Preventing relay attacks and providing perfect forward secrecy using PHYSEC on 8-bit µC

Zenger, Christian; Pietersz, Mario; Paar, Christof

doi:10.1109/iccw.2016.7503773

Cited by 8 publications

(3 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Further, we show how our technique can deal with the most powerful attacker who manipulates the physical channel that A and B are using for key extraction and authentication. The only assumption is that E is located at a distance of further [22] describe in their paper how to actually achieve the property perfect forward secrecy with their proposed scheme on resource constrained transceiver platforms.…”

Section: Channel-based Key Extraction (Cbke)mentioning

confidence: 99%

Authenticated key establishment for low-resource devices exploiting correlated random channels

et al. 2016

Self Cite

View full text Add to dashboard Cite

Section: Channel-based Key Extraction (Cbke)mentioning

confidence: 99%

Authenticated key establishment for low-resource devices exploiting correlated random channels

et al. 2016

Self Cite

View full text Add to dashboard Cite

“…The earliest case of utilizing the channel to detect DF relay attacks found was by C.T. Zenger et al, where they utilized the quantization of the received-signal strength (RSS) between two parties to detect if a wormhole (DF relay) attack is occurring [31]. Since the small-scale fading effects on the RSS should be reciprocal, a relay would result in a different quantization between the legitimate parties.…”

Section: Relevant Work and Motivationsmentioning

confidence: 99%

Relay Attack Detection using OFDM Channel-Fingerprinting

Abubaker,

Gong

2024

Preprint

View full text Add to dashboard Cite

Decode-and-forward and amplify-and-forward relay attacks are a powerful tool for defeating challenge-response authentication protocols. Current solutions for detecting these relay attacks utilize round-trip time distance-bounding. Unfortunately, secure implementations of distance-bounding require dedicated ultra-wideband hardware that only provide low data rates and operate at relatively short distances. In this paper we propose two novel symmetric-key challenge-response authentication protocols that can detect either a decode-andforward relay attack or prevent a decode-and-forward and detect an amplify-and-forward relay attack. Both protocols utilize the channel state information in a far-field communication system to perform the detection. The first protocol utilizes the correlation of the adjusted channel frequency response to detect decode-and-forward relay attacks. The second protocol prevents decode-and-forward relay attacks through the use of randomized pilots, and detects amplify-and-forward relay attacks by classifying the distribution of the channel frequency response that is caused by multiple relays. The protocols utilize orthogonal frequency division multiplexing to estimate the channel frequency response between the legitimate communicating parties to identify if a relay attack is occurring in a physical-layer challenge-response authentication protocol. The proposed protocols can be leveraged on many existing hardware platforms and can simultaneously support high data rates. To evaluate the performance of the protocol, MATLAB simulations are done to gather Monte-Carlo results on performance criterion.

show abstract

“…Based on the claim that a relay attacker violates channel reciprocity between legitimate nodes A and B, previous works have suggested to examine the channel response to detect relay attacks [31,33,58]. The attack detection mechanism is constructed from an examination of channel symmetry using a dissimilarity metric 𝑑 on pairs of bidirectional channel magnitude responses |𝐻 AB (𝑓 )| and |𝐻 BA (𝑓 )|.…”

Section: Channel Reciprocity-based Detectionmentioning

confidence: 99%

Analog Physical-Layer Relay Attacks with Application to Bluetooth and Phase-Based Ranging

Staat¹,

Jansen²,

Zenger³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

Today, we use smartphones as multi-purpose devices that communicate with their environment to implement context-aware services, including asset tracking, indoor localization, contact tracing, or access control. As a de-facto standard, Bluetooth is available in virtually every smartphone to provide short-range wireless communication. Importantly, many Bluetooth-driven applications such as Phone as a Key (PaaK) for vehicles and buildings require proximity of legitimate devices, which must be protected against unauthorized access. In earlier access control systems, attackers were able to violate proximity-verification through relay station attacks. However, the vulnerability of Bluetooth against such attacks was yet unclear as existing relay attack strategies are not applicable or can be defeated through wireless distance measurement.In this paper, we design and implement an analog physical-layer relay attack based on low-cost off-the-shelf radio hardware to simultaneously increase the wireless communication range and manipulate distance measurements. Using our setup, we successfully demonstrate relay attacks against Bluetooth-based access control of a car and a smart lock. Further, we show that our attack can arbitrarily manipulate Multi-Carrier Phase-based Ranging (MCPR) while relaying signals over 90 m.

show abstract

Preventing relay attacks and providing perfect forward secrecy using PHYSEC on 8-bit µC

Cited by 8 publications

References 17 publications

Authenticated key establishment for low-resource devices exploiting correlated random channels

Authenticated key establishment for low-resource devices exploiting correlated random channels

Relay Attack Detection using OFDM Channel-Fingerprinting

Analog Physical-Layer Relay Attacks with Application to Bluetooth and Phase-Based Ranging

Contact Info

Product

Resources

About