BLE Relay Attack Mitigation Using Multi-Antenna Bluetooth 6.0 Channel Sounding
S. van de Water (TU Delft - Electrical Engineering, Mathematics and Computer Science)
Q. Wang – Mentor (TU Delft - Electrical Engineering, Mathematics and Computer Science)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
This thesis researches mitigations for BLE relay attacks. A design for a timebased distance bounding protocol using the Bluetooth channel sounding feature introduced in the new Bluetooth 6.0 core specification is presented. Bluetooth channel sounding is compromised of two distance measurement techniques: Phase-Based Ranging (PBR) and Round Trip Tim (RTT). The proposed protocol requires consistent channel sounding distance measurements in order to minimize the likelihood of succesfull relay attacks. Single-antenna channel sounding measurements have shown poor spatial and sequential consistency in a complex multipath office environment. In order to overcome inaccuracies that arise due to multipath propagation, this thesis investigates the optimal antenna configuration for Bluetooth channel sounding using multiple antennas. A comparison
between the root-mean-square error and maximum error of the single-antenna baseline and the proposed multi-antenna solution for both spatial and sequential consistency in a complex multipath office environment shows that there is, on average, a 58% reduction in error metrics when the optimal multi-antenna setup is used. The performance of the optimal multi-antenna channel sounding setup
in the complex environment approaches the single-antenna baseline performance
in an ideal outdoor environment. This shows that the added antenna diversity
successfully overcomes the negative effects due to multipath propagation.