Relay Attacks on Passive Keyless Entry and Start Systems in Modern - - PowerPoint PPT Presentation

relay attacks on passive keyless entry and start systems
SMART_READER_LITE
LIVE PREVIEW

Relay Attacks on Passive Keyless Entry and Start Systems in Modern - - PowerPoint PPT Presentation

Jun 18, 2023 296 likes •555 views

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Aurlien Francillon, Boris Danev, Srdjan apkun Monday February 7, 2011 System Security Group 1 Modern Cars Evolution Increasing amount of electronics in cars

slide-1
SLIDE 1

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

Aurélien Francillon, Boris Danev, Srdjan apkun

Monday February 7, 2011 1 System Security Group

slide-2
SLIDE 2

Modern Cars Evolution

Increasing amount of electronics in cars For convenience and security and safety

Monday February 7, 2011 2 System Security Group

Entertainment TPMS (Usenix Security 2010) On board computers and networks (S&P 2010) Distance radar Engine control Key systems

slide-3
SLIDE 3

Agenda

  • 1. Overview of Car Key Systems
  • 2. Passive Keyless Entry and Start Systems
  • 3. Relay Attacks
  • 4. Analysis on 10 models
  • 5. Conclusion

Monday February 7, 2011 3 System Security Group

slide-4
SLIDE 4

4 Categories of Key Systems

Metallic key Remote active open Immobilizer chips Passive Keyless Entry and Start

Monday February 7, 2011 4 System Security Group

slide-5
SLIDE 5

Car Keys Active Remote Open

Active keys:

Press a button to open the car Physical key to start the car Need to be close (<100m)

Shared cryptographic key between the key and the car Previous attacks: weak crytpography

e.g. Keeloq (Eurocrypt 2008, Crypto 2008, Africacrypt 2009)

Monday February 7, 2011 5 System Security Group

slide-6
SLIDE 6

Keys With Immobilizer Chips

Immobilizer chips

Passive RFID Authorizes to start the engine Close proximity: centimeters

Are present in most cars today

With metallic key With remote open

Shared cryptographic key between the key and the car Previous attacks: weak cryptography

e.g. TI DST Usenix Security 2005

Monday February 7, 2011 6 System Security Group

slide-7
SLIDE 7

PKES

Need to be close (<2m) and the car opens Need to be in the car to start the engine No need for human action on the key

Passive Keyless Entry and Start

Monday February 7, 2011 7 System Security Group

slide-8
SLIDE 8

Passive Keyless Entry and Start

LF (120 – 135 KHz), (1-2 meters) UHF (315 – 433 MHz), (50-100 meters)

  • 1. Periodic scan (LF)
  • 2. Acknowledge proximity (UHF)
  • 3. Car ID || Challenge (LF)
  • 4. Key Response (UHF)

Monday February 7, 2011 8 System Security Group

slide-9
SLIDE 9

Main Idea of PKES systems

Cryptographic key authentication with challenge response

Replaying old signals impossible Timeouts, freshness

Car to Key: inductive low frequency signals

Signal strength ~ d-3

Physical proximity

Detected by reception of messages Induced in key’s antenna

The system is vulnerable to relay attacks

Monday February 7, 2011 9 System Security Group

slide-10
SLIDE 10

Relay-over-cable Attack on PKES

Very low cost attack (~50€) Authentication do not prevent it

Monday February 7, 2011 10 System Security Group

slide-11
SLIDE 11

Physical Layer Relay With Cable

Monday February 7, 2011 11 System Security Group

slide-12
SLIDE 12

Relay Over the Air Attack

Higher cost, (~1000 $) Fast and difficult to detect Authentication do not prevent it

Tested up to 50 m

Monday February 7, 2011 12 System Security Group

slide-13
SLIDE 13

Physical Layer Wireless Relay

Monday February 7, 2011 13 System Security Group

2.5 GHz

slide-14
SLIDE 14

Car models with PKES

10 models from 8 manufacturers All use LF/UHF technology

None uses the exact same protocol

Form recorded traces

Some use longer messages

Strong crypto?

Analysis on 10 Models

Monday February 7, 2011 14 System Security Group

slide-15
SLIDE 15

Relay Over Cable vs. Model

Monday, February 07, 2011 15 System Security Group

10 30 60 M1 M2 M3 M5 M6 M7 M8 M9 Distance [m] No Amplification Amplification

Cables

10, 30 and 60m

Longer distances

Depend on the setup

slide-16
SLIDE 16

Key to Antenna Distance

Monday February 7, 2011 16 System Security Group

2 4 6 8 M2 M5 M6 M7 M8 M9 Distance [m] Open - Key to Antenna Distance vs. Model No Amplification Amplification 2 4 6 8 M2 M5 M6 M7 M8 M9 Distance [m] Go - Key to Antenna Distance vs. Model No Amplification Amplification

slide-17
SLIDE 17

The maximum distance of relay depends on

Acceptable delay Speed of radio waves (~ speed of light )

Possibility to relay at higher levels ?

E.g. relay over IP ?

To know that we need to delay radio signals

Various lengths of cable: not practical Scope/signal generator: too slow Software Defined Radios: still too slow

How Much Delay is Accepted by the Car ?

Monday February 7, 2011 17 System Security Group

slide-18
SLIDE 18

We used a Software Defined Radio: USRP/Gnuradio Minimum delay 15ms

Samples processed by a computer Delays added by the USB bus

We modified the USRP’s FPGA to add tunable delays

From 5µs to 10ms Buffering samples on the device Samples directly replayed

Without processing on the computer

Inserting a Tunable Delay

Monday February 7, 2011 18 System Security Group

slide-19
SLIDE 19

0.5 2 4 6 8 10 M1 M2 M4 M5 M6 M7 M8 M9 M10 Delay [ms] Maximum Accepted Delay vs. Model

Maximum Accepted Delay vs. Model

35 µs => 5 Km

Monday February 7, 2011 19 System Security Group

10 ms => 1500 Km Non physical layer relays difficult with most models

slide-20
SLIDE 20

Implications of The Attack

Relay on a parking lot

One antenna near the elevator Attacker at the car while car owner waits for the elevator

Keys in locked house, car parked in front of the house

E.g. keys left on the kitchen table Put an antenna close to the window, Open and start the car without entering the house Tested in practice

Monday February 7, 2011 20 System Security Group

slide-21
SLIDE 21

Additionnal Insights

When started the car can be driven away without maintaining the relay

It would be dangerous to stop the car when the key is not available anymore Some beep, some limit speed

No trace of entry/start Legal / Insurance issues

Monday February 7, 2011 21 System Security Group

slide-22
SLIDE 22

Countermeasures

Immediate protection mechanisms

Shield the key Remove the battery

Seriously reduces the convenience of use Long term

Build a secure system that securely verifies proximity

e.g. : Realization of RF Distance bounding

Usenix Security 2010

Still some challenges to address before a usable system

Monday February 7, 2011 22 System Security Group

slide-23
SLIDE 23

Conclusion

This is a simple concept, yet extremely efficient attack

Real world use of physical layer relay attacks Relays at physical layer are extremely fast, efficient

All tested systems so far are vulnerable Completely independent of

Protocols, authentication, encryption

Techniques to perform secure distance measurement are required, on a budget

Still an open problem

Monday February 7, 2011 23 System Security Group

slide-24
SLIDE 24

Questions ?

Monday February 7, 2011 24 System Security Group

Contact : Aurélien Francillon aurelien.francillon@inf.ethz.ch Boris Danev bdanev@inf.ethz.ch Srdjan Capkun capkuns@inf.ethz.ch