Presentation is loading. Please wait.

Presentation is loading. Please wait.

563.12.2 Keyless Entry Ryan Kagin University of Illinois Fall 2007.

Similar presentations

Presentation on theme: "563.12.2 Keyless Entry Ryan Kagin University of Illinois Fall 2007."— Presentation transcript:

1 563.12.2 Keyless Entry Ryan Kagin University of Illinois Fall 2007

2 Overview History Structure Communication protocols Automobile applications Security issues Case Study: Texas Instruments Device 2

3 History 1950s: Garage door openers used one common frequency for all garage doors 1970s: DIP switches used to vary transceiver / transmitter codes 1993: Lectrons passive keyless entry for Corvette Brain 07Brain 07, Hirano 88 3

4 Comparison Between Garage Doors and Automobile Systems Garage Door Openers Less security threat One-way communication Simple programming – allow garage door to receive shared key Allow multiple openers for one door Automobile Systems High security threat model Uses combination of one-way and two-way communication Shared key preprogrammed into automobile and key

5 Basic Structure Contains 2 parts: –Transmitter (typically key fob) –Receiver (typically automobile) Current designs use: –Two way communication –LF for sleeping mode 5

6 Communication Protocols 1.Fixed Code Technique –Transmit constant code within certain range, similar to garage door openers in the past. –Typically unusued: moved away from this because of scan and replay attacks 6 Alrabady 05

7 Communication Protocols 2.Rolling Code Technique –Initially start with 40-bit counter –Each communication first transmits counter, then increments it in algorithmic fashion –Automobile verifies transmitted code –Precautions: padding and resynchronizing 7 Alrabady 05

8 Communication Protocols 3.Challenge-Response Technique –Automobile challenges key fob by sending random number –Key fob encrypts it and sends it back to automobile –Automobile compares for validity –Used in remote keyless entry Alrabady 05 8

9 Applications in Automobiles Three main components: Remote Keyless Entry System (RKE) –Also includes passive keyless entry Remote Keyless Ignition System (RKI) Immobilizer (Im) 9

10 Remote Keyless Entry System A system designed to remotely permit or deny access to premises or automobiles. Typically uses rolling code technique –When button is pressed, function code and counter is sent –Automobile verifies counter and performs function if correct Alrabady 03 10

11 Passive Keyless Entry Typically uses challenge-response technique –When reaching for door handle, automobile wakes key fob with LF signal –Communication begins when pulling commences. –Requires fast protocol to prevent mechanical jam. Alrabady 03, 05 11

12 Passive Keyless Entry 12 Challenge with pseudorandom number User pulls door handle Time Key fob computes response If response is valid, automobile performs requested function. The key to the protocol: it needs to be fast to prevent mechanical jam Automobile computes expected response

13 Remote Keyless Ignition A system that allows remote communication to start or turn off a car. Also typically uses challenge-response technique Alrabady 03 13

14 Immobilizer An electronic device fitted to an automobile which prevents the engine from running unless the correct key is present. If key fob is not present, then fuel does not get injected into the engine. 14

15 Security Issues Types of attacks: 1.Scan attack – generic brute force 2.Playback attack – record old messages 3.Two-thief attack – generic man-in-the- middle attack 4.Challenge forward prediction attack – predict future answer from previous 5.Dictionary attack – compile valid pairs Alrabady 05

16 Case Study: TRC1300 Texas Instruments Remote Control Encoders/Decoders Uses 40-bit rolling code ~1.1 trillion different potential codes Transmitter sends 40-bit code and function code (up to 15 different codes) Both transmitter and receiver use same pseudorandom number generator

17 Case Study: TRC1300

18 References 1.Marshall Brian, How Remote Entry Works, entry.htm, accessed 11 Nov 2007. entry.htm 2.Ansaf Ibrahem Alrabady and Syed Masud Mahmud, Some Attacks Against Vehicles Passive Entry Systems and Their Solutions. IEEE Transactions on Vehicular Technology, vol. 52, no. 2, pp. 431-439, March 2003. 3.Ansaf Ibrahem Alrabady and Syed Masud Mahmud, Analysis of Attacks Against the Security of Keyless-Entry Systems for Vehicles and Suggestions for Improved Designs. IEEE Transactions on Vehicular Technology, vol. 54, no. 1, pp. 41-50, January 2005. 4.Xiao Ni and Victor Foo Siang Fook, AES Security Protocol Implementation for Automobile Remote Keyless System. IEEE Transactions on Vehicular Technology, vol. 56, no. 3, pp. 2526-2529, April 2007. 5.Steve Bono, Matthew Green, Adam Stubblefield, and Avi Rubin, Analysis of the Texas Instruments DST RFID, accessed 11 Nov 2007. 6.Texas Instruments, TRC1300 Specifications, accessed 11 Nov 2007. 7.M. Hirano, M. Takeuchi, T. Tomoda, and K. Nakano, Keyless entry system with radio card transponder, IEEE Transactions on Industrial Electronics and Control, vol. 35, no. 2, pp. 208-216, March 2007. 18

Download ppt "563.12.2 Keyless Entry Ryan Kagin University of Illinois Fall 2007."

Similar presentations

Ads by Google