Short-range wireless communication has been employed in a variety of applications over many years. One widely used application is remote keyless entry (RKE), which now comes as a standard feature in most vehicles. Another is a garage door opener remote control, which allows a driver to open a garage door without leaving a vehicle. Many other applications of short-range wireless technology are coming into widespread use and others are expected to make this technology a feature of many devices in the home, workplace, and public spaces. Many of these applications may be described as monitoring and control systems, such as temperature monitors, thermostats, security systems, utility meters, vehicle operation monitors, machine tool controls, and robotic controls. Short-rage wireless technologies include, without limitation, ANT WIRELESS ANT/ANT+, BLUETOOTH, industrial, scientific, and medical (ISM) band radio, Wireless USB, and Z-Wave.
Most short-range wireless applications are designed to operate in the range of less than 10 meters. For example, RKE systems are intended to be used when the driver is within sight of the vehicle, either approaching or departing. While there may be times that it would be advantageous to be able to unlock a vehicle from a greater distance (such as when the driver has lost the key), the short-range operation of RKE systems may be considered a security feature, allowing a vehicle door to be unlocked only when the driver is close to the vehicle.
While providing many benefits, particularly convenience, devices that use short-range wireless communication are vulnerable to a type of attack variously known as a relay attack or “amplification-in-the-middle” (AITM) attack. In a relay attack, a transceiver receives a weak signal originating outside the range of the intended receiving device. The transceiver rebroadcasts (and sometimes amplifies) the signal, which may then be received by the intended device. Depending on the design of the wireless system, the originating and receiving devices may communicate further as part of an authentication or function control process. The transceiver may receive, amplify, and retransmit each of these communications until the transceiver operator has obtained the desired access, such as a vehicle door being unlocked.
As the number of short-range wireless systems continues to grow, the potential harm that may result from relay attacks may increase proportionately. Accordingly, what is needed are systems and methods for defeating relay attacks.