Mitigating Relay Attacks in Vehicle Access Systems Using BLE and UWB
Received: 5 June 2025 | Revised: 11 July 2025 | Accepted: 20 July 2025 | Online: 7 August 2025
Corresponding author: Prashant V. Joshi
Abstract
The technology for accessing vehicles has evolved significantly from traditional mechanical keys to advanced keyless systems, utilizing smartphones and smart wearables. The conventional LF-RF-based Passive Entry and Passive Start (PEPS) systems, struggle with inherent vulnerabilities. In particular, they suffer from relay attacks that exploit signal amplification to bypass proximity detection mechanisms. As vehicles become more connected through V2X and other shared mobility ecosystems, securing access systems is more critical than ever. To address these challenges, this research proposes a secured vehicle access framework that combines Bluetooth Low Energy (BLE), Ultra-Wideband (UWB), and Near Field Communication (NFC). Our system introduces multi-layered defense mechanisms, including asymmetric encryption-based digital key applets, dynamic Unique Rolling Session Keys (URSKs), and UWB-based secure ranging, using Time Difference of Arrival (TDOA) and trilateration techniques for precise user localization. BLE is used exclusively for authenticating the legitimate device. Passive unlocking is permitted only after proximity is verified by UWB, ensuring that the user’s device is truly near the vehicle. The development process utilized ANSYS HFSS 3D High Frequency Simulation for dual antenna design which enabled precise calibration. The implementation was achieved using a chipset with an ARM Cortex M33 core with hardware accelerators. Our experiments demonstrated that the system reliably triggers door unlock within only a 1.6 m radius, thus effectively mitigating relay attack risks. This framework offers a robust, future-ready, and user-centric solution for next-generation vehicle access control.
Keywords:
relay attack prevention, Passive Entry Passive Start (PEPS), Bluetooth Low Energy (BLE), Near Field Communication (NFC), Time of Flight (ToF), Ultra Wide Band (UWB)Downloads
References
Gyu-Ho Kim, Kwan-Hyung Lee, Shim-Soo Kim, and Min Ju Kim, "Vehicle Relay Attack Avoidance Methods Using RF Signal Strength," Communications and Network, vol. 5, no. 3, pp. 573-577, Jan. 2013.
A. I. Alrabady and S. M. Mahmud, "Some attacks against vehicles' passive entry security systems and their solutions," in IEEE Transactions on Vehicular Technology, vol. 52, no. 2, pp. 431-439, Mar. 2003.
D. Suresh, P. V. Joshi, P. Parandkar, and K. M. Sudharshan, "An Improved Authentication Scheme for V2I Communication," SN Computer Science, vol. 5, no. 5, Art. no. 535, May 2024.
D. Moriyama, "Automotive System Security," Automotive Core Technology Development Division, White paper, Renesas, AST-AB-22-0117 Rev.1.0, Oct. 19, 2022.
D. Suresh, P. V. Joshi, P. Parandkar, A. Gambhir, and K. M. Sudharshan, "BLE Channel Sounding: novel method for enhanced ranging accuracy in vehicle access," IEEE Access, vol. 13, pp. 67531-67547, Jan. 2025.
D. Suresh, P. V. Joshi, P. Parandkar, and K. M. Sudharshan, "Intrusion detection in in-vehicle networks using neuro computing," Proceedings of the International Conference on Innovative Comouting and Communication Data Analytics and Management (ICICC-2024), Aug. 2024.
A. Kout, B. Bouaita, A. Beghriche, S. Labed, S. Chikhi, and E. B. Bourennane, "A Hybrid Optimization Solution for UAV Network Routing," Engineering, Technology & Applied Science Research, vol. 13, no. 2, pp. 10270–10278, Apr. 2023.
U. Ahmad, H. Song, A. Bilal, M. Alazab, and A. Jolfaei, "Securing smart vehicles from relay attacks using machine learning," The Journal of Supercomputing, vol. 76, no. 4, pp. 2665–2682, Apr. 2020.
C. M. Chen, B. Xiang, Y. Liu, and K. H. Wang, "A secure authentication protocol for Internet of Vehicles, " IEEE Access, vol. 7, pp. 12047–12057, Jan. 2019.
U. Ahmad, H. Song, A. Bilal, M. Alazab, and A. Jolfaei, "Secure passive keyless entry and start system using machine learning," in 11th International Conference and Satellite Workshops, SpaCCS 2018, Melbourne, NSW, Australia, Proceedings, Dec. 2018.
J. Cui, X. Zhang, H. Zhong, J. Zhang, and L. Liu, "Extensible conditional privacy protection authentication scheme for secure vehicular networks in a multi-cloud environment," in IEEE Transactions on Information Forensics and Security, vol. 15, pp. 1654–1667, Oct. 2019.
H. Khalid, S. J. Hashim, S. M. S. Ahmad, F. Hashim, and M. A. Chaudhary, "A new hybrid online and offline multi-factor cross-domain authentication method for IoT applications in the automotive industry," Energies, vol. 14, no. 21, Art. no. 7437, Nov. 2021.
Z. Guo, Y. Zhang, J. Cao, X. Ren, X. Zhao, and H. Li, "Secure multifactor authentication and access control mechanism for electronic bill service in a 5G cloud-fog hybrid architecture," Security and Communication Networks, vol. 2022, May 2022.
A. S. Khan, K. Balan, Y. Javed, S. Tarmizi, and J. Abdullah, "Secure trust-based blockchain architecture to prevent attacks in VANET," Sensors, vol. 19, no. 22, Art. no. 4954, Jan. 2019.
H. Ólafsdóttir, A. Ranganathan, and S. Capkun, "On the security of carrier phase-based ranging," International Conference on Cryptographic Hardware and Embedded Systems, Taipei, Taiwan, pp. 490–509, Aug. 2017.
A. Lacava, V. Zottola, A. Bonaldo, F. Cuomo, and S. Basagni, "Securing Bluetooth Low Energy networking: An overview of security procedures and threats," Computer Networks, vol. 211, Art. no. 109021, Jul. 2022.
R. Zhang, L. Song, A. Jaiprakash, T. Talty, A. Alanazi, and A. Alghafis, "Using ultra-wideband technology in vehicles for infrastructure-free localization," in Proceedings IEEE 5th World Forum on Internet of Things (WF-IoT), Limerick, Ireland, pp. 15–18, Apr. 2019.
Staat, Paul, Kai Jansen, Christian Zenger, and Christof Paar, "Securing Phone as a Key Against Relay Attacks," 18th escar Europe, pp. 48-58, 2020.
Abubaker, Radi "Novel Channel Based Relay Attack Detection Protocols in the Physical-Layer." PhD diss., University of Waterloo, 2024.
Jyothy Anu, and Anie George, "Unlocking the potential: Ultra-Wideband," i-manager's Journal on Electronics Engineering, vol. 14, no. 2, pp. 31-39, Jan. 2024.
Limbasiya, Trupil, Ko Zheng Teng, Sudipta Chattopadhyay, and Jianying Zhou, "A systematic survey of attack detection and prevention in connected and autonomous vehicles," Vehicular Communications, vol. 37, no. 100515, Oct. 2022.
J. M. De Guia, J. E. Estrada, G. L. Opina, and A. Tripathi, "Real-time personnel tracking system of operator processes using Bluetooth low energy & camera in warehouse environment," in Proc. IEEE 14th International Conference Humanoid, Nanotechnol., Inf. Technol., Commun. Control, Environ., Manage. (HNICEM), pp. 1–6, Dec. 2022.
Stocker, Michael, Bernhard Großwindhager, Carlo Alberto Boano, and Kay Römer. "Towards secure and scalable UWB-based positioning systems," in 2020 IEEE 17th International Conference on Mobile Ad Hoc and Sensor Systems (MASS), IEEE, pp. 247-255, Dec. 2020.
Vivek, Burri Sri Venkat, Talluri Vineetha, Aaka Teja, Boyapati Sai Keerthana, Dinesh Kumar Anguraj, and Hari Kiran Vege, "Security and Efficiency in Tap and Pay: The Promise and Challenges of BLE and UWB Integration," in 2024 5th International Conference on Smart Electronics and Communication (ICOSEC), IEEE, pp. 714-722, Oct. 2024.
DERVİŞOĞLU, İsmail, and Uraz YAVANOĞLU, "Security Threats and Performance Evaluation of Ultra Wideband and Bluetooth Low Energy Technologies for Indoor Positioning," in 2021 International Conference on Information Security and Cryptology (ISCTURKEY), IEEE, pp. 22-27, Dec. 2021.
Kapulica, A., Dakić, V., Morić, Z. and Petrunić, R., "Key Fob Replay Attacks on Personal Vehicles: Vulnerabilities and Mitigation Strategies," in 2024 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA), IEEE, pp. 1-5, May 2024.
D. Brito and S. Abuzneid, "Multi-Factor Authentication for Keyless Entry Systems: An Innovative Approach to Automotive Security," Journal of Information Security, vol. 16, no. 1, pp. 78–100, Nov. 2024.
M. Rogobete, M. I. Mihailescu, and E. Marin, "Ultra-Wideband Technology in Telematics Security - A short Survey," in 2021 13th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), Pitesti, Romania, pp. 1–6, July 2021.
Downloads
How to Cite
License
Copyright (c) 2025 D. Suresh, Prashant V. Joshi, Parag Parandkar
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
