Car security: remote keyless entry and go Dick Visser and Jarno van - - PowerPoint PPT Presentation

car security remote keyless entry and go
SMART_READER_LITE
LIVE PREVIEW

Car security: remote keyless entry and go Dick Visser and Jarno van - - PowerPoint PPT Presentation

Oct 01, 2023 131 likes •393 views

Introduction Theory Results Conclusion Car security: remote keyless entry and go Dick Visser and Jarno van de Moosdijk June 2009 Dick Visser and Jarno van de Moosdijk Car security: remote keyless entry and go Introduction

slide-1
SLIDE 1

Introduction Theory Results Conclusion

Car security: remote keyless “entry and go”

Dick Visser and Jarno van de Moosdijk June 2009

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-2
SLIDE 2

Introduction Theory Results Conclusion

Mechanical key

. .

◮ Ignition locks since 1919 ◮ Door locks since late 1920s ◮ RFID immobiliser since 1993

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-3
SLIDE 3

Introduction Theory Results Conclusion

Remote keyless entry (RKE)

. .

◮ Remote control for doors ◮ Since 1983 ◮ 315 / 433.92 / 868 MHz ◮ Keys have to be associated to the car ◮ Encryption ◮ KeeLoq cipher

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-4
SLIDE 4

Introduction Theory Results Conclusion

Passive keyless entry (PKE)

. .

◮ Doors open/close without user intervention ◮ Since 1990 ◮ Same frequencies ◮ Same encryption ◮ Often combined with “keyless go”

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-5
SLIDE 5

Introduction Theory Results Conclusion

Future systems

. .

◮ Lots of development ◮ Mostly flashy concept car stuff ◮ Integration is the “key” ◮ Payment systems, multimedia, user prefs

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-6
SLIDE 6

Introduction Theory Results Conclusion

Research questions

◮ What requirements should RKE/PKE adhere to? ◮ Which systems are available and do they meet these

requirements?

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-7
SLIDE 7

Introduction Theory Results Conclusion

Research questions

◮ What requirements should RKE/PKE adhere to? ◮ Which systems are available and do they meet these

requirements?

◮ What requirements should the key order procedure adhere to? ◮ What are current order procedures and do they meet these

requirements?

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-8
SLIDE 8

Introduction Theory Results Conclusion

Method

◮ Defining requirements & threats analysis ◮ Interviewing car dealers, importers, key manufacturers ◮ Examining car key fobs ◮ Assessing current systems and procedures

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-9
SLIDE 9

Introduction Theory Results Conclusion

System architecture

Parts of the car access process

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-10
SLIDE 10

Introduction Theory Results Conclusion

System architecture

Parts of the new/spare key order procedure

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-11
SLIDE 11

Introduction Theory Results Conclusion

CIA Triad

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-12
SLIDE 12

Introduction Theory Results Conclusion

STRIDE threat model (Microsoft)

◮ Spoofing identity ◮ Tampering with data ◮ Repudiation ◮ Information disclosure ◮ Denial of service ◮ Elevation of privilege

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-13
SLIDE 13

Introduction Theory Results Conclusion

CIA vs STRIDE

C

  • n

fi d e n t i a l i t y A c c

  • u

n t a b i l i t y A u t h e n t i c i t y A u t h

  • r

i s a t i

  • n

D a t a i n t e g r i t y A v a i l a b i l i t y Spoofing identity ✓ Tampering with data ✓ Repudiation ✓ Information disclosure ✓ Denial of service ✓ Elevation of privilege ✓

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-14
SLIDE 14

Introduction Theory Results Conclusion

Threat demo

Real world DoS demo

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-15
SLIDE 15

Introduction Theory Results Conclusion

Establishing requirement sets

Apply CIA/STRIDE to car access procedure items Examples:

◮ Key/car should use authentication (S car/key) ◮ Cars should log all lock status changes (R - car) ◮ Key-car communication should not leak information (I -

medium)

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-16
SLIDE 16

Introduction Theory Results Conclusion

Establishing requirement sets

Applied CIA/STRIDE to key order procedure Examples:

◮ Keys should be shipped to static address (S) ◮ Four-eye principle (R) ◮ Online key learning (R,E)

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-17
SLIDE 17

Introduction Theory Results Conclusion

Highlights

General:

◮ Huge amount of different systems

(brand/model/version/year...)

◮ Smaller set of chipset manufacturers ◮ Kerckhoffs‘ principle is used by no one

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-18
SLIDE 18

Introduction Theory Results Conclusion

Highlights

”If everything, except the key, is known, a car would become unsecure very soon due to the fast growing computing power of IT technology compared to automotive technology and their life cycle.”

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-19
SLIDE 19

Introduction Theory Results Conclusion

Highlights

General:

◮ Huge amount of different systems

(brand/model/version/year...)

◮ Smaller set of chipset manufacturers ◮ Kerckhoffs‘ principle is used by no one ◮ Investigating order procedures was less problematic

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-20
SLIDE 20

Introduction Theory Results Conclusion

Highlights

Car access process:

◮ All use proprietary black box systems ◮ No one uses key authentication/authorisation ◮ Majority of ECUs do not log which key changed lock status

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-21
SLIDE 21

Introduction Theory Results Conclusion

Highlights

Key order/learning procedure:

◮ All dealers require ID + proof of ownership ◮ None of them use four-eye principle ◮ Only few brands use online learning/logging ◮ Third party key manufacturers all use plain text HTTP

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-22
SLIDE 22

Introduction Theory Results Conclusion

Recommendations

  • 1. Car industry should honour Kerckhoffs‘ principle
  • 2. Keys should use authentication
  • 3. Cars and keys should use logging
  • 4. All manufacturers should use online learning/logging
  • 5. Third parties should use HTTPS

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-23
SLIDE 23

Introduction Theory Results Conclusion

Further research

  • 1. Relay attack PoC
  • 2. Security certification
  • 3. Cryptanalysis/reverse engineering
  • 4. DoS/User awareness test

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”

slide-24
SLIDE 24

Introduction Theory Results Conclusion

Questions?

Dick Visser and Jarno van de Moosdijk Car security: remote keyless “entry and go”