Draft:Early Detect Late Commit

Review waiting, please be patient. This may take 7 weeks or more, since drafts are reviewed in no specific order. There are 1,451 pending submissions waiting for review. If the submission is accepted, then this page will be moved into the article space. If the submission is declined, then the reason will be posted here. In the meantime, you can continue to improve this submission by editing normally. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Easy tools: Citation bot (help) | Advanced: Fix bare URLs Reviewer tools Instructions · What links here · Early Detect Late Commit (talk: + · bio) · (log) · Copyvios report · reFill · Citation Bot · (Search: Google, Wikipedia) · Submitted 35 hours ago by Selquim (talk: D · +) · Last edited 4 hours ago by Citation bot

Early Detect Late Commit (EDLC, ED/LC) is a physical-layer distance-reducing attack affecting wireless ranging systems such as UWB ranging^[1] or Chirp Spread Spectrum (CSS). These kinds of systems are used in vehicles for keyless entry,^[2] localisation in consumer (e.g., Apple AirTag) and industrial applications.^[3] By using the ED/LC attack, an attacker can artificially reduce the measured distance between two wireless devices, effectively circumventing an application's requirement of physical viscinity (e.g., only unlock car if keyfob is sufficiently close).

Time of flight-based ranging systems leveraging Ultra-wide band or Chirp Spread Spectrum (CSS) measure distance by estimating the time it takes a signal to propagate through a medium (usually air) at a known speed (approximately ${\displaystyle c}$, the speed of light, in air). The total round-trip time ${\displaystyle t_{ToF}}$ between a verifier (e.g., car) and a prover (e.g., keyfob) a distance ${\displaystyle d}$ apart equals the sum of the total propagation delay ${\displaystyle 2d/c}$ and a processing delay ${\displaystyle t_{p}}$. This processing delay is fixed and known to the verifier, such that it that can be substracted from ${\displaystyle t_{ToF}}$ to calculate the actual propagation delay and physical distance ${\displaystyle d}$.

To reduce the apparent distance as measured by the verifier, an attacker has to reduce the round-trip time ${\displaystyle t_{ToF}}$. As it is not possible to shorten the actual propagation delay of the radio wave (as it is already propagating at the speed of light), an attacker has to reduce the processing time ${\displaystyle t_{p}}$. For the attack to be relevant, an attacker has to shorten ${\displaystyle t_{p}}$ to such an extent that it completely compensates the additional distance the attacker wants to introduce.

A reduction of the total time can be achieved because an attacker might not need to fully receive a symbol before they can determine the symbol value. This is possible because a symbol has non-zero length and carries redundant information. Specifically, in the case of chirp signals, an attacker does not have to receive the complete up- or down-chirp lasting ${\displaystyle t_{\mathrm {chirp} }}$, instead they can early-detect the type of chirp (up or down) prematurely after time ${\displaystyle t_{ed}}$. Before the attacker learns the actual value of the symbol, they already start to transmit an arbitrary signal. Only when the value of the symbol is known to the attacker after ${\displaystyle t_{lc}}$, they can switch from the arbitrary signal to the actual symbol value (they late-commit to the actual value). Even if the symbol was arbitrary up to ${\displaystyle t_{lc}}$, the receiver ideally still correctly decodes the symbol, due to intentional redundance when sending the symbol for the full ${\displaystyle t_{\mathrm {chirp} }}$.^[4]

It is possible to defend against ED/LC attacks in Ultra-wideband-based systems by randomly reordering pulses. As only the sender and receiver (i.e., prover and verifier) know the correct sequence to (de)scramble the pulses, the bits are completely unpredictable for an attacker. Hence, an attacker is unable to detect a symbol value early.^[5]