Resisting relay attacks on vehicular Passive Keyless Entry and start systems

Passive Keyless Entry and Start (PKES) systems are popularly embed in modern cars, which allow users to open and start their cars while having their car keys' in their pockets. They bring convenience to users but are vulnerable to relay attacks. A relay attack to PKES is a widely known attack against the challenge- response technique used in the passive keyless vehicle system, which allows to open and start the car while the true distance between the key and car remained large. The main countermeasure against relay attacks is the use of distance bounding protocols measuring the round-trip time between the car and the key. However, most schemes tend to a more complex design to decrease adversary's success probability. In this paper, we propose a novel distance bounding protocol to resist relay attacks in PKES systems, using only 2n bits of memory, which, to our best knowledge, is equal to Hancke and Kuhn's protocol and less than any existing protocols. In addition, by using our protocol, the key is able to detect adversary's malicious queries. We also make a comparison with typical previous distance bounding protocols in both memory and mafia fraud success probability.

[1]  Juan Manuel González Nieto,et al.  Detecting relay attacks with timing-based protocols , 2007, ASIACCS '07.

[2]  Gildas Avoine,et al.  RFID Distance Bounding Protocol with Mixed Challenges to Prevent Relay Attacks , 2009, CANS.

[3]  Srdjan Capkun,et al.  Realization of RF Distance Bounding , 2010, USENIX Security Symposium.

[4]  Gildas Avoine,et al.  An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and Memory Requirement , 2009, ISC.

[5]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[6]  Gildas Avoine,et al.  The Poulidor Distance-Bounding Protocol , 2010, RFIDSec.

[7]  Syed Masud Mahmud,et al.  Analysis of attacks against the security of keyless-entry systems for vehicles and suggestions for improved designs , 2005, IEEE Transactions on Vehicular Technology.

[8]  Cédric Lauradoux,et al.  A framework for analyzing RFID distance bounding protocols , 2011, J. Comput. Secur..

[9]  Jorge Munilla,et al.  Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels , 2008 .

[10]  Gerhard P. Hancke,et al.  A Practical Relay Attack on ISO 14443 Proximity Cards , 2005 .

[11]  David Chaum,et al.  Distance-Bounding Protocols (Extended Abstract) , 1994, EUROCRYPT.

[12]  Bart Preneel,et al.  Key Establishment Using Secure Distance Bounding Protocols , 2007, 2007 Fourth Annual International Conference on Mobile and Ubiquitous Systems: Networking & Services (MobiQuitous).

[13]  Heinrich Luecken,et al.  UWB impulse radio based distance bounding , 2010, 2010 7th Workshop on Positioning, Navigation and Communication.

[14]  Syed Masud Mahmud,et al.  Some attacks against vehicles' passive entry security systems and their solutions , 2003, IEEE Trans. Veh. Technol..

[15]  Srdjan Capkun,et al.  Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars , 2010, NDSS.

[16]  Gildas Avoine,et al.  RFID Distance Bounding Multistate Enhancement , 2009, INDOCRYPT.

[17]  Srdjan Capkun,et al.  Secure positioning in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.