the attack. It is unclear if the attack relies on a modula- tion/demodulation relay or on a physical-layer relay attack. Moreover, it is impossible to verify the reported claims and if the attack is indeed real.
In this paper, we showed that the introduction of PKES systems raises serious concerns for the security of car ac- cess and authorization to drive systems. We demonstrated on 10 cars from different manufacturers that PKES systems in some modern cars are vulnerable to relay attacks. This attack allows an attacker to open the car and start the engine by placing one antenna near the key holder and a second antenna close to the car. We demonstrated the feasibility of this attack using both wired and wireless setups. Our at- tack works for a specific set of PKES systems that we tested and whose operation is described in this paper. However, given the generality of the relay attack, it is likely that PKES systems based on similar designs are also vulnerable to the same attack.
We analyzed critical time characteristics in order to bet- ter quantify systems’ behavior. We proposed simple coun- termeasures that minimize the risk of relay attacks and that can be immediately deployed by the car owners; how- ever, these countermeasures also disable the operation of the PKES systems. Finally, we discussed recent solutions against relay attacks that preserve convenience of use for which PKES systems were initially introduced.
     
http://www.mercedes-benz.com/. http://en.wikipedia.org/wiki/Smart key. http://en.wikipedia.org/wiki/Keyless Go. http://vintrack.com/SIU.html. Ettus research llc. http://www.ettus.com/.
. lrabady and S. Mahmud. Some attacks against vehicles’
passive entry security systems and their solutions. Vehicular Technology, IEEE Transactions on, 52(2):431 – 439, March
2003. . lrabady and S. Mahmud.
nalysis of attacks against the
security of keyless-entry systems for vehicles and sugges- tions for improved designs. IEEE Transactions on Vehicular
Technology, 54(1):41–50, January 2005.
S. C. Bono, M. Green,
. D. Ru-
bin, and M. Szydlo. Security analysis of a cryptographically- enabled RFID device. In Proc. of the 14th USENIX Security Symposium, Berkeley, US , 2005. USENIX ssociation.  S. Brands and D. Chaum. Distance-bounding protocols. In EUROCRYPT ’93, pages 344–359, Secaucus, NJ, US , 1994. Springer-Verlag New York, Inc.  S. Capkun, L. Buttya´n, and J.-P. Hubaux. SECTOR: Secure Tracking of Node Encounters in Multi-hop Wireless Net- works. In Proc. of the CM Workshop on Security of d
Hoc and Sensor Networks (S SN), Washington, US , Octo- ber 2003.  S. Capkun and J.-P. Hubaux. Secure positioning in wireless networks. Selected reas in Communications, IEEE Journal on, 24(2):221–232, February 2006.  J. Clulow, G. P. Hancke, M. G. Kuhn, and T. Moore. So near and yet so far: Distance-bounding attacks in wireless networks. In Proceedings of the European Workshop on Se- curity and Privacy in d-hoc and Sensor Networks (ES S),
2006.  N. T. Courtois, G. V. Bard, and D. Wagner.
slide attacks on KeeLoq. In Fast Software Encryption: 15th International Workshop, FSE 2008, Lausanne, Switzerland, February 10-13, 2008, Revised Selected Papers, pages 97–
115, Berlin, Heidelberg, 2008. Springer-Verlag. B. Danev, H. Luecken, S. Capkun, and K. Defrawy.
89–98. CM, 2010.  Datagram. Lockpicking forensics. Black Hat US ings, 2009.
 Y. Desmedt, C. Goutier, and S. Bengio. Special uses and abuses of the Fiat-Shamir passport protocol. In CRYPTO, pages 21–39, 1987.  S. Drimer and S. J. Murdoch. Keep your enemies close: dis- tance bounding against smartcard relay attacks. In Proceed- ings of 16th USENIX Security Symposium, Berkeley, C , US , 2007. USENIX ssociation.  M. Flury, M. Poturalski, P. Papadimitratos, J.-P. Hubaux, and J.-Y. Le Boudec. Effectiveness of Distance-Decreasing ttacks gainst Impulse Radio Ranging. In 3rd CM Con- ference on Wireless Network Security (WiSec), 2010.  F.-L. W. Frank Stajano and B. Christianson. Multichannel protocols to prevent relay attacks. In Financial Cryptogra-
phy, 2010.  S. Gezici, Z. Tian, G. Giannakis, H. Kobayashi,
H. Poor, and Z. Sahinoglu. Localization via ultra-wideband radios: a look at positioning aspects for future sensor net- works. Signal Processing Magazine, IEEE, 22(4):70–84, July 2005.  G. Hancke. Practical attacks on proximity identification sys- tems (short paper). In Proc. of the 27th IEEE Symposium on
Security and Privacy, 2006. G. P. Hancke and M. G. Kuhn.
n RFID distance bound- ’05: Proceedings of the
First International Conference on Security and Privacy for
73, Washington, DC, US
, 2005. IEEE Computer Society.
G. P. Hancke, K. Mayes, and K. Markantonakis.
in smart token proximity: Relay attacks revisited. ers & Security, 28(7):615–627, 2009.
 Y.-C. Hu,
. Perrig, and D. B. Johnson. Wormhole attacks
in wireless networks. IEEE Journal on Selected reas in Communications, 24(2):370–380, 2006. S. Indesteege, N. Keller, O. Dunkelman, E. Biham, and
practical attack on KeeLoq.
In Proc. of the
nnual Eurocrypt Conference, pages 1–18, Berlin, Hei-
delberg, 2008. Springer-Verlag.