“…Further, we show how our technique can deal with the most powerful attacker who manipulates the physical channel that A and B are using for key extraction and authentication. The only assumption is that E is located at a distance of further [22] describe in their paper how to actually achieve the property perfect forward secrecy with their proposed scheme on resource constrained transceiver platforms.…”
“…Further, we show how our technique can deal with the most powerful attacker who manipulates the physical channel that A and B are using for key extraction and authentication. The only assumption is that E is located at a distance of further [22] describe in their paper how to actually achieve the property perfect forward secrecy with their proposed scheme on resource constrained transceiver platforms.…”
“…The earliest case of utilizing the channel to detect DF relay attacks found was by C.T. Zenger et al, where they utilized the quantization of the received-signal strength (RSS) between two parties to detect if a wormhole (DF relay) attack is occurring [31]. Since the small-scale fading effects on the RSS should be reciprocal, a relay would result in a different quantization between the legitimate parties.…”
Decode-and-forward and amplify-and-forward relay attacks are a powerful tool for defeating challenge-response authentication protocols. Current solutions for detecting these relay attacks utilize round-trip time distance-bounding. Unfortunately, secure implementations of distance-bounding require dedicated ultra-wideband hardware that only provide low data rates and operate at relatively short distances. In this paper we propose two novel symmetric-key challenge-response authentication protocols that can detect either a decode-andforward relay attack or prevent a decode-and-forward and detect an amplify-and-forward relay attack. Both protocols utilize the channel state information in a far-field communication system to perform the detection. The first protocol utilizes the correlation of the adjusted channel frequency response to detect decode-and-forward relay attacks. The second protocol prevents decode-and-forward relay attacks through the use of randomized pilots, and detects amplify-and-forward relay attacks by classifying the distribution of the channel frequency response that is caused by multiple relays. The protocols utilize orthogonal frequency division multiplexing to estimate the channel frequency response between the legitimate communicating parties to identify if a relay attack is occurring in a physical-layer challenge-response authentication protocol. The proposed protocols can be leveraged on many existing hardware platforms and can simultaneously support high data rates. To evaluate the performance of the protocol, MATLAB simulations are done to gather Monte-Carlo results on performance criterion.
“…Based on the claim that a relay attacker violates channel reciprocity between legitimate nodes A and B, previous works have suggested to examine the channel response to detect relay attacks [31,33,58]. The attack detection mechanism is constructed from an examination of channel symmetry using a dissimilarity metric 𝑑 on pairs of bidirectional channel magnitude responses |𝐻 AB (𝑓 )| and |𝐻 BA (𝑓 )|.…”
Today, we use smartphones as multi-purpose devices that communicate with their environment to implement context-aware services, including asset tracking, indoor localization, contact tracing, or access control. As a de-facto standard, Bluetooth is available in virtually every smartphone to provide short-range wireless communication. Importantly, many Bluetooth-driven applications such as Phone as a Key (PaaK) for vehicles and buildings require proximity of legitimate devices, which must be protected against unauthorized access. In earlier access control systems, attackers were able to violate proximity-verification through relay station attacks. However, the vulnerability of Bluetooth against such attacks was yet unclear as existing relay attack strategies are not applicable or can be defeated through wireless distance measurement.In this paper, we design and implement an analog physical-layer relay attack based on low-cost off-the-shelf radio hardware to simultaneously increase the wireless communication range and manipulate distance measurements. Using our setup, we successfully demonstrate relay attacks against Bluetooth-based access control of a car and a smart lock. Further, we show that our attack can arbitrarily manipulate Multi-Carrier Phase-based Ranging (MCPR) while relaying signals over 90 m.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.