	US 11,726,173 B2
	Attack detection and mitigation for fine timing measurement
Akram I. Sheriff, San Jose, CA (US); Jerome Henry, Pittsboro, NC (US); Robert E. Barton, Richmond (CA); and Pooya Monajemi, Irvine, CA (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on May 21, 2020, as Appl. No. 16/880,797.
Prior Publication US 2021/0364597 A1, Nov. 25, 2021
Int. Cl. G01S 7/36 (2006.01); G01S 13/76 (2006.01); H04W 12/00 (2021.01)

CPC G01S 7/36 (2013.01) [G01S 13/762 (2013.01); G01S 13/765 (2013.01); H04W 12/00 (2013.01)]

20 Claims

1. A method comprising:

recording, at a receiving device, a plurality of parameters associated with fine timing measurement (FTM) frames exchanged between a sending device and the receiving device by:

receiving a request FTM frame from the sending device;

recording, for the request FTM frame from the sending device, a received signal strength indicator (RSSI) value, a frame timestamp, a time of departure (ToD) value, a time of arrival value (ToA), a ToD error value, a ToA error value, and a burst window parameter value; and

performing an iterative FTM burst sequence according to the burst window parameter value;

identifying, using the recorded plurality of parameters, a device profile for the sending device comprising at least one of a chipset type, an operating system (OS), and OS traffic schedule variations;

determining, using the device profile, a behavior filter for FTM traffic from the sending device; and

filtering FTM traffic from the sending device according to the behavior filter.