| In the virtual world of networked electronic services, finding the physical location of a device, or determining the properties of the link between two devices, might be as important as knowing their identities. Consider, for example, a sensor whose role is counting traffic at some location, or the link between a proximity card and its reader. Moreover, since there is no compulsion to believe a device (called prover), its location should be independently computable by its neighbors (called verifiers). Thus, the goal of our work is to develop a set of techniques for merging the concepts of "identity authentication" with either "location authentication" or "adjacency authentication" into a single peer-to-peer protocol.; First, we study the problem of improving the accuracy with which a higher-layer protocol entity (running in software on an ordinary computer system, say) can determine the time-of-arrival for a particular packet and/or the inter-arrival time between a particular packet pair. We show that by making a few minor changes to the network card and its software interface to the operating system device driver, the protocol entity can easily obtain this information, offline, with reference to the high-precision clock maintained by the physical layer in its own network card. Next, we propose two methods for reducing timing errors related to the prover's response processing delay. For wired network connections (such as full-duplex Ethernet links), we propose a physical layer assisted approach, which reduces this delay to its theoretical minimum (i.e., one inter-symbol time on the link), and forces the prover to send its response simultaneously and at the identical data rate with the incoming challenge. For wireless networks (such as 802.11 networks), we propose a multi-verifier approach that completely eliminates that delay from the position computation. However, any measurement might involve unintended errors; we found that, in positioning, same magnitude of measurement error leads to different amount positioning error depending on the relative location of the participants. Finally, we propose the Principle of Partial Response (PPR), which is a novel technique for binding together existing methods for identity authentication with a new protocol for solving the "proof-of-adjacency" problem between two peer nodes. |
