X hits on this document

PDF document

Relay ttacks on Passive Keyless Entry and Start Systems in Modern Cars - page 14 / 15

60 views

0 shares

1 downloads

0 comments

14 / 15

the attack. It is unclear if the attack relies on a modula- tion/demodulation relay or on a physical-layer relay attack. Moreover, it is impossible to verify the reported claims and if the attack is indeed real.

8 Conclusion

In this paper, we showed that the introduction of PKES systems raises serious concerns for the security of car ac- cess and authorization to drive systems. We demonstrated on 10 cars from different manufacturers that PKES systems in some modern cars are vulnerable to relay attacks. This attack allows an attacker to open the car and start the engine by placing one antenna near the key holder and a second antenna close to the car. We demonstrated the feasibility of this attack using both wired and wireless setups. Our at- tack works for a specific set of PKES systems that we tested and whose operation is described in this paper. However, given the generality of the relay attack, it is likely that PKES systems based on similar designs are also vulnerable to the same attack.

We analyzed critical time characteristics in order to bet- ter quantify systems’ behavior. We proposed simple coun- termeasures that minimize the risk of relay attacks and that can be immediately deployed by the car owners; how- ever, these countermeasures also disable the operation of the PKES systems. Finally, we discussed recent solutions against relay attacks that preserve convenience of use for which PKES systems were initially introduced.

References

[1] [2] [3] [4] [5] [6]

http://www.mercedes-benz.com/. http://en.wikipedia.org/wiki/Smart key. http://en.wikipedia.org/wiki/Keyless Go. http://vintrack.com/SIU.html. Ettus research llc. http://www.ettus.com/.

. lrabady and S. Mahmud. Some attacks against vehicles’

passive entry security systems and their solutions. Vehicular Technology, IEEE Transactions on, 52(2):431 – 439, March

[7]

2003. . lrabady and S. Mahmud.

nalysis of attacks against the

security of keyless-entry systems for vehicles and sugges- tions for improved designs. IEEE Transactions on Vehicular

Technology, 54(1):41–50, January 2005.

[8]

S. C. Bono, M. Green,

. Stubblefield,

. Juels,

. D. Ru-

bin, and M. Szydlo. Security analysis of a cryptographically- enabled RFID device. In Proc. of the 14th USENIX Security Symposium, Berkeley, US , 2005. USENIX ssociation. [9] S. Brands and D. Chaum. Distance-bounding protocols. In EUROCRYPT ’93, pages 344–359, Secaucus, NJ, US , 1994. Springer-Verlag New York, Inc. [10] S. Capkun, L. Buttya´n, and J.-P. Hubaux. SECTOR: Secure Tracking of Node Encounters in Multi-hop Wireless Net- works. In Proc. of the CM Workshop on Security of d

Hoc and Sensor Networks (S SN), Washington, US , Octo- ber 2003. [11] S. Capkun and J.-P. Hubaux. Secure positioning in wireless networks. Selected reas in Communications, IEEE Journal on, 24(2):221–232, February 2006. [12] J. Clulow, G. P. Hancke, M. G. Kuhn, and T. Moore. So near and yet so far: Distance-bounding attacks in wireless networks. In Proceedings of the European Workshop on Se- curity and Privacy in d-hoc and Sensor Networks (ES S),

2006. [13] N. T. Courtois, G. V. Bard, and D. Wagner.

lgebraic and

slide attacks on KeeLoq. In Fast Software Encryption: 15th International Workshop, FSE 2008, Lausanne, Switzerland, February 10-13, 2008, Revised Selected Papers, pages 97–

[14]

115, Berlin, Heidelberg, 2008. Springer-Verlag. B. Danev, H. Luecken, S. Capkun, and K. Defrawy.

ttacks

on

physical-layer

identification.

In

Proc.

of

the

3th

CM

Conference

on

Wireless

Network

Security

(WiSec),

pages

89–98. CM, 2010. [15] Datagram. Lockpicking forensics. Black Hat US ings, 2009.

Brief-

[16] Y. Desmedt, C. Goutier, and S. Bengio. Special uses and abuses of the Fiat-Shamir passport protocol. In CRYPTO, pages 21–39, 1987. [17] S. Drimer and S. J. Murdoch. Keep your enemies close: dis- tance bounding against smartcard relay attacks. In Proceed- ings of 16th USENIX Security Symposium, Berkeley, C , US , 2007. USENIX ssociation. [18] M. Flury, M. Poturalski, P. Papadimitratos, J.-P. Hubaux, and J.-Y. Le Boudec. Effectiveness of Distance-Decreasing ttacks gainst Impulse Radio Ranging. In 3rd CM Con- ference on Wireless Network Security (WiSec), 2010. [19] F.-L. W. Frank Stajano and B. Christianson. Multichannel protocols to prevent relay attacks. In Financial Cryptogra-

phy, 2010. [20] S. Gezici, Z. Tian, G. Giannakis, H. Kobayashi,

. Molisch,

H. Poor, and Z. Sahinoglu. Localization via ultra-wideband radios: a look at positioning aspects for future sensor net- works. Signal Processing Magazine, IEEE, 22(4):70–84, July 2005. [21] G. Hancke. Practical attacks on proximity identification sys- tems (short paper). In Proc. of the 27th IEEE Symposium on

[22]

Security and Privacy, 2006. G. P. Hancke and M. G. Kuhn.

ing

protocol.

In

SecureComm

n RFID distance bound- ’05: Proceedings of the

First International Conference on Security and Privacy for

Emerging

reas

in

Communications

Networks,

pages

67–

73, Washington, DC, US

, 2005. IEEE Computer Society.

[23]

G. P. Hancke, K. Mayes, and K. Markantonakis.

Confidence

in smart token proximity: Relay attacks revisited. ers & Security, 28(7):615–627, 2009.

Comput-

[24] Y.-C. Hu,

. Perrig, and D. B. Johnson. Wormhole attacks

[25]

in wireless networks. IEEE Journal on Selected reas in Communications, 24(2):370–380, 2006. S. Indesteege, N. Keller, O. Dunkelman, E. Biham, and

B. Preneel.

practical attack on KeeLoq.

In Proc. of the

27th

nnual Eurocrypt Conference, pages 1–18, Berlin, Hei-

delberg, 2008. Springer-Verlag.

Document info
Document views60
Page views63
Page last viewedMon Dec 05 08:04:33 UTC 2016
Pages15
Paragraphs699
Words11298

Comments