The IEEE 802.11mc standard introduces fine time measurement (Wi-Fi FTM), allowing high-precision synchronization between peers and round-trip time calculation (Wi-Fi RTT) for location estimation - typically with a precision of one to two meters. This has considerable advantages over received signal strength (RSS)-based trilateration, which is prone to errors due to multipath reflections. We examine different commercial radios which support Wi-Fi RTT and benchmark Wi-Fi FTM ranging over different spectrums and bandwidths. Importantly, we find that while Wi-Fi FTM supports localization accuracy to within one to two meters in ideal conditions during outdoor line-of-sight experiments, for indoor environments at short ranges similar accuracy was only achievable on chipsets supporting Wi-Fi FTM on wider (VHT80) channel bandwidths rather than narrower (HT20) channel bandwidths. Finally, we explore the security implications of Wi-Fi FTM and use an on-air sniffer to demonstrate that Wi-Fi FTM messages are unprotected. We consequently propose a threat model with possible mitigations and directions for further research.
翻译:IEEE 802.11mc 标准引入了精细的时间测量(Wi-Fi FTM),允许同龄人之间高精度同步和圆程时间计算(Wi-Fi RTT),以进行地点估计 -- -- 通常精确度为一至二米 -- -- 这比收到信号强度(RSS)的三推法有很大的优势,因为多路反射很容易造成误差。我们检查了支持Wi-Fi RTT的不同商业无线电台和对不同频谱和带宽的Wi-Fi FTM的基准。 重要的是,我们发现Wi-FTM支持在户外视线实验期间理想条件下一至两米范围内的本地化精确度,因为短距离的室内环境的精确度只有支持Wi-FTM的芯片(VHT80)频道带宽度而不是窄带宽(HT20频道带宽带宽)才能实现。最后,我们探索Wi-FTM的安保影响,并使用一个在线嗅觉显示Wi-FTM信息不受保护。我们因此提出一个威胁模型,因此提出可能进行缓解和进一步研究。</s>