GeoGuard: UWB Timing-Encoded Key Reconstruction for Location-Dependent, Geographically Bounded Decryption

Digital content distribution and propitiatory research driven industries face persistent risks from intellectual property theft and unauthorized redistribution. Conventional encryption schemes such as AES, TDES, ECC, and ElGamal provide strong cryptographic guarantees, but they remain fundamentally agnostic to where decryption takes place. In practice, this means that once a decryption key is leaked or intercepted, any adversary can misuse the key to decrypt the protected content from any location. This paper presents, GeoGuard, a location-dependent cryptosystem in which the decryption key is not transmitted as data but is implicitly encoded in the precise time-of-flight differences of ultra-wideband (UWB) data transmission packets. The system leverages precise timing hardware and a custom Timing-encoded Cryptographic Keying (TiCK) protocol to map a 32-byte SHA-256 AES key onto scheduled transmission timestamps. Only user located within an approved spatial location can observe the correct packet timing that aligns with the intended packet-reception timing pattern, enabling them to reconstruct the key. Eavesdroppers outside the authorized region observe an incorrect timing pattern, which yields incorrect keys. GeoGuard is designed to encrypt and transmit data, but decryption is only possible when the user is within the authorized area. Our evaluation demonstrates that the system (i) removes the need to share decryption passwords electronically or physically, (ii) ensures the decryption key cannot be recovered by the eavesdropper, and (iii) provides a non-trivial spatial tolerance for legitimate users

💡 Research Summary

GeoGuard proposes a location‑dependent cryptosystem that embeds a 256‑bit AES‑256 key into the timing of ultra‑wideband (UWB) packet transmissions rather than sending the key as ordinary data. The authors first hash a user‑chosen password with SHA‑256 to obtain a 32‑byte digest, which serves as the symmetric key for AES‑256 encryption of the payload (e.g., an audio file). The key is then transmitted using a custom Timing‑encoded Cryptographic Keying (TiCK) protocol: a reference packet followed by 32 packets, each encoding one byte of the SHA‑256 digest. Each byte is mapped to a slot number S∈{0,…,255} and the transmitter schedules the packet after a fixed inter‑packet gap (≈2.5 ms) plus an additional offset proportional to (S+½)·Tslot, where Tslot determines the spatial tolerance of the authorized region.

Three or more UWB anchors are placed such that their distances to the intended decryption zone are known. The server pre‑compensates each packet’s transmission time by subtracting the expected one‑way propagation delay to the authorized location, so that a receiver inside the zone observes packet arrivals exactly aligned with the slot structure. A receiver continuously timestamps incoming packets using the same nanosecond‑scale tick counter (NT ticks) provided by the DWETH101 hardware. By comparing the arrival intervals to the known slot schedule, the receiver reconstructs the original 32‑byte SHA‑256 value, derives the AES‑256 key, and decrypts the payload.

The threat model assumes a passive eavesdropper located outside the authorized region who can capture all packets and timestamps but cannot correct the propagation‑delay mismatch; consequently, the reconstructed key is corrupted and decryption fails. The authors implement a prototype that encrypts an audio file, transmits the key via a 33‑packet burst within a 100 ms network‑time window, and automatically decrypts only when the receiver is inside a 2 m radius zone. Experimental results show near‑perfect key recovery inside the zone and zero recovery outside it.

While the concept is novel, several practical and security concerns arise. First, the protocol’s reliance on a single 33‑packet burst makes it fragile: loss of any packet prevents key reconstruction, and no retransmission or error‑correction mechanisms are provided. Second, an adversary with knowledge of the anchor geometry could pre‑measure or estimate the one‑way time‑of‑flight (TOF) from a different location, apply a compensating offset, and potentially recover the correct timing pattern, undermining the claimed “outside‑region cannot recover” guarantee. Third, the UWB signal itself is not encrypted; thus replay attacks, jamming, or malicious insertion of forged packets are possible unless additional integrity checks are added. Fourth, the system depends on tight synchronization of the NT‑tick clock across all devices. Real‑world factors such as clock drift, temperature variation, antenna misalignment, and multipath reflections can introduce timing errors that exceed the slot tolerance, especially when Tslot is set small for tighter spatial control. The paper’s experiments are confined to a controlled indoor lab; performance in outdoor or multipath‑rich environments remains unverified.

From an operational standpoint, GeoGuard is suited for static, bounded environments (e.g., theaters, secure facilities) where installing and maintaining multiple UWB anchors is feasible. However, scaling to mobile or large‑area scenarios would incur significant hardware costs and complexity. Moreover, key rotation or password changes require re‑scheduling the entire TiCK burst, which is less flexible than conventional key‑distribution mechanisms.

In summary, GeoGuard introduces an intriguing “location‑as‑a‑first‑class‑primitive” approach to key distribution by exploiting UWB timing precision. It demonstrates that physical proximity can be leveraged to hide cryptographic material in the temporal domain. Nonetheless, the scheme’s robustness against sophisticated adversaries, its tolerance to real‑world timing perturbations, and its lack of built‑in redundancy or integrity protection limit its immediate applicability. Future work should explore integrating error‑correcting codes, multi‑burst or continuous key streaming, cryptographic authentication of timing packets, and hybrid designs that combine physical‑layer timing secrecy with traditional key‑exchange protocols to achieve both practicality and strong security guarantees.