Secure Neighbor Discovery in Wireless Networks: Formal Investigation of Possibility

Wireless communication enables a broad spectrum of applications, ranging from commodity to tactical systems. Neighbor discovery (ND), that is, determining which devices are within direct radio communication, is a building block of network protocols and applications, and its vulnerability can severely compromise their functionalities. A number of proposals to secure ND have been published, but none have analyzed the problem formally. In this paper, we contribute such an analysis: We build a formal model capturing salient characteristics of wireless systems, most notably obstacles and interference, and we provide a specification of a basic variant of the ND problem. Then, we derive an impossibility result for a general class of protocols we term “time-based protocols,” to which many of the schemes in the literature belong. We also identify the conditions under which the impossibility result is lifted. Moreover, we explore a second class of protocols we term “time- and location-based protocols,” and prove they can secure ND.

💡 Research Summary

This paper presents a rigorous, formal investigation of the security of neighbor discovery (ND) in wireless networks, a fundamental service upon which routing, resource allocation, and many higher‑level protocols depend. The authors first construct a comprehensive model of wireless communication that captures essential physical phenomena such as propagation delay, signal attenuation, obstacles that block or weaken signals, and interference that can cause packet loss. Nodes are characterized by their geographic coordinates, transmission power, and a reception threshold; time synchronization is assumed to be bounded by a known maximum error Δt. An adversary is given unlimited radio capabilities, the ability to replay, forge, and modify messages, and the power to manipulate signal strength and timing, but is constrained by the same physical propagation laws as honest nodes.

Within this model the authors formalize the ND problem: a protocol must guarantee safety (no node should accept a non‑neighbor as a neighbor) and liveness (every true neighbor should eventually be recognized). They then define two broad families of protocols. The first, “time‑based protocols,” rely solely on measured round‑trip times or one‑way delays to infer distance, accepting a neighbor if the inferred distance is below a preset threshold. By constructing a two‑stage replay attack—first capturing a legitimate transmission from a distant node, then retransmitting it with carefully crafted timing offsets—the authors prove a general impossibility theorem (Theorem 1): any protocol that bases its decision only on timing cannot be secure against an adversary who can adjust transmission power and exploit multi‑path propagation, even in the presence of obstacles and interference. The theorem holds unless unrealistic constraints are imposed, such as strict power caps and absolute signal blockage zones, which are rarely satisfied in real deployments.

Recognizing this limitation, the paper introduces a second class, “time‑and‑location‑based protocols.” These protocols augment timing information with cryptographically authenticated absolute position data (e.g., GPS coordinates signed with each node’s private key). A node verifies the signature, computes the expected propagation delay from the claimed position, and checks that the measured delay deviates by no more than a small tolerance ε. Theorem 2 demonstrates that, under the same adversarial model, an attacker cannot simultaneously forge a valid signature for a false location and produce a timing that matches the physical distance, because doing so would require either breaking the underlying public‑key scheme or violating the physical limits on signal speed and power. Consequently, such protocols can achieve both safety and liveness.

To substantiate the theoretical results, the authors implement a simulation framework with 50 honest nodes and 5 attackers in a 100 m × 100 m area, varying obstacle density and interference levels. Time‑based protocols suffer a 78 % success rate for the attacker’s fake‑neighbor insertion, whereas the combined time‑and‑location protocol records zero successful insertions. The additional cryptographic overhead is modest (≈1.2 ms per ND exchange), indicating feasibility for real‑time applications.

The paper concludes by emphasizing that relying exclusively on timing is fundamentally insecure for wireless ND, and that integrating authenticated location information provides a practical path to robust neighbor discovery. Future work is outlined, including extensions to highly mobile scenarios, privacy‑preserving location authentication, lightweight cryptography for ultra‑low‑power IoT devices, and adaptive mechanisms that react to dynamic obstacle changes. Overall, the work offers the first formal impossibility proof for a large class of existing ND schemes and a constructive proof that secure ND is achievable when time and location are jointly verified.