6.3 Countermeasures in the Open Literature
Several countermeasures against relay attacks were pro- posed in the open literature . We examine them here and analyze their effectiveness and appropriateness for PKES systems.
One of the first countermeasures proposed against relay attacks is to rely on the signal strength to indicate the prox- imity between the devices. This is in fact the countermea- sure that is used in today’s PKES systems; the car transmits a short range LF signal such that only if the key is in its close proximity (≤ 1 m) will it hear the signal. Similarly, the car could measure the strength of the signal that the key transmits in order to infer the distance to the key. This countermeasure is very weak and can be simply defeated since the attacker can fully mimic the car and the key by relaying signals using expected signal levels. Other coun- termeasure that rely on the measurements of signal prop- erties, like those using complex modulation schemes, mea- sure group delay times or measure intermodulation prod- ucts suffer from similar shortcomings. Namely, an attacker equipped with a good antenna and waveform generator can mimic expected signal features 11 or can simply relay the observed signals without demodulating them. In  sig- nal corruption is also reported as a possible countermea- sure against relay attacks. However, the authors note that this countermeasure can be overcome by an attacker using a good amplifier.
Relay attacks can also be prevented using multi-channel communication, where typically out-of-band channels are used to verify if the relay occurred . However, these approaches require human involvement, and as such are not well suited for PKES systems.
6.4 Our Proposal: PKES that Relies on RF Dis- tance Bounding
Like other car entry and start systems, the main purpose of PKES is to allow access to the car and authorization to drive to the user that is at the time of entry and start phys- ically close to the car. By being close to the car, the user indicates its intention to open the car and by being in the car, to drive the car. The car therefore needs to be able to securely verify if the user is close to the car to open the car and if the user is in the car to start the car.
Given this, a natural way that can be used to realize se- cure PKES systems is by using distance bounding. Dis- tance bounding denotes a class of protocols in which one entity (the verifier) measures an upper-bound on its distance to another (trusted or untrusted) entity (the prover). This means that given that the verifier and the prover are mutu-
11See  for an example of signal fingerprint replay.
ally trusted, the attacker cannot convince them that they are closer than they really are, just further 12 .
Background on Distance Bounding Protocols In recent years, distance bounding protocols have been extensively studied: a number of protocols were proposed [9, 22, 17, 31, 10, 24, 39, 28, 20, 45] and analyzed [12, 41, 18, 37]. These proposals relied on ultrasonic or RF only communi- cation. Since ultrasonic distance bounding is vulnerable to relay attacks , RF distance bounding is the only viable option for use in PKES systems.
Regardless of the type of distance bounding protocol, a distance bound is obtained from a rapid exchange of mes- sages between the verifier and the prover. The verifier sends a challenge to the prover, to which the prover replies after some processing time. The verifier measures the round-trip time between sending its challenge and receiving the re- ply from the prover, subtracts the prover’s processing time and, based on the remaining time, computes the distance bound between the devices. The verifier’s challenges are unpredictable to the prover and the prover’s replies are com- puted as a function of these challenges. In most distance bounding protocols, a prover XORs the received challenge with a locally stored value , uses the received challenge to determine which of the locally stored values it will re- turn [22, 45], or replies with a concatenation of the received value with the locally stored value . uthentication and the freshness of the messages prevents the attacker from shortening the measured distance.
Recently, two RF distance bounding implementations appeared, showing the feasibility of implementing distance bounding protocols. One implemented XOR resulting in a processing time at the prover of approx. 50 ns  and the other implemented concatenation with the prover’s process- ing time of less than 1 ns .
PKES Requirements for Distance Bounding Implemen- tation ccurate measurement of the distance is crucial to defending against relay attacks. The distance is directly pro- portional to the time of flight of the exchanged messages between the key and the car. Even more important than the actual processing time at the key is the variance of this pro- cessing time. If the key responds in a constant time then the actual duration of time taken by the key to respond is not important. Here, we naturally assume that the car trusts the key. This holds as long as neither the challenge messages from the car, nor the response messages from the key can be advanced, i.e., the messages are fresh and authenticated.
ssuming that the delay incurred by the relay attack is dependent only on the relay cable length (or relay distance
12In the analysis of distance bounding protocols the attack by which an attacker convinces the verifier and the prover that they are closer than they truly are is referred to as the Mafia Fraud ttack .