This web site is no longer maintained and the content may be outdated.
Please visit www.cmpe.boun.edu.tr for up-to-date information.
 
CmpE RSS
No upcoming events...

Home / Graduate / M.S. Theses Completed
 
 
 
 
  Erhan Çetintaş, 2004    

Thesis Title

Relay attacks on bluetooth authentication and solutions


Abstract

Bluetooth is an emerging technology for personal area wireless communication. It provides authentication and encryption mechanisms on the link level. However, the security of Bluetooth is vulnerable to some types of attacks. In this thesis, we describe relay attacks on Bluetooth authentication protocol. The aim of these attacks is impersonation. The attacker does not need to guess or obtain a common secret known to both victims in order to set up these attacks. He merely relays the information received from one victim to the other during the authentication protocol run. Bluetooth authentication protocol allows such a relay if the victims do not hear each other. Such a setting is highly probable in a real environment. We analyzed the relay attacks for several scenarios and proposed solutions for each case. These solutions improve the security of the core authentication protocol of Bluetooth, but do not impose a significant burden on top of the existing authentication scheme. Moreover, we developed a Bluetooth simulator that implements Bluetooth connection establishment procedure and security protocols. By using this simulator, we simulated relay attacks to make sure about their feasibility. The results of these simulations show that current Bluetooth specifications do not have defensive mechanisms for relay attacks. Finally we set up some experiments on relay attack scenarios and analyzed empirical timing results. It has been observed that relay attacks create a significant partial delay during the connection establishment process that might be used in an intelligent way to detect relay attacks. In our study, we also offered such a protection mechanism against relay attacks.
 
 
Boğaziçi University Department of Computer Engineering
Address: 34342 Bebek, Istanbul, TURKEY
Phone: +90 212 359 4523-24 Fax: +90 212 287 2461
general information: infocmpe.boun.edu.tr   webmaster: webmastercmpe.boun.edu.tr