2.3.1.1 Operating Modes for Combined Ranging and Data Communication

A combined ranging and data communication can be performed with:
  • Using the data communication as described in Data Communication with the RX and TX modes and enabling the Time Difference of Arrival (TDoA) timestamp capturing. The data telegram will, then, include 6 additional bytes for the TX timestamp information. For more details, refer to ATA8352 Impulse-Radio Ultra-Wideband (IR-UWB) Transceiver User’s Guide (DS50003125). Depending on the system mode, a total of 64 or 128 data bytes are available. Encrypt the data to ensure secure communication. For example, using AES and FEC must be applied to allow the correction of bit errors using RS. If the authentication of the origin of the data telegram is important, a MAC must be added.

    For the ranging, the Double-Sided Two-Way-Ranging (DS-TWR) can be used, but this will require the exchange of at least 3 data telegrams between the anchor and tag node. For more details, refer to the Range Measurement using Time-Difference-of-Arrival with ATA8352 Application Note (DS00004113). When using several anchor nodes, TDoA ranging can be used, where a tag device transmits a data packet that is received at different anchor devices. These anchor devices capture timestamp information to locate the tag device. For more details, refer to the Range Measurement using Time-Difference-of-Arrival with ATA8352 Application Note (DS00004113). The ranging with DS-TWR or TDoA itself has only limited security against physical layer attacks and the data payload includes the TX timestamp information in a readable format, which allows attacking of the clock drift and distance calculation.

The following figure illustrates the data packet structure:
Figure 2-3. TDoA Data Frame Example with Preamble, Synchronization Word, Address, Payload, MAC and RS Encoding Sections
  • A high level of security against physical layer attacks of the distance measurement can be achieved, when combining the data communication (with encryption and FEC) using the RX and TX modes (see Data Communication) with the distance measurement using the VRso/PRso modes. The MAC of the data communication payload is, then, used as payload data in the verifier operation. This will link both data packets for the data communication and distance measurement together. The transmitter is, then, operating as the verifier, while the receiver operates as prover, meaning the two devices will switch their operating mode after transmission (from TX to VRso) and reception (from RX to PRso) of the communication data frame.

    The following figure illustrates the data packet format for both transmissions. The communication data packet is sent as the first packet using the TX/RX modes followed by the distance measurement packets using the VRso/PRso modes. This distance measurement is initiated by the TX/VRso device and creates a response at the RX/PRso device. This response is used to identify a successful data transmission, meaning, as a handshake signal for the complete operation.

    Figure 2-4. Data Frame with Preamble, Synchronization Word, SSID, Payload and RS Encoding Sections and Verifier / Prover Frame with MAC and Data Sections

    The RS code will cover the SSID, encrypted payload with RC, SC, and MAC0 of the communication data frame, while the MAC0 section is built from the SSID, RC, SC and payload section before encryption. The payload data include the resend counter (RC), the sequence counter (SC) as first bytes.

    For synchronization of the security modes VRso and PRso, the actual MAC0 from the data communication packet and MAC-1 from the previous data communication packet is used as RNRv and RNRp data, meaning both devices must load the MAC0 and MAC-1 data before starting the VRso and PRso modes.

    From security point, it is required that the RNRv and RNRp data is not known before using them in an actual ranging data frame. This is achieved by using the MAC0 = RNRv data in the communication data packet as part of the encrypted payload section. MAC-1 = RNRp was already used in the previous data packets, but both MAC0 and MAC-1 were encrypted in the communication data packet and were scrambled in the ranging data packets. With these considerations, the security requirements are considered to be fulfilled.

    Consider the following situations to prevent information loss due to lost data frames:
    • Loss of a communication data packet: This requires a sequence and resend counter in the payload data to detect a lost data frame. In this case, the verifier ranging creates a timeout event and the communication data packet needs to be resent with an updated Resend counter and actual crypto information.
    • Loss of a prover ranging packet: This is detected by a verifier timeout event. In this case, the reception of the communication data packet is not valid and a resend operation starting with the communication data packet must be initiated, using the actual crypto information and an updated Resend counter.
    • Reception of a prover ranging packet with wrong data: This is detected by the verifier device when validating the received MAC-1 data. In this case, the communication data packet is not valid. A resend operation starting with the communication data packet must be initiated using the actual crypto information and an updated Resend counter.