Detecting relay attacks against Bluetooth communications on Android

Abstract

The widespread usage of mobile devices has lead to mobile devices being used to replace existing solutions, including smart cards for authentication in access control systems. While this can be convenient, there are security concerns which must be addressed. One such concern for access control authentication is relay attacks, which are more difficult to prevent when using Bluetooth on a mobile device rather than smart cards. This thesis investigates an alternative method of detecting relay attacks, using sensors present on typical mobile devices to fingerprint a location. As opposed to other research, this approach uses only the sensors available on a single mobile device, in order to be compatible with existing access control systems that do not have specialised sensors. The proof of concept shows several sensor types are strong indicators of location, particularly observable WiFi signals.