E. Çetintaş, A. Levi, M. Aydos,
Ç.K. Koç and M.U. Çağlayan,
"Relay Attacks on Bluetooth Authentication and Solutions", LNCS 3280,
ISCIS 2004,
Abstract -We describe relay attacks on Bluetooth
authentication protocol. The aim of these attacks is impersonation. The
attacker does not need to guess or obtain a common secret known to both victims
in order to set up these attacks, merely to relay the information it receives
from one victim to the other during the authentication protocol run. Bluetooth
authentication protocol allows such a relay if the victims do not hear each
other. Such a setting is highly probable.We analyze
the attacks for several scenarios and propose practical solutions. Moreover, we
simulate attacks to make sure about their feasibility. These simulations show
that current Bluetooth specifications do not have defensive mechanisms for
relay attacks. However, relay attacks create a significant partial delay during
the connection that might be useful for detection.
A preliminary version of the
paper in Adobe Acrobat
(222 KBytes)
Back to List of Papers
Back to NETLAB home page
Back to Erhan Çetintaş’s
home page
Back to Albert Levi's home page
Back to M.Ufuk Çağlayan's home
page