Secure indoor positioning: Relay attacks and mitigation using presence sensing systems

摘要

Secure indoor positioning is critical to successful adoption of location-based services in buildings. However, positioning based on off-the-air signal measurements is prone to various security threats. In this paper, we provide an overview of security threats encountered in such indoor positioning systems, and particularly focus on the relay threat. In a relay attack, a malicious entity may gain unauthorized access by introducing a rogue relay device in a zone of interest, which is then validly positioned by the location network, and then transfer the control rights to a malicious device outside the zone. This enables the malicious entity to gain access to the application network using the rogue device. We present multiple solutions relying on a presence sensing system to deal with this attack scenario. In one solution, a localized presence sensing system is used to validate the user presence in the vicinity of the position before location-based control is allowed. In another solution, the user device is required to respond to a challenge by a physical action that may be observed and validated by the presence sensing system.