The Insecurity of Time-of-Arrival Distance-Ranging in IEEE 802.11 Wireless Networks
Two-way Time-Of-Arrival (TOA) distance-ranging is well-suited for use in IEEE 802.11 MANETs and wireless mesh networks because it is simple, efficient and does not require precise time synchronization between network stations. Despite its utility the authors show that this distance-ranging procedure is completely insecure and demonstrate how it can be subverted by a simple but highly effective attack. This attack allows the adversary comprehensive and fine-grained control over the distance reported by the procedure. Such adversaries can appear to be either much further away or much closer than they are in reality.