3 Replies Latest reply on Jul 9, 2017 11:29 AM by javiersenas_1605611

    Relay Attacks with PRoC

    javiersenas_1605611

      Hello colleagues,

         

      I would like to use one of your PRoC modules for designing one product and I am wondering how it behaves in case of Relay Attack? Is there any countermeasure which I can implement?

         

      Thanks in advance and regards,

         

      Peter

        • 1. Re: Relay Attacks with PRoC
          e.pratt_1639216

          Relay attack: Initiating connections to both devices, and then relaying communication between them.

             

          Relay Attacks are more of a application-level issue, as there is no way to verify at the hardware level that the device you are communicating with is who it says it is without an authentication procedure, which can be relayed. Reading: http://www.nedapsecurity.com/sites/default/files/whitepaper-relayattack-online.pdf

             

          It seems that protecting the user-side with a faraday cage, implementing a simple timing to prevent extraneous timing being used in access (typical speeds will increase for relay attacks), and a proximity check to prevent card access outside the allowed boundaries of usage.

          • 2. Re: Relay Attacks with PRoC
            anpm

            Hi Peter,

               

            By Relay attacks in BLE side, I assume you were talking about the Man in the middle attack which can happen which reults in hacking the over the air data communicating over BLE. If then CyBLE supports the security modes of Unauthenticated / Authenticated Pairing and encryption. And you can whitelist that no other BLE devices should be able to connect. The link will be encrypted and no third person can't interpret the data as well.

               

            Please go through the BLE security modes in the BLE spec for better understanding.

               

            Regards,
            Anjana

            • 3. Re: Relay Attacks with PRoC
              javiersenas_1605611
                      Hi colleagues, Thanks for the answers. They really help me. Best, Peter