Abstract
Relay attacks pose a serious security threat to wireless systems, such as, contactless payment systems, keyless entry systems, or smart access control systems. Distance bounding protocols, which allow an entity to not only authenticate another entity but also determine whether it is physically close by, effectively mitigate relay attacks. However, secure implementation of distance bounding protocols, especially of the time critical challenge-response phase, has been a challenging task. In this paper, we design and implement a secure and accurate distance bounding protocol based on Narrow-Band signals, such as Bluetooth Low Energy (BLE), to particularly mitigate relay attacks. Narrow-Band ranging, specifically, phase-based ranging, enables accurate distance measurement, but it is vulnerable to phase rollover attacks. In our solution, we mitigate phase rollover attacks by also measuring time-of-flight (ToF) to detect the delay introduced by such attacks. Therefore, our protocol effectively combines the best of both worlds: phase-based ranging for accuracy and time-of-flight (ToF) measurement for security. To demonstrate the feasibility and practicality of our solution, we prototype it on NXP KW36 BLE chips and evaluate its performance and relay attack resistance. The obtained precision and accuracy of the presented ranging solution are 2.5 cm and 30 cm, respectively, in wireless measurements.
Highlights
The proliferation of internet connected devices, such as, Internet of Things, has made accurate ranging become increasingly popular and important in many real-life applications
The key cryptographic building blocks are: the SIGMA protocol used in authenticated key exchange (AKE) stage and PRF used for generation of Frame delimiter (FD) in the Distance bounding (DB) stage
The two boards estimate the distance between them using phase (a.k.a., Multi-Carrier Phase Difference (MCPD)) and ToF when the prover and the verfier are separated by d meters, for d = 1, 2, · · ·, 10
Summary
The proliferation of internet connected devices, such as, Internet of Things, has made accurate ranging become increasingly popular and important in many real-life applications. In the rapid-bit exchange stage, which is the most difficult stage to implement securely due to severe timing constraints, the verifier sends a series of single-bit challenges to which the prover replies with single-bit responses. Secure implementation of DB protocols that provides accurate distance measurement is a big challenge. DB implementations to date rely on Time of Flight (ToF) measurement of challenge and response bits exchanged between a verifier and a prover [HK05, Tv09, Rv10, TLKC15], mostly using UWB 802.15.4 radios. Phasebased ranging solutions are vulnerable to manipulation, such as, phase slope rollover attacks, as pointed out by Ólafsdóttir, Ranganathan, and Capkun in [ORC17]. The main focus of this paper is on practical relay attack mitigation with an accurate and secure BLE compatible ranging
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IACR Transactions on Cryptographic Hardware and Embedded Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
