As wireless technologies become more pervasive, it becomes increasingly important for devices to authenticate the locations of other devices. For example, patients with implantable medical devices (IMDs) may reasonably expect that any device used to control their IMD would have to be within arm's reach, to help prevent unauthorized access to their device. In other words, IMDs should enforce policies based on the proximity, and in general the location, of wirelessly connected devices. Similar examples exist in many application areas: contactless payment terminals may require credit cards to be located in front of the terminals; wireless routers may require network users to be located in the same building; GPS devices may require signals to come from satellites (rather than from adversaries masquerading as satellites); and mobile phones may require signals to come from known, legitimate cell-tower locations. Hence, the security of many wireless devices could be improved by enforcing proximity-based policies on remote devices' locations.
This project aims to address the problem that, although proximity-policy enforcement would improve the security of many wireless devices, robust techniques and tools do not yet exist for enforcing such policies. The project addresses this problem by creating such techniques and tools. The proximity-authentication techniques will allow a device to passively authenticate the location of remote device, without having to send messages to, or share secrets with, the remote device. They identify the proximity of a remote target by utilizing the multipath effect, in which a wireless signal sent by a transmitter propagates to the receiver in the air along multiple paths due to reflection, diffraction, and scattering. The proximity authentication decision is made based on amplitude ratios of wireless signal copies traveling on these prorogation paths. The proximity-policy enforcement tools will include (1) an expressive language, and a graphical interface, for specifying remote-device location policies, (2) an engine for statically analyzing specified location policies, in order to notify security engineers as to how accurately their policies can be enforced and whether their policies are unsatisfiable, and (3) a compilation module to transform valid policies into concrete enforcement code that can be inlined or otherwise hooked into a device's existing connection-establishment code.
