Conference Paper

Securing PKES against Relay Attacks using Coordinate Tracing and Multi-Factor Authentication

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... It employs bidirectional communication where the car sends a wake-up signal to the key when it is within range (commonly under 1 meter) and the driver takes hold of the handle, proceeded by a challenge response from the key which, if correct, will unlock the vehicle. A similar check may be performed in order to start the vehicle [3,4]. ...
... This system increases user comfort due to the eliminated interaction and with the encryption algorithm and challenge-response technique that is employed in most recent implementations, explained in Section 2.1, assures high resistance to many methods of attacks. However, it is not secure against relay attacks -also known as Mafia Fraud -and Signal Amplification Relay Attack (SARA) which are attacks that do not require decryption and are not affected by the encryption algorithm's complexity, nor can they be eliminated using alternative protocols [4,5]. A review by Gülsever of Upstream's, a cyber security company's, repository consisting of security incidents relating to the automotive industry show 187 exploits related to connected cars with 25 unique attack vectors (paths that allow an attacker to gain access to a system) identified [6]. ...
... Various suggested security features exist that could protect a PKE System from relay attacks. These include context based 1 CHAPTER 1. INTRODUCTION systems using relative position of car and key fob, comparison of Wi-Fi access point lists, Global Positioning System (GPS) coordinates etc [3,4,7,8]. This thesis analyses these proposed defences as well as suggests a novel way of protection, constructs a prototype system with the chosen method -Immobility Detectionand evaluates said system. ...
Thesis
Full-text available
A significant security risk of modern vehicles is their vulnerability to relay attacks, due to challenge-response methods, such as those employed in Passive Keyless Entry (PKE) used by most commercial cars, being inherently exposed. This class of attacks are where communication between a vehicle and its key is relayed by an attacker over long range - thereby bypassing any encryption and unlocking the vehicle without requiring direct access to the key. While a multitude of defenses have been proposed in recent years, many lack either robustness or practicality. Any viable system will likely have to rely on an environmental parameter which is not easily manipulated. Moreover, the system has to be: cost effective; easily implementable; and take user comfort, such as the key’s battery life, into account. This thesis implements and evaluates a PKE system resistant to relay attacks, analyses a multitude of proposed strategies in literature for feasibility, as well as suggests a novel method: Approach Curve Matching. It is concluded that the most promising strategies are: Immobility Detection, Distance Bounding Protocols, and Approach Curve Matching - the first of which is chosen to be implemented in the prototype PKE system. The project develops a PKE system and implements the communication protocol using Bluetooth, as opposed to the conventional RFID. Immobility Detection, using an accelerometer, is then implemented. The final system is then tested and evaluated. It is concluded that while Immobility Detection is not comprehensively effective, it is easily implementable, cost-effective, and can greatly increase the security of PKE systems. Finally, it is proposed that Immobility Detection should be employed promptly by manufacturers while investigating potentially more effective, albeit uncertain, strategies.
Article
Full-text available
Passive keyless entry and start system has been widely used in modern cars. Car owners can open the door or start the engine merely by having the key in their pocket. PKES was originally designed to establish a communication channel between the car and its key within approximately one meter. However, the channel is vulnerable to relay attacks by which attackers unlock the door even if the key is out of range. Even though relay attacks have been recognized as a potential threat for over ten years, such attacks were thought to be impractical due to highly expensive equipment; however, the required cost is gradually practical. Recently, a relay attack has been demonstrated with equipment being sold only under $100. In this paper, we propose a sound-based proximity-detection method to prevent relay attacks on PKES systems. The sound is eligible to be applied to PKES because audio systems are commonly available in cars. We evaluate our method, considering environments where cars are commonly parked, and present the recording time satisfying both usability and security. In addition, we newly define an advanced attack, called the record-and-playback attack, for sound-based proximity detection, demonstrating that our method is robust to such an attack.
Article
Full-text available
In the past decade, technologies in vehicles have been rapidly advancing creating both a new type of “on the road” entertainment and safer environment while driving. Technologies such as anti-lock brake systems, steering assist, and in some cases autonomous driving, manufactures nearly eliminated the dangers of driving. To maintain the advances in safe technologies, it is vital to establish a strong security system for automotive networks and is crucial to advance the state of the art in automobile security. Motivated by this, one of the main goals of this research paper is to define a threat environment for CAR networks by discussing the existing security vulnerabilities and threats/attacks that an automobile network is currently facing. To address these security challenges, we also present a distributed firewall system to protect a CAR network from both internal and external networks.
Conference Paper
Full-text available
This paper is an introduction to security challenges for the design of automotive hardware/software architectures. State-of-the-art automotive architectures are highly heterogeneous and complex systems that rely on distributed functions based on electronics and software. As cars are getting more connected with their environment, the vulnerability to attacks is rapidly growing. Examples for such wireless communication are keyless entry systems, WiFi, or Bluetooth. Despite this increasing vulnerability, the design of automotive architectures is still mainly driven by safety and cost issues rather than security. In this paper, we present potential threats and vulnerabilities, and outline upcoming security challenges in automotive architectures. In particular, we discuss the challenges arising in electric vehicles, like the vulnerability to attacks involving tampering with the battery safety. Finally, we discuss future automotive architectures based on Ethernet/IP and how formal verification methods might be used to increase their security.
Article
Full-text available
We demonstrate relay attacks on Passive Keyless Entry and Start (PKES) systems used in modern cars. We build two efficient and inexpensive attack realizations, wired and wireless physical-layer relays, that allow the attacker to enter and start a car by relaying messages between the car and the smart key. Our relays are completely independent of the modulation, protocol, or presence of strong authenti-cation and encryption. We perform an extensive evaluation on 10 car models from 8 manufacturers. Our results show that relaying the signal in one direction only (from the car to the key) is sufficient to perform the attack while the true distance between the key and car remains large (tested up to 50 meters, non line-of-sight). We also show that, with our setup, the smart key can be excited from up to 8 meters. This removes the need for the attacker to get close to the key in order to establish the relay. We further analyze and discuss critical system characteristics. Given the generality of the relay attack and the number of evaluated systems, it is likely that all PKES systems based on similar designs are also vulnerable to the same attack. Finally, we propose immediate mitigation measures that minimize the risk of relay attacks as well as recent solutions that may prevent relay attacks while preserving the convenience of use, for which PKES systems were initially introduced.
Thieves stole a high-tech Mercedes by tricking its sensors into thinking they had the keys
  • corcoran