Nothing or little has been written on what IEEE 802.15.4z is about and most importantly what its security benefits are for next generation secure access control applications!
Several articles have been recently published on the UWB standardization effort within IEEE Task Group 802.15.4z including a most recent article from UWB Alliance:
IEEE 802.15.4z aims to enable next generation secure keyless access for vehicles (solving relay attack problem), secure corporate and home buildings augmented access, secure proximity-based mobile payments, etc.
Security applications must rely on secure distance measurement. The key is to prove that the measured distance between two devices is secure, i.e., cannot be decreased by even the strongest possible attacker. IEEE 802.15.4z is a standard for Secure Ranging and must provide strong security guarantees and security levels compliant with current and future state-of-art access control standards such as NFC. Academic research has shown that other wireless standards such as WiFi and Bluetooth cannot provide sufficient security guarantees due to inherent limitations in their physical layer signaling.
IEEE 802.15.4z enhances the existing UWB PHYs in IEEE 802.15.4 standard for Low-Rate Wireless Networks, namely LRP (Low Rate Pulse repetition frequency) and HRP (High Rate Pulse repetition frequency) UWB PHYs and provides mechanisms to securely prove the distance measured between devices. Both PHYs also share a common MAC layer in order to provide full interoperability on the application level for both distance ranging and security purposes.
Thanks to security research efforts published in the past more than 25 years and security expertise of several top universities, most notably ETH Zurich, we have been able to propose precise security definitions and provide proven security guarantees for secure ranging based on the UWB LRP PHY part of IEEE 802.15.4z specification.
IEEE 802.15.4z with LRP PHY together with secure MAC-level constructions provides a strictly defined security standard for the chip vendors to implement and ultimately enables the access control industry to develop a new set of applications on a strong security basis. The 4z LRP PHY specification also enables very low current consumption (< 7 mA) for the ecosystem of battery-powered devices (e.g., car keys, battery-powered door locks, and mobile payment terminals) and low-cost silicon implementations for next generation secure access control applications.
Unlike 4z LRP PHY, the security of 4z HRP PHY and secure ranging operation is not specified. Secure ranging with 4z HRP PHY is being specified by several IC vendors including Decawave and NXP here and marketed for mobile security in this recent article.
During the last IEEE meeting in St. Louis (USA) in January we have again officially raised the topic of security and interoperability within the Task Group 4z (the group responsible for the IEEE 802.15.4z specification). We summarized and presented the current status of 4z LRP and 4z HRP secure ranging schemes in a public Task Group 4z presentation Secure Ranging Definitions and Interoperability.
We pointed out several severe shortcomings regarding the security of the 4z HRP PHY, including lack of security definitions, no security levels and no security analysis. For more public discussions, follow Twitter blog of Prof. Dr. Srdjan Capkun (ETH Zurich)
In addition to the security concerns, the lack of security definitions and security levels related to 4z HRP schemes included in the latest standard drafts will make it impossible to achieve interoperability between IC manufacturers and subsequently ensure security interoperability by application providers, i.e., the operation of two ICs performing secure ranging at the same level of security with same security guarantees required by the application.
Finally, while the next generation of provably secure and convenient proximity-based access control radio technology is on a good track, we cannot ignore the issues regarding the security and interoperability of 4z HRP PHY.
We are glad that we have initiated the IEEE 802.15.4z standard in November 2017 and we will continue to actively contribute to it. We hope the above mentioned shortcomings will be addressed in the next IEEE meetings such that both IC vendors can implement this exciting technology in a well-defined, standardized and secure way.