- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello colleagues,
I would like to use one of your PRoC modules for designing one product and I am wondering how it behaves in case of Relay Attack? Is there any countermeasure which I can implement?
Thanks in advance and regards,
Peter
Solved! Go to Solution.
- Labels:
-
BLE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Peter,
By Relay attacks in BLE side, I assume you were talking about the Man in the middle attack which can happen which reults in hacking the over the air data communicating over BLE. If then CyBLE supports the security modes of Unauthenticated / Authenticated Pairing and encryption. And you can whitelist that no other BLE devices should be able to connect. The link will be encrypted and no third person can't interpret the data as well.
Please go through the BLE security modes in the BLE spec for better understanding.
Regards,
Anjana
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Relay attack: Initiating connections to both devices, and then relaying communication between them.
Relay Attacks are more of a application-level issue, as there is no way to verify at the hardware level that the device you are communicating with is who it says it is without an authentication procedure, which can be relayed. Reading: http://www.nedapsecurity.com/sites/default/files/whitepaper-relayattack-online.pdf
It seems that protecting the user-side with a faraday cage, implementing a simple timing to prevent extraneous timing being used in access (typical speeds will increase for relay attacks), and a proximity check to prevent card access outside the allowed boundaries of usage.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Peter,
By Relay attacks in BLE side, I assume you were talking about the Man in the middle attack which can happen which reults in hacking the over the air data communicating over BLE. If then CyBLE supports the security modes of Unauthenticated / Authenticated Pairing and encryption. And you can whitelist that no other BLE devices should be able to connect. The link will be encrypted and no third person can't interpret the data as well.
Please go through the BLE security modes in the BLE spec for better understanding.
Regards,
Anjana
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content