 68. Apreamble match signal 148 occurs every time the preamble p sequence is found in a corresponding receivedpreamble sequence 136B in the reflectedsecond wireless signal 70. In the example ofFIG. 12 , thepreamble match signal 146 appears earlier than thepreamble match signal 148, but thepreamble match signal 146 has a lower magnitude than thepreamble match signal 148 because the signal strength of the free-spacefirst wireless signal 68 is lower the reflected second wireless signal 70 (e.g., due to some obstruction along the free-space channel 69). Thecorrelator 104 may also identify components of a received start-of-frame delimiter (SFD) 138A of the free-spacefirst wireless signal 68 and of a received start-of-frame delimiter (SFD) 138B of the reflectedsecond wireless signal 70 as SFD match signals 150. For example, positiveSFD match signal 152 relates to the receivedSFD 138A, positiveSFD match signal 154 relates to the receivedSFD 138B, negativeSFD match signal 156 relates to the receivedSFD 138A, and negativeSFD match signal 158 relates to the receivedSFD 138B. The SFD match signals 150 allow theresponder 62 to identify the start of receiveddata correlator 104 is used to determine which of thesignals - Yet the system of
FIGS. 11 and 12 could be vulnerable to certain attacks. Building on the previous examples ofFIGS. 7 and 9 , inFIG. 13 , anattacker 170 may intercept the transmission from the initiator 60 (represented as intercepted wireless signal 172) and then delay and retransmit the interceptedwireless signal 172 as a false wireless ranging signal in the form of anattack signal 174 to theresponder 62. To distinguish from the true shortest free-space channel 69 and the reflectedpath channel 71, the channel through which theattack signal 174 reaches theresponder 62 will be referred to in this disclosure as anattack channel 176. Note also that, while theattacker 170 is shown to be between theinitiator 60 and theresponder 62, it is possible for theattacker 170 to be remote from theinitiator 60 and theresponder 62 and still mount an attack. In some cases, theattacker 170 could be very far (e.g., hundreds or even thousands of meters) from theinitiator 60 and theresponder 62. - The effect of the
attack signal 174 on thereceiver system 100 is shown by a signal timing diagram 188 inFIG. 14 , which builds on the example signal timing diagram 130 ofFIG. 12 . As such, a description of elements that appear in bothFIGS. 12 and 14 may be found in the previous discussion with reference toFIG. 12 . InFIG. 14 , theattacker 170 is shown to receive the interceptedwireless signal 172 quickly after it has been transmitted by theinitiator 60. The interceptedwireless signal 172 includes apreamble 136C and a start-of-frame delimiter (SFD) 138C that corresponds to thepreamble 136 and theSFD 138 from theinitiator 60. Theattacker 170 holds the signal for anattacker delay period 190 before transmitting theattack signal 174, which includes apreamble 136D and anSFD 138D that corresponds to thepreamble 136C and theSFD 138C. Theattacker delay period 190 delays theattack signal 174 just enough to cause theattack signal 174, when received by theresponder 62 as a receivedattack signal 192, to appear to be arriving earlier than either the free-spacefirst wireless signal 68 or the reflectedsecond wireless signal 70 due to the periodicity of thepreambles correlator 104 generates apreamble match signal 194 corresponding to a match to thepreamble 136D, it recurs before the preamble match signals 144 and 146 in arepeating pattern 196. As a consequence, theresponder 62 may interpret theattack channel 176 that carries theattack signal 174 to be the earliest channel. This may prevent or complicate the efforts by theresponder 62 to correctly identify the free-space channel 69. - A secure receiver system 210, shown in
FIG. 15 , may allow theresponder 62 to thwart attacks like those discussed above, while still allowing theresponder 62 to identify the shortest free-space channel 69 that conveys thefirst wireless signal 68. The receiver system 210 is described in block diagram form inFIG. 15 . The various components of the receiver system 210 may be implemented in digital circuitry, software running on a processor (e.g., firmware), or some combination of these. - The receiver system 210 of
FIG. 15 may receive digitized analog-to-digital (ADC)samples 102 received from an antenna of thetransceiver 28. Afirst correlator 104A may compare the receivedADC samples 102 to a known preamble p. The preamble p may be a predefined set of values that is known at least to theinitiator 60 andresponder 62. In some embodiments, the preamble p may be publicly known. As such, the preamble p may be sent via plaintext in at least some embodiments. Moreover, the preamble p may take any suitable signal structure that enables thefirst correlator 104A to accurately and/or efficiently (e.g., with reduced or minimal signal sidelobes) produce apreamble correlation signal 105. Thefirst correlator 104A may provide thepreamble correlation signal 105 to a firstchannel estimation block 106A and a start-of-frame delimiter (SFD)detector 108. The firstchannel estimation block 106A may estimate the various channels (e.g., free-space channel 69, reflectedchannel 71, attack channel 176), by analyzing the preamble correlation signal 105 from thefirst correlator 104A. Yet the firstchannel estimation block 106A may not alone identify the earliest channel if theattack signal 174 is being sent through theattack channel 176 in a way that makes theattack signal 174 appear to be the earliest signal. Instead, the firstchannel estimation block 106A may be used identify the various channels over which theresponder 62 may be receiving signals, since it is possible that an attacker signal (e.g., the attack signal 174) could spoof the preamble. Instead, as will be discussed further below, the receiver system 210 may use a shared secrete b to identify the earliest channel. - As in the
receiver system 100 discussed above, in the receiver system 210, theADC samples 102 may also enter a channel-matchedfilter 112 that analyzes theADC samples 102 for each channel identified by the firstchannel estimation block 106A. The filtered results may be aligned in a firstframe timing block 114A according to the start-of-frame delimiter from theSFD detector 108 to extract data that can be demodulated in ademodulation block 116 and decoded in adecode block 118 to identify atimestamp 120. Thetimestamp 120 represents the time provided by theinitiator 60 that indicates when theinitiator 60 transmitted the communication to theresponder 62. - In addition, the receiver system 210 may identify the earliest channel using a shared secret b. Namely, the shared secret b may be any cryptographically secure value that is known by both the
initiator 60 and theresponder 62, but which is not known by theattacker 170. In one example, the shared secret b appears as a cryptographically secure pseudorandom number. Thus, if theattacker 170 attempts to retransmit the shared secret b, which does not have a known periodicity like the preamble p that theattacker 170 could exploit, the retransmitted shared secret b would arrive later and could be identified as late for that reason. On the other hand, if theattacker 170 attempts to use a false shared secret b′, it will not match the shared secret b that is known by theresponder 62. - Thus, the receiver system 210 may use a second frame timing block 114B (which may reuse the same circuitry, software, or other processing logic as the first
frame timing block 114A) to align theADC samples 102 to the start of the frame to begin receiving data that ostensibly contains the shared secret b. Asecond correlator 104B (which may reuse the same circuitry, software, or other processing logic as thefirst correlator 104A) may provide shared secret match signals 212 to a secondchannel estimation block 106B (which may reuse the same circuitry, software, or other processing logic as the firstchannel estimation block 106A). - Because the shared secret b has a sufficiently high entropy to be secure, and therefore lacks the predictable periodicity of the preamble p, the shared secret match signals 212 output by the
second correlator 104B may have a higher-order behavior in comparison to the preamble match signals 105 output by thefirst correlator 104A. The higher-order behavior of the shared secret match signals 212 may manifest as sidelobes or other higher-order signal features. As such, when the shared secret match signals 212 enter the secondchannel estimation block 106B, channel estimation may be more difficult when the signal strength is relatively low, which could happen if the earliest free-space channel is obstructed in some way (e.g., if there is anobstruction 90 that lowers the signal strength of the free-spacefirst wireless signal 68 in the free-space channel 69). - Even so, because the
attacker 170 does not know the shared secret b, any data from theattack signal 174 that purports to represent a false shared secret b′ will not reliably produce the shared secret match signals 212 that would be expected from the true shared secret b. As such, the secondchannel estimation block 106B may not estimate theattack channel 176. Consequently, when the results of the channel estimation from the secondchannel estimation block 106B enter a firstpath correction block 110, only the channels for the true signals may be estimated. Thus, provided the signal strength is sufficient to overcome the higher-order behavior of the shared secret match signals 212, the firstpath correction block 110 may be able to determine the arrival time of thefirst wireless signal 68 on the free-space channel 69. By comparing the result of the firstpath correction block 110 and thetimestamp 120 in anadder 122, a time-of-flight value 124 may be computed. The time-of-flight value 124 represents the time taken for thefirst wireless signal 68 to travel the shortest free-space path via the free-space channel 69 between theinitiator 60 and theresponder 62. Using the time-of-flight value 124 and the physical parameter of the speed of electromagnetic radiation (e.g., the speed of light), the physical distance between theinitiator 60 and theresponder 62 can be estimated. - Another
secure receiver system 240, shown inFIG. 16 , may allow theresponder 62 to thwart attacks like those discussed above by filtering out theattack signal 174 using the shared secret b. Thereceiver system 240 is described in block diagram form. The various components of thereceiver system 240 may be implemented in digital circuitry, software running on a processor (e.g., firmware), or some combination of these. - The
receiver system 240 ofFIG. 16 may receive digitized analog-to-digital (ADC)samples 102 received from an antenna of thetransceiver 28. Afirst correlator 104A may compare the receivedADC samples 102 to a known preamble p. The preamble p may be a predefined set of values that is known at least to theinitiator 60 andresponder 62. In some embodiments, the preamble p may be publicly known. As such, the preamble p may be sent via plaintext in at least some embodiments. Moreover, the preamble p may take any suitable signal structure that enables thefirst correlator 104A to accurately and/or efficiently (e.g., with reduced or minimal signal sidelobes) produce apreamble correlation signal 105. Thefirst correlator 104A may provide thepreamble correlation signal 105 to a firstchannel estimation block 106A and a start-of-frame delimiter (SFD)detector 108. The firstchannel estimation block 106A may estimate the various channels (e.g., free-space channel 69, reflectedchannel 71, attack channel 176) by analyzing the preamble correlation signal 105 from thefirst correlator 104A. The result may include a channel impulse response (CIR) that includes the impulse response from the preambles of the various received signals (e.g., free-spacefirst wireless signal 68, reflectedsecond wireless signal 70, attack signal 174). This may be provided to a firstpath correction block 110, but the firstpath correction block 110 may not alone rely on the CIR that includes all of the signals to identify the earliest signal arrival to perform first path correction. - Indeed, since the
attack signal 174 could be sent through theattack channel 176 in a way that makes theattack signal 174 appear to be the earliest signal, the receiver system 210 may use a shared secrete b to identify theattack signal 174 so it can be filtered out of the CIR at the firstpath correction block 110. This will be discussed further below. - Before doing so, it is noted that, as in the
receiver systems 100 and 210 discussed above, in thereceiver system 240, theADC samples 102 may also enter a channel-matchedfilter 112 that analyzes theADC samples 102 for each channel identified by the firstchannel estimation block 106A. The filtered results may be aligned in a firstframe timing block 114A according to the start-of-frame delimiter from theSFD detector 108 to extract data that can be demodulated in ademodulation block 116 and decoded in adecode block 118 to identify atimestamp 120. Thetimestamp 120 represents the time provided by theinitiator 60 that indicates when theinitiator 60 transmitted the communication to theresponder 62. - In addition, the
receiver system 240 may identify theattack signal 174 using a shared secret b. Namely, the shared secret b may be any cryptographically secure value that is known by both theinitiator 60 and theresponder 62, but which is not known by theattacker 170. In one example, the shared secret b appears as a cryptographically secure pseudorandom number. Thus, if theattacker 170 attempts to retransmit the shared secret b, which does not have a known periodicity like the preamble p that theattacker 170 could exploit, the retransmitted shared secret b would arrive later and could be identified as late for that reason. On the other hand, if theattacker 170 attempts to use a false shared secret b′, it will not match the shared secret b that is known by theresponder 62. - Thus, the
receiver system 240 may use a second frame timing block 114B (which may reuse the same circuitry, software, or other processing logic as the firstframe timing block 114A) to align theADC samples 102 to the start of the frame to begin receiving data that ostensibly contains the shared secret b. Alocal copy 242 of the shared secret b may be provided to a secondchannel match filter 112B (which may reuse the same circuitry, software, or other processing logic as the first channel matchedfilter 112A) and the result subtracted in asubtraction operation 244 from the received data. Because theattacker 170 does not know the shared secret b, theattack signal 174 may use a false shared secret b′ that does not match the shared secret b. As a consequence, when the output of thesubtraction operation 244 enters asecond correlator 104B (which may reuse the same circuitry, software, or other processing logic as thefirst correlator 104A), any component related to a non-attacker signal (e.g., the free-spacefirst wireless signal 68 or the reflected second wireless signal 70) may result in perfect correlation. - On the other hand, because the shared secret b has a sufficiently high entropy to be secure, and because the
attacker 170 does not know the shared secret b, any data from theattack signal 174 that includes a false shared secret b′ will produce a noise signal when passed through thesecond correlator 104B. Moreover, the noise signal will have a random pattern since the false shared secret b′ can be expected only to randomly correlate with the true shared secret b. Because the resulting noise signal caused by correlating the false shared secret b′ to the true shared secret b will have a predictable noise pattern, anattacker estimation block 246 may use this predictable noise pattern to identify theattack signal 174 on theattack channel 176. Anattack signal estimate 248 that corresponds to theattack signal 174 may be provided to the firstpath correction block 110. - The first
path correction block 110 may filter out the component of the CIR that corresponds to theattack signal estimate 248, relying on the channel estimation from thechannel estimation block 106 based on the preamble b to determine the first path correction. In this way, the firstpath correction block 110 of thereceiver system 240 ofFIG. 16 may be able to determine the arrival time of thefirst wireless signal 68 on the free-space channel 69 based on the preamble b without performing channel estimation on a shared secret match signal that could have higher-order behavior (e.g., sidelobes), as in the receiver system 210 ofFIG. 15 . Accordingly, thereceiver system 240 ofFIG. 16 may be more sensitive to a weaker signal through a true free-space path. By comparing the result of the firstpath correction block 110 and thetimestamp 120 in anadder 122, a time-of-flight value 124 may be computed. The time-of-flight value 124 represents the time taken for thefirst wireless signal 68 to travel the shortest free-space path via the free-space channel 69 between theinitiator 60 and theresponder 62. Using the time-of-flight value 124 and the physical parameter of the speed of electromagnetic radiation (e.g., the speed of light), the physical distance between theinitiator 60 and theresponder 62 can be estimated. - In the
receiver system 240 ofFIG. 16 , the operational results of processing the preamble may be represented as follows: -
- where htrue represents the true free-
space channel 69, hattack represents theattack channel 176, p represents the preamble sequence known to both theinitiator 60 and theattacker 170, pRX represents the correlation of the preambles from the various channels received by theresponder 62, and ĥ: represents the estimated earliest channel due to the combined true free-space channel 69 andattack channel 176. Here, the known preamble p has perfect autocorrelation. - On the other hand, since the shared secret b is not known to the
attacker 170, a false shared secret b′ sent in theattack signal 174 would be independent of the true shared secret b sent in the true free-spacefirst wireless signal 68. Thus, in thereceiver system 240 ofFIG. 16 , the operational results of processing the true shared secret b in the true free-spacefirst wireless signal 68 and the false shared secret b′ sent in theattack signal 174 may be represented as follows: - where htrue represents the true free-
space channel 69, hattack represents theattack channel 176, b represents the true shared secret known to theinitiator 60 but not theattacker 170, b′ represents a false shared secret sent by theattacker 170, bRX represents the correlation of the false and true shared secrets from the various channels received by theresponder 62, and ĥ′ represents the estimatedattack channel 176. Here, the true shared secret b, but not the false shared secret b′, has at least partial autocorrelation. In other words, the use of the shared secret b, and the fact that it is not known to theattacker 170, can be used to estimate theattacker channel 176 and reject theattack signal 174 on theattack channel 176. - An example is shown in
FIG. 17 . Aplot 270 represents a channel impulse response (CIR) that includes the impulse response from the preambles of various received signals, including true signals from an initiator 60 (e.g., the free-spacefirst wireless signal 68 from the free-space channel 69, and the reflectedsecond wireless signal 70 from the reflected channel 71), as well as a false signal from an attacker 170 (e.g., theattack signal 174 from the attack channel 176). Aplot 272 represents a channel impulse response (CIR) from anattack channel estimate 248 as determined using thereceiver system 240, as discussed above. By rejecting the portions of the CIR signal due to the estimated attack channel 248 (e.g., as shown in plot 272) from the CIR signal due to all of the channels (e.g., as shown in plot 270), a corrected CIR may be obtained as shown in aplot 274. The corrected CIR ofplot 274 may include substantially only true signals from theinitiator 60. Indeed, this may allow even afaint CIR signal 276 to be detected, which may be due to the true free-spacefirst wireless signal 68 of the free-space channel 69 because it is the earliest signal. Accordingly, an accurate first path correction may be determined even in the presence of an attacker that spoofs a preamble, and even when the rue free-spacefirst wireless signal 68 of the free-space channel 69 is attenuated. With the accurate first path correction, an accurate and secure wireless ranging operation may be performed via the time-of-flight, to thereby determine a proximity between theinitiator 60 and theresponder 62. - The specific embodiments described above have been shown by way of example, and it should be understood that these embodiments may be susceptible to various modifications and alternative forms. It should be further understood that the claims are not intended to be limited to the particular forms disclosed, but rather to cover all modifications, equivalents, and alternatives falling within the spirit and scope of this disclosure.
Claims (20)
1. An electronic device, comprising:
an antenna configured to receive a first wireless signal from a first transmitting device, the first wireless signal having a first preamble and a cryptographically secure value, the cryptographically secure value being shared by the first transmitting device and the electronic device, and a second wireless signal from a second transmitting device, the second wireless signal having a second preamble that imitates at least part of the first preamble; and
a receiver system coupled to the antenna and configured to
filter at least part of the second wireless signal from the first wireless signal based at least in part on the cryptographically secure value of the first wireless signal,
determine a time-of-flight of the first wireless signal after filtering at least part of the second wireless signal, and
determine a first path correction using a channel estimation for the first wireless signal based on the time-of-flight.
2. The electronic device of claim 1 , comprising an analog-to-digital converter configured to convert the first wireless signal and the second wireless signal to a digitized form, wherein the receiver system is configured to receive the digitized form of the first wireless signal and the second wireless signal from the analog-to-digital converter.
3. The electronic device of claim 1 , wherein the antenna is configured to receive the second wireless signal via an indirect path between the electronic device and the first transmitting device, the indirect path traversing a greater distance than a free-space path between the electronic device and the first transmitting device, and the second wireless signal representing a delayed version of the first wireless signal.
4. The electronic device of claim 1 , wherein the receiver system is configured to identify that the first wireless signal and not the second wireless signal was received via a free-space path between the electronic device and the first transmitting device when the second wireless signal has a higher signal strength than the first wireless signal.
5. The electronic device of claim 1 , wherein the receiver system is configured to identify that the first wireless signal and not the second wireless signal was received via a free-space path between the electronic device and the first transmitting device based at least in part on an earlier detection of a component of the first preamble of the first wireless signal.
6. The electronic device of claim 1 , wherein the receiver system is configured to correlate a local copy of the cryptographically secure value with the first wireless signal and with the second wireless signal to filter the first wireless signal from the second wireless signal.
7. The electronic device of claim 1 , wherein the receiver system is configured to correlate a digital sample of the first wireless signal with a known preamble sequence to determine a preamble correlation signal, the preamble correlation signal indicative of a wireless signal communicated through a free-space channel or a reflected channel.
8. The electronic device of claim 1 , wherein the receiver system is configured to perform the channel estimation for the first wireless signal using the first preamble of the first wireless signal.
9. A method comprising:
receiving, via a receiver system, a first wireless signal from a first electronic device and a second wireless signal from a second electronic device, wherein the first wireless signal comprises a first preamble and a cryptographically secure value and the second wireless signal comprises a second preamble;
filtering, via the receiver system, the second wireless signal from the first wireless signal; and
estimating, via processing circuitry, a wireless channel of a shortest free-space path based at least in part on filtering the second wireless signal from the first wireless signal.
10. The method of claim 9 , wherein filtering the second wireless signal is based on a local copy of the cryptographically secure value, the cryptographically secure value indicative of wireless signals being transmitted from trusted or known devices.
11. The method of claim 9 , wherein the first preamble and the second preamble are public known values.
12. The method of claim 9 , wherein the first preamble and the second preamble are plaintext.
13. The method of claim 9 , wherein filtering utilizes the cryptographically secure value and estimating the wireless channel of the shortest free-space path utilizes the first preamble and the second preamble.
14. The method of claim 9 , comprising determining, via the processing circuitry, a physical distance from the first electronic device based on a time-of-flight of the first wireless signal and a physical parameter of speed of electromagnetic radiation.
15. The method of claim 9 , comprising
receiving, via the receiver system, a third wireless signal comprising a third preamble and a false cryptographically secure value; and
filtering, via the receiver system, the third wireless signal from the first wireless signal based at least in part on a first correlation of the false cryptographically secure value with a locally stored copy of the cryptographically secure value being less correlated than a second correlation of the cryptographically secure value of the first wireless signal with the locally stored copy of the cryptographically secure value.
16. The method of claim 9 , comprising
receiving, via the receiver system, a third wireless signal comprising a third preamble and a false cryptographically secure value;
determining, via the processing circuitry, a first correlation between the cryptographically secure value of the first wireless signal and a locally stored copy of the cryptographically secure value;
determining, via the processing circuitry, a second correlation between the false cryptographically secure value of the third wireless signal and the locally stored copy of the cryptographically secure value, the second correlation comprising a noise pattern caused by correlating the false cryptographically secure value and the cryptographically secure value; and
filtering, via receiver system, the third wireless signal from the first wireless signal based at least in part on the noise pattern.
17. The method of claim 16 , comprising
determining, via the processing circuitry, a time-of-flight of the first wireless signal; and
estimating, via the processing circuitry, the wireless channel of the shortest free-space path based at least in part on the time-of-flight of the first wireless signal without determining the time-of-flight of the second wireless signal, the third wireless signal, or both.
18. One or more tangible, non-transitory, machine-readable media comprising instructions that, when executed by one or more processors of the machine, cause the machine to:
receive a plurality of wireless signals, each of the plurality of wireless signals comprising a preamble and a secure value;
compare the preamble of each of the plurality of wireless signals with a stored secure value;
filter one or more wireless signals of the plurality of wireless signals from the plurality of wireless signals based on one or more mismatches between the secure value of each of the one or more wireless signals and the stored secure value; and
determine an earliest channel using the preamble of remaining one or more wireless signals of the plurality of wireless signals.
19. The one or more tangible, non-transitory, machine-readable media of claim 18 , wherein the secure value comprises a cryptographically secure pseudorandom number.
20. The one or more tangible, non-transitory, machine-readable media of claim 18 , wherein the earliest channel corresponds to a shortest direct path.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/549,517 US20220104019A1 (en) | 2017-09-28 | 2021-12-13 | Secure Channel Estimation Architecture |
US17/947,066 US20230027851A1 (en) | 2017-09-28 | 2022-09-16 | Secure Channel Estimation Architecture |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201762564901P | 2017-09-28 | 2017-09-28 | |
US15/883,785 US11218876B2 (en) | 2017-09-28 | 2018-01-30 | Secure channel estimation architecture |
US17/549,517 US20220104019A1 (en) | 2017-09-28 | 2021-12-13 | Secure Channel Estimation Architecture |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/883,785 Continuation US11218876B2 (en) | 2017-09-28 | 2018-01-30 | Secure channel estimation architecture |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/947,066 Continuation US20230027851A1 (en) | 2017-09-28 | 2022-09-16 | Secure Channel Estimation Architecture |
Publications (1)
Publication Number | Publication Date |
---|---|
US20220104019A1 true US20220104019A1 (en) | 2022-03-31 |
Family
ID=65808165
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/883,785 Active 2040-01-15 US11218876B2 (en) | 2017-09-28 | 2018-01-30 | Secure channel estimation architecture |
US17/549,517 Pending US20220104019A1 (en) | 2017-09-28 | 2021-12-13 | Secure Channel Estimation Architecture |
US17/947,066 Pending US20230027851A1 (en) | 2017-09-28 | 2022-09-16 | Secure Channel Estimation Architecture |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/883,785 Active 2040-01-15 US11218876B2 (en) | 2017-09-28 | 2018-01-30 | Secure channel estimation architecture |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/947,066 Pending US20230027851A1 (en) | 2017-09-28 | 2022-09-16 | Secure Channel Estimation Architecture |
Country Status (1)
Country | Link |
---|---|
US (3) | US11218876B2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20200053689A1 (en) * | 2018-08-09 | 2020-02-13 | Apple Inc. | Object tracking and authentication using modular wall units |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10746844B2 (en) * | 2018-10-16 | 2020-08-18 | The Regents Of The University Of Michigan | Low-power, long-range RF localization system and method |
EP3667951B1 (en) * | 2018-12-13 | 2022-06-29 | ADVA Optical Networking SE | Determination of the latency of an optical transmission link |
US11041948B2 (en) * | 2019-04-08 | 2021-06-22 | Apple Inc. | Channel estimation combining for secure time of flight applications |
US11546766B2 (en) * | 2019-09-16 | 2023-01-03 | Nxp B.V. | First path acceptance for secure ranging |
US11552662B1 (en) | 2021-08-30 | 2023-01-10 | Rockwell Collins, Inc. | Method for improving detection in multipath channels |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6700538B1 (en) * | 2000-03-29 | 2004-03-02 | Time Domain Corporation | System and method for estimating separation distance between impulse radios using impulse signal amplitude |
US20060274843A1 (en) * | 2005-06-01 | 2006-12-07 | Samsung Electronics Co., Ltd. | Apparatus and method for transmitting/receiving preamble signal in a wireless communication system |
US20140185709A1 (en) * | 2011-12-28 | 2014-07-03 | Yuval Amizur | Transmitter precoding for optimizing positioning performance |
US20150141034A1 (en) * | 2013-11-18 | 2015-05-21 | Qualcomm Incorporated | Method and apparatus for ranging using channel estimation with interference rejection |
-
2018
- 2018-01-30 US US15/883,785 patent/US11218876B2/en active Active
-
2021
- 2021-12-13 US US17/549,517 patent/US20220104019A1/en active Pending
-
2022
- 2022-09-16 US US17/947,066 patent/US20230027851A1/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6700538B1 (en) * | 2000-03-29 | 2004-03-02 | Time Domain Corporation | System and method for estimating separation distance between impulse radios using impulse signal amplitude |
US20060274843A1 (en) * | 2005-06-01 | 2006-12-07 | Samsung Electronics Co., Ltd. | Apparatus and method for transmitting/receiving preamble signal in a wireless communication system |
US20140185709A1 (en) * | 2011-12-28 | 2014-07-03 | Yuval Amizur | Transmitter precoding for optimizing positioning performance |
US20150141034A1 (en) * | 2013-11-18 | 2015-05-21 | Qualcomm Incorporated | Method and apparatus for ranging using channel estimation with interference rejection |
Non-Patent Citations (1)
Title |
---|
Chacko et. al.(2017).Physical Gate Based Preamble Obfuscation for Securing Wireless Communication.2017 International Conference on Computing, Networking and Communications: Wireless Communications. IEEEXplore.(Year:2017) (Year: 2017) * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20200053689A1 (en) * | 2018-08-09 | 2020-02-13 | Apple Inc. | Object tracking and authentication using modular wall units |
US11722985B2 (en) * | 2018-08-09 | 2023-08-08 | Apple Inc. | Object tracking and authentication using modular wall units |
Also Published As
Publication number | Publication date |
---|---|
US20230027851A1 (en) | 2023-01-26 |
US20190098507A1 (en) | 2019-03-28 |
US11218876B2 (en) | 2022-01-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220104019A1 (en) | Secure Channel Estimation Architecture | |
Dey et al. | AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable. | |
US9489963B2 (en) | Correlation-based two microphone algorithm for noise reduction in reverberation | |
WO2012063532A1 (en) | Arrival angle calculation device | |
TW200518587A (en) | System and operating method for detecting eavesdropping device by using image | |
TWI551171B (en) | Method and device for detecting primary synchronization signal | |
US9246545B1 (en) | Adaptive estimation of delay in audio systems | |
WO2017097930A1 (en) | Methods and devices for estimating secret values | |
JP7254936B2 (en) | Information reception method, transmission method, terminal and network side equipment | |
CN109120245B (en) | Soft clipping detection based on hybrid model | |
US20230117257A1 (en) | Detection and synchronization of audio transmissions using complex audio signals | |
WO2019154320A1 (en) | Method and device for determining detection information in search space | |
Zhao et al. | Wavelet transform for spectrum sensing in Cognitive Radio networks | |
US8924206B2 (en) | Electrical apparatus and voice signals receiving method thereof | |
CN109348503A (en) | A kind of monitor method of wireless communication link, device, equipment and system | |
CN110190947B (en) | Information encryption and decryption method, terminal and computer readable storage medium | |
WO2013075484A1 (en) | Method and device for detecting interference | |
US11902756B2 (en) | Directional detection and acknowledgment of audio-based data transmissions | |
CN106782614B (en) | Sound quality detection method and device | |
TWI575896B (en) | Signal Detection Method and Device | |
JP2022094196A (en) | Communication monitoring system, communication monitoring method, and program | |
US10523261B2 (en) | Co-channel wireless detection | |
US20220385503A1 (en) | Magnitude equalization of audio-based data transmissions | |
WO2019085913A1 (en) | Data processing method based on ofdm system, and smart terminal | |
US11361774B2 (en) | Multi-signal detection and combination of audio-based data transmissions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |