Presentation is loading. Please wait.

Presentation is loading. Please wait.

Aurélien Francillon, Boris Danev, Srdjan Čapkun

Published byAdolfo York Modified over 10 years ago

Similar presentations

Presentation on theme: "Aurélien Francillon, Boris Danev, Srdjan Čapkun"— Presentation transcript:

1 Aurélien Francillon, Boris Danev, Srdjan Čapkun
Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Aurélien Francillon, Boris Danev, Srdjan Čapkun Monday February 7, 2011 System Security Group

2 Modern Cars Evolution Increasing amount of electronics in cars
For convenience and security and safety Entertainment Engine control Distance radar TPMS (Usenix Security 2010) On board computers and networks (S&P 2010) Key systems Monday February 7, 2011 System Security Group

3 Agenda Overview of Car Key Systems
Passive Keyless Entry and Start Systems Relay Attacks Analysis on 10 models Conclusion Monday February 7, 2011 System Security Group

4 4 Categories of Key Systems
Metallic key Remote active open Immobilizer chips Passive Keyless Entry and Start Monday February 7, 2011 System Security Group

5 Car Keys Active Remote Open
Active keys: Press a button to open the car Physical key to start the car Need to be close (<100m) Shared cryptographic key between the key and the car Previous attacks: weak crytpography e.g. Keeloq (Eurocrypt 2008, Crypto 2008, Africacrypt 2009) Monday February 7, 2011 System Security Group

6 Keys With Immobilizer Chips
Passive RFID Authorizes to start the engine Close proximity: centimeters Are present in most cars today With metallic key With remote open Shared cryptographic key between the key and the car Previous attacks: weak cryptography e.g. TI DST Usenix Security 2005 Monday February 7, 2011 System Security Group

7 Passive Keyless Entry and Start
PKES Need to be close (<2m) and the car opens Need to be in the car to start the engine No need for human action on the key Monday February 7, 2011 System Security Group

8 Passive Keyless Entry and Start
LF (120 – 135 KHz), (1-2 meters) UHF (315 – 433 MHz), ( meters) 1. Periodic scan (LF) 2. Acknowledge proximity (UHF) 3. Car ID || Challenge (LF) 4. Key Response (UHF) Monday February 7, 2011 System Security Group

9 Main Idea of PKES systems
Cryptographic key authentication with challenge response Replaying old signals impossible Timeouts, freshness Car to Key: inductive low frequency signals Signal strength ~ d-3 Physical proximity Detected by reception of messages Induced in key’s antenna The system is vulnerable to relay attacks Monday February 7, 2011 System Security Group

10 Relay-over-cable Attack on PKES
Very low cost attack (~50€) Authentication do not prevent it Monday February 7, 2011 System Security Group

11 Physical Layer Relay With Cable
Monday February 7, 2011 System Security Group

12 Relay Over the Air Attack
Higher cost, (~1000 $) Fast and difficult to detect Authentication do not prevent it Tested up to 50 m Monday February 7, 2011 System Security Group

13 Physical Layer Wireless Relay
2.5 GHz Monday February 7, 2011 System Security Group

14 Analysis on 10 Models Car models with PKES
10 models from 8 manufacturers All use LF/UHF technology None uses the exact same protocol Form recorded traces Some use longer messages Strong crypto? Monday February 7, 2011 System Security Group

15 Relay Over Cable vs. Model
Cables 10, 30 and 60m Longer distances Depend on the setup Monday, February 07, 2011 System Security Group

16 Key to Antenna Distance
Monday February 7, 2011 System Security Group

17 How Much Delay is Accepted by the Car ?
The maximum distance of relay depends on Acceptable delay Speed of radio waves (~ speed of light ) Possibility to relay at higher levels ? E.g. relay over IP ? To know that we need to delay radio signals Various lengths of cable: not practical Scope/signal generator: too slow Software Defined Radios: still too slow Monday February 7, 2011 System Security Group

18 Inserting a Tunable Delay
We used a Software Defined Radio: USRP/Gnuradio Minimum delay 15ms Samples processed by a computer Delays added by the USB bus We modified the USRP’s FPGA to add tunable delays From 5µs to 10ms Buffering samples on the device Samples directly replayed Without processing on the computer Monday February 7, 2011 System Security Group

19 Maximum Accepted Delay vs. Model
35 µs => 5 Km 10 ms => 1500 Km Non physical layer relays difficult with most models Monday February 7, 2011 System Security Group

20 Implications of The Attack
Relay on a parking lot One antenna near the elevator Attacker at the car while car owner waits for the elevator Keys in locked house, car parked in front of the house E.g. keys left on the kitchen table Put an antenna close to the window, Open and start the car without entering the house Tested in practice Monday February 7, 2011 System Security Group

21 Additionnal Insights When started the car can be driven away without maintaining the relay It would be dangerous to stop the car when the key is not available anymore Some beep, some limit speed No trace of entry/start Legal / Insurance issues Monday February 7, 2011 System Security Group

22 Countermeasures Immediate protection mechanisms
Shield the key Remove the battery Seriously reduces the convenience of use Long term Build a secure system that securely verifies proximity e.g. : Realization of RF Distance bounding Usenix Security 2010 Still some challenges to address before a usable system Monday February 7, 2011 System Security Group

23 Conclusion This is a simple concept, yet extremely efficient attack
Real world use of physical layer relay attacks Relays at physical layer are extremely fast, efficient All tested systems so far are vulnerable Completely independent of Protocols, authentication, encryption Techniques to perform secure distance measurement are required, on a budget Still an open problem Monday February 7, 2011 System Security Group

24 Questions ? Contact : Aurélien Francillon Boris Danev Srdjan Capkun Monday February 7, 2011 System Security Group

Download ppt "Aurélien Francillon, Boris Danev, Srdjan Čapkun"

Similar presentations

TRAIN SAVER By Millennium Innovate Co.. The Content Entrance The problem Some Egyptian facts Inventions statistics The simple solutions Safety obligations.

TRAIN SAVER By Millennium Innovate Co.. The Content Entrance The problem Some Egyptian facts Inventions statistics The simple solutions Safety obligations.
Module X Session Hijacking

Module X Session Hijacking
Gone in 360 Seconds: Hijacking with Hitag2

Gone in 360 Seconds: Hijacking with Hitag2
presents Revcon TechnoloGy Group The Affordable Point-of-Sale Fee Computer Offering you More Power More Flexibility More Options than the higher priced.

presents Revcon TechnoloGy Group The Affordable Point-of-Sale Fee Computer Offering you More Power More Flexibility More Options than the higher priced.
inFire HTC speed Furnace Webinar

inFire HTC speed Furnace Webinar
1 Security in Wireless Protocols Bluetooth, 802.11, ZigBee.

1 Security in Wireless Protocols Bluetooth, , ZigBee.
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
Car Hacking Patrick, James, Penny.

Car Hacking Patrick, James, Penny.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
VM: Chapter 5 Guiding Principles for Software Security.

VM: Chapter 5 Guiding Principles for Software Security.
Users vs. security Cyberdefence seminar, Tallinn Technical University Maksim Afanasjev, 2011.

Users vs. security Cyberdefence seminar, Tallinn Technical University Maksim Afanasjev, 2011.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
Digital Camera Integration Presented by: Anna Vigil Electronics Engineering Technology Colorado State University-Pueblo.

Digital Camera Integration Presented by: Anna Vigil Electronics Engineering Technology Colorado State University-Pueblo.
User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.
Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.

Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.
Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.
REMOTE CONTROL CARS Jonathan Chandler CSCE 390 001 April 21, 2011.

REMOTE CONTROL CARS Jonathan Chandler CSCE April 21, 2011.
University of Massachusetts Amherst InteLock TM Team: Emmanuel Seguin Josh Coffin Anh-Kiet Huynh Christos Tsiokos Remote Access and Proximity Key Advisor:

University of Massachusetts Amherst InteLock TM Team: Emmanuel Seguin Josh Coffin Anh-Kiet Huynh Christos Tsiokos Remote Access and Proximity Key Advisor:
RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.

RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.

Similar presentations

Ads by Google