LASER: Lightweight And SEcure Remote keyless entry protocol (Extended version)00footnotemark: 0
Since Remote Keyless Entry (RKE) systems started to be widely used, several vulnerabilities in their protocols have been found. Attacks such as jamming-and-replay attacks and relay attacks are still effective against most recent RKE systems [Ibrahim et al., 2018], even when many secure schemes have been designed. Although they are interesting from a theoretical point of view, the complexity of these solutions is excessive to implement them into a fob [Karani et al., 2016]. This paper presents a lightweight and general solution based on a one message protocol, which guarantees the integrity and validity of the authentication in RKE systems, protecting the communication against the well-known jamming-and-replay and relay attacks, without using complex cryptographic schemes. Moreover, we also adapt our protocol for passive RKE (PRKE) systems. Our solution also includes a novel frequency-hopping-based approach which mitigates deny-of-service attacks. Finally, a prototype has been implemented using non-expensive hardware. Obtained results assure scalability, effectiveness and robustness.
LASER: Lightweight And SEcure Remote keyless entry protocol (Extended version)00footnotemark: 0
Vanesa Daza and Xavier Salleras
Department of Information and Communication Technologies Universitat Pompeu Fabra, Barcelona, Spain CYBERCAT - Center for Cybersecurity Research of Catalonia
Keywords: Remote Keyless Entry, Wireless Security, Jamming-and-Replay Attack, Relay Attack.
1 Introduction11footnotetext: This is an extended version of a paper by the authors published in Proceedings of SECRYPT 2019.
The usage of RKE systems has been increasing over the years, being them widely used to remotely lock and unlock cars, garage doors, sensors, doorbells or alarms. The first RKE systems used a simple protocol, where a code was sent in plaintext to a receiver which had to execute a command, let us say, unlock a door. However, as sniffing and replaying the code was enough to be able to unlock such a door, a new scheme called rolling codes was developed, and it is still widely used nowadays. Such scheme pretends to be secure so the key fob computes and sends a new code each time it is used, and each code is accepted by the receiver just once. Even so, it has been proved that rolling codes are vulnerable to different attacks, and authorities are starting to report111https://www.west-midlands.police.uk/news/watch-police-release-footage-relay-crime criminals taking profit of these vulnerabilities. This fact has led researchers to design new secure schemes [Lv and Xu, 2012] to protect these systems, but their complexity made manufacturers not to implement them, so it would mean to develop key fobs with some disadvantages, i.e. a higher price or a faster draining of the battery. This is due to the fact that many solutions proposed to use cryptographic schemes [Ni et al., 2007] which needed higher computing power than the available in the current fobs. Furthermore, the proposed protocols usually need more than one message to exchange some private information or instruction command. For example, some solutions [Glocker et al., 2017] require to use a 4-way handshake before sending an instruction command, which increases the complexity of the protocol.
Contributions. We provide a secure protocol222The presented solution has been submitted as an invention to be pattented with European Pattent application number 19382339.0, on May 6th, 2019. to be implemented by manufacturers into both RKE and PRKE systems. Our scheme is robust against both jamming-and-replay attacks and relay attacks; furthermore, it mitigates the effectiveness of jamming-based deny-of-service attacks, thanks to the integration into the protocol of a frequency-hopping approach. Moreover, our solution is a one message protocol for RKE systems and a two messages protocol for PRKE systems, where both approaches use a hash function proved to have low CPU resources consumption. As such, our solution is lightweight, scalable and easy-to-implement. The purpose of this solution is to be applied into key fobs with the only requirement of having a real-time clock, synchronized periodically as detailed in our protocol. We also demonstrate how our solution can be implemented achieving good results.
Paper organization. This paper is structured as follows: In Section 2 we explain both RKE and PRKE systems along with the common attacks that can be performed against them. In Section 3 the state-of-the-art is presented. In Section 4 we explain our solution. The implementation of the proposed solution is described in Section 5. The experiments and the results derived from them are explained in Section 6. We finally conclude in Section 7.
In this section we first explain both RKE and PRKE systems, as well as the main protocols that are currently used. Later, we explain the main attacks that are currently effective against them.
2.1 Remote Keyless Entry systems
We call RKE to those systems which are composed of a fob F and a device D. When a button on F is pressed, a radio frequency signal is sent to D, including an instruction command that D will have to execute. These systems are commonly used to lock or unlock cars and open their boots, to open a garage door, to control a temperature sensor, etc. The main protocols used by these systems can be divided as follows:
Fixed codes. This is the simplest scheme. As depicted in Figure 0(a), F sends a command cmd to D, which is essentially a bit stream referring to an action that D will have to perform.
Figure 1: Main RKE and PRKE protocols
Rolling codes. There is a wide variety of rolling codes algorithms, but all of them rely on the idea of sending different codes each time a button of F is pressed. In order to accomplish this purpose, both F and D have previously agreed on a secret key from which derives a sequence of codes . Then, as depicted in Figure 0(b), each time a button on F is pressed, the next code c is computed and sent to D, who checks if the received number is equal to a value c that previously it also computed. Apart from c, a command cmd is also sent, which is typically a sequence of bits that refers to an action D will have to do, i.e. unlock a car. Each value c can be used only once. In case D may have not received some of the codes sent by F, it commonly checks up to the next 256 generated codes, and when a correct value c is received by D, all the codes behind it cannot be used again. One of the most used rolling codes devices has been KeeLoq [Microchip Technology Inc., 1996].
2.2 Passive Remote Keyless Entry systems
Passive Remote Keyless Entry (PRKE) systems [King, 1998] are a special type of RKE. PRKE systems do not require the user to manipulate F. Instead, as soon as D receives an external input (i.e. if D is a door, someone pulling the handle), it automatically sends a request to F, which replies with a confirmation. The most used protocol [NXP Semiconductors N.V., 2012] for PRKE systems is the challenge-response protocol:
Protocol 2.1 (Challenge-response protocol for PRKE).
Both D and F perform the following 2-message handshake:
First, D computes a random value r (the challenge), and sends it to F.
F encrypts r using a pre-shared symmetric-key , and sends the encrypted value c to D.
D decrypts c using the same key and verifies the identity of F .
For example, if D is a car using a challenge-response protocol, when the user carrying F pulls the car handle, D sends a message with a challenge r, and as soon as F receives it, it replies with its answer. This is depicted in Figure 0(c).
2.3 Attacks against RKE and PRKE
Jamming-and-replay attack. As depicted in Figure 2, these attacks [Kamkar, 2015] are performed using two transceiver devices. One of them is placed near to D, hidden from the view of the victim V, and jamming the frequency used by the system an attacker A is willing to hack. Then, the other one is close to F, eavesdropping the communications. When V presses the button of F, the signal it sends is jammed by the jamming transceiver J, and V is forced to use an alternative (i.e. a physical key). Meanwhile, A captures the message sent by F, and as D never receives it, A will be able to replay it later. Finally, the jammer can be remotely deactivated by A, as soon as he is sure that V will not try to use F again.
Relay attack. These attacks [Francillon et al., 2010] are performed using two transceivers connected through an LTE network or similar, as depicted in Figure 3. One of them is close to D, and the other one to F. Like this, they create a bridge between both endpoints. If the attacked system is a PRKE, when the attacker pulls the car handle the challenge-response protocol is performed through the bridge created by both atatckers. Otherwise, if we are talking about an RKE system, we have to expect that the user may either accidentally press the button on F, or leave it unattended (thus allowing the attacker to press the button).
Deny-of-service (DoS) attack. This kind of attack [Thakur and Sankaralingam, 2013] is also based on jamming the frequency used by the protocol, but in this case with the main goal of denying the service. It has a lower impact on the system security as it does not grant access to the system, but it bothers the user, who will require a physical key if he wants to perform the action.
3 Related Work
Regarding the attacks against RKE systems, an important contribution on the topic has been recently done in [Ibrahim et al., 2018]. They demonstrate as the jamming-and-relay attacks are nowadays still effective against a wide variety of modern cars, by making use of two units of a radio frequency device called HackRF One333https://greatscottgadgets.com/hackrf/, one for jamming and the other one for logging data and replaying later.
A particular RKE scheme based on rolling codes, and widely used by many manufacturers, is called Hitag2 [Philips Semiconductors, 1998]. An important contribution related to this type of RKE has been done in [Garcia and Oswald, 2016], where a novel correlation-based attack is presented. This attack allows an attacker to recover the secret key used in Hitag2 systems, just by eavesdropping at least four of the codes sent by the fob. Thus, it allows the attacker to clone the fob. As stated in the paper, major manufacturers have sold systems with this vulnerability for over 20 years. As such, the need for new secure and easy-to-implement schemes becomes clear.
Implementation of the attacks. By making use of two radio frequency devices called Yardstick One444https://greatscottgadgets.com/yardstickone/ (YS1), a jamming-and-replay attack can be performed by using a python implementation555https://github.com/exploitagency/rfcat-rolljam of this attack. This implementation makes use of a library called rflib, included in a software used by YS1 called RfCat666https://github.com/atlas0fd00m/rfcat. That said, one antenna will be jamming while the other will be sniffing the code of the fob. The same implementation is useful for performing just the DoS attack. Moreover, taking this implementation as a starting point, implementing a relay attack is trivial.
Proposed solutions. Many secure schemes [Lv and Xu, 2012], [Glocker et al., 2017] have been designed to increase the security of RKE and PRKE systems. The main problem they present is their complexity, so they use cryptographic schemes which are hard to implement into cheap key fobs. On the other hand, some schemes [Jeong and So, 2018] have been proved to be both simple and effective against relay attacks. One of them, proposed in [Ranganathan and Capkun, 2018], demonstrates that a protocol calculating the time between message exchanges can determine if a relay attack is being performed against a PRKE or not. This is the main idea behind LASER, which also solves the replay vulnerability.
4 Our Scheme: Laser
In this section we explain step-by-step our protocol, LASER, for both RKE and PRKE systems. We consider a fob F and a generic device D, assuming it to be a car. First, both endpoints have to agree on a randomly generated secret key sk large enough to make a brute-force attack hard to accomplish (i.e. a 256-bits key). They also need to agree on a set of commands cmd, used for example to lock the car, unlock it, etc. D also has a car identification number () known by F.
In both RKE and PRKE systems, both F and D will be required to compute a hash. The hash function used by both devices was required to be lightweight in order to optimize the timings and the resources consumption. For our implementation and analysis we have chosen to use Blake2, a hash function proposed in [Aumasson et al., 2013], which guarantees a low power and computing resources consumption. Furthermore, it is proved to be as fast as MD5, but solving the security vulnerabilities MD5 presents.
In particular we are interested in using Blake2s, a version of Blake2 optimized for 8-bit platforms, which are the kind of cheap processors commonly used for key fobs. Basing our solution in the usage of a hash function like Blake2 instead of using some complex cryptographic scheme, we are decreasing the costs of implementing our solution, and also avoiding a fast draining of the battery.
Our solution performs a frequency-hopping protocol where the frequency channel used to transmit the messages changes each period of time . This means that both D and F must agree on the same channel, and to achieve it they perform the Protocol 4.1.
Protocol 4.1 (Frequency-hopping for LASER).
The frequency-hopping for a specific endpoint, which has a number of available frequency channels , is performed as follows:
Each period of time p (both F and D have previously agreed on this value) it gets the current datetime in a timestamp form, sums the secret key sk to it and calculates its hash h.
It calculates the channel , which is the modulo of the integer representation of h: .
Next subsections explain the specific details for either RKE and PRKE systems.
4.1 LASER for RKE
In this subsection we first explain all the steps of the RKE protocol in detail, and later the main approach used to prevent each kind of attack.
4.1.1 LASER for RKE: protocol details
In this scheme, D is required to be always listening to a specific channel, so it will be continuously performing the Protocol 4.1. However, F will perform it just before to start the Protocol 4.2. When the owner of D wants to execute a command cmd by pressing a button on F, F calculates by first calculating , but rounding the timestamp to the previous multiple of . Then, next protocol is performed (as depicted in Figure 4):
Protocol 4.2 (LASER for RKE).
Both D and F follow the next protocol:
F takes the current timestamp , sums it to sk and computes its hash h.
F sends h over along with the real timestamp and the command cmd.
As soon as D receives the message sent in the last step, it gets the current timestamp , and checks if the difference between and is lower than or equal to a threshold , previously estimated.
If the above condition is true, and is correct, D executes cmd.
An accurate time synchronization between and is crucial, as has to send an exact timestamp. To overcome this drawback, we propose the usage of the same approach we introduced in our protocol: if sends a timestamp that does not verifies , replies with a message , where is the correct timestamp and . updates its real-time clock after verifying . The purpose of sending also a hash here, is to avoid an attacker being able to send messages to to modify its current time.
4.1.2 LASER for RKE: security analysis
Preventing jamming-and-replay in RKE. To prevent jamming-and-replay, our solution sends a unique hashed value h of a string. Such string results of concatenating a secret key sk and the current timestamp at the moment the protocol is initiated. Like this, each hash will be unique in time, and will be accepted by the receiver just at that moment. Plus, the fact of concatenating a secret key makes impossible for an attacker A to generate a new hash.
Preventing relay attack in RKE. We first need to estimate the threshold , which is the maximum amount of time a message should take going from F to D. In this scenario, if a message took an amount of time () higher than , we could say that F is placed further from D than what it should be, and that the protocol is performed by means of a relay attack, using an LTE network or similar.
Preventing DoS in RKE. Both endpoints have a range of frequency channels available to perform the frequency-hopping protocol, and the aim is to agree on a channel without an attacker being able of knowing it. The purpose is to change the transmitting channel each short period of time p (let us say, 10 seconds), which should be defined by the manufacturer considering the best performance of the device. By doing this, an attacker willing to perform a DoS attack against us will have to jam a wide range of frequencies at the same time. It can be done by means of several jamming devices, which is an expensive investment777https://www.jammer-store.com/hpj16-all-frequencies-jammer.html.
4.2 LASER for PRKE
In this subsection we first explain all the steps of the PRKE protocol with detail, and later we introduce the main approach used to prevent each kind of attack.
4.2.1 LASER for PRKE: protocol details
In this scheme, it will be F who is continuously performing the Protocol 4.1. When the owner of D wants to unlock it by pulling the handle, D calculates by first calculating , but rounding the timestamp to the previous multiple of . Then, next protocol is performed (as depicted in Figure 5):
Protocol 4.3 (LASER for PRKE).
Both D and F follow the next protocol:
D sends over a SYN message to F including the . At the moment it sends the message, it also starts to calculate a message exchanging time .
F computes the hash value of sk plus , and sends the result h to D.
As soon as D receives the message sent in the last step, it stops the counter of . Like this, now D knows a value which is the time between D sending a message and receiving a response. If the received value h is correct and is lower than or equal to a threshold , D executes the desired action.
In PRKE, if does not receive a response after sending the first message of the protocol, it can be that on is incorrect. In this case, must send using all the other frequencies, to be able to reach the one used by , and make it update its current time.
4.2.2 LASER for PRKE: security analysis
Preventing jamming-and-replay in PRKE. To prevent jamming-and-replay, in PRKE we also send a unique hashed value h of a string. Although we also compute h concatenating sk and a timestamp, in this case the later is slightly different. For PRKE the prevention against relay attacks is based on another approach we explain in next paragraph, and this is the reason why we can use the timestamp calculated during the frequency hopping protocol as the value concatenated to sk. Like this, each h can be used only during a short period of time p, thus preventing jamming-and-replay.
Preventing relay attacks in PRKE. The value is the time it takes a message to go from to F, plus a response message to go back to D. By placing F next to D and pulling the handle of the car, we can calculate an estimated value , which is the threshold the protocol should never surpass. If a message took an amount of time higher than , we could say that F is placed further from D than what it should be, and that the protocol is performed by means of a relay attack. As in this case is D who calculates , F will not be required to calculate the current timestamp , thus the protocol will be less time and power consuming for it.
Preventing DoS in PRKE. For PRKE systems, the prevention against DoS attacks works essentially like in RKE systems.
Our solution has been implemented using the following hardware:
A PC with a CPU Intel Core i5 3210M and Kali Linux installed, representing the device D.
A PC with a CPU Intel Atom x7-z8750 and Kali Linux installed, representing the fob F.
Two units of YS1: one plugged in the PC representing D and the other one plugged in the PC representing F.
This prototype888https://github.com/xevisalle/laser has been developed and tested with both PCs having Python, RfCat and some other dependencies installed. Next subsections explain the details of this implementation for both RKE and PRKE systems.
5.1 Implementation of LASER for RKE
Our code is composed of a single script, which can be run either for F and D. Once it has been run in the first PC (acting as D) providing a and a , it starts performing the frequency-hopping protocol. The range of frequencies used by the code can be provided by the user, where the available range depends on the antenna used, in this case YS1. While performing the frequency-hopping protocol, it also starts to listen for incoming messages. In the case of F, the script will remain waiting for a user input, which will be the command to be executed.
Once we press the key corresponding to the command we want to execute, F will first perform the frequency-hopping protocol to determine which frequency has to use, and after this, it will perform the LASER protocol. The message sent by F will be like the one depicted in Figure 6, where and are 4 always identical bytes placed at the beginning and at the end of the message, to make it easier for the receiver to catch it. Furthermore, the protocol keeps being performed while the user retains the key pressed, meaning this that messages are sent continuously till the key is released. Even pressing and releasing the key quickly, our tests demonstrate that around 6 messages are sent on average. This has been done on purpose, like is done in regular RKE systems, to avoid having to press more than once if the receiver is not able to catch the message the first time, due to random hardware errors. Finally, once D receives and verifies the message hash and the timestamps, it executes the command.
|4 bytes||4 bytes||6 bytes||20 bytes||2 bytes||4 bytes|
5.2 Implementation of LASER for PRKE
We run the code like we did with the one for RKE. In this case, D expects a user input which simulates, for example, pulling the car handle. Once done, it performs the frequency hopping protocol to know at which frequency F is expecting to receive messages. After this, it sends a message like the one depicted in Figure 7, where is null. As it happens with the implementation of LASER for RKE, D keeps sending messages while is receiving the input from the user (i.e. while the user is pulling the car handle), in order to guarantee the performance of the protocol.
|4 bytes||4 bytes||6 bytes||4 bytes|
Once F (who was performing the frequency-hopping protocol as well) receives the message from D, it replies with a new message, this time with the field filled. D receives the message and after verifying its hash and the timestamps, it executes the specified command cmd.
6 Experiments and Results
In this section we estimate the threshold , and then we use it to analyze the robustness of both systems against relay attacks.
6.1 Estimating the threshold
For each system RKE and PRKE we have tried to execute a command one thousand times. The success rate has been 100% in both cases, meaning this that the command has been always executed. By logging the timestamps into a dataset, we have found out that the time it takes for a message to go from an endpoint to the other one is never higher than for the RKE solution, as shown in Table 1. For PRKE systems, where the calculated time is how much it takes D to receive F’s reply, the maximum time it took has been .
At this point, we could think on the possibility of choosing the maximum value as the threshold. However, it could be dangerous if a relay attack is performed: for the RKE system, if the message takes the minimum time to go to the attacker , and the second attacker gets to send the relayed message in the same amount of time, it would take . Assuming that the attackers will not be able to exchange the relayed message through a LTE network or similar in less than is a weak premise. To solve this, we could take the average amount of time, but then we are compromising the usability of the system, so most of the time the user will have to press the button more than once, as shown in Figure 8. We can overcome this problem by calculating the third quartile of the dataset, which is higher than the average in both RKE and PRKE systems. We can see in Figure 8 that now the effectivity is higher as well. As every time we press the button in the fob we are sending around 6 messages, the probability of failing when trying to execute a command is almost negligible, so the success rate for each message is almost 75%.
6.2 Robustness against relay attacks
Let us have an RKE relay attack scenario as depicted in Figure 9. If the minimum time it can ever take for the user’s hardware to send a message from F to D is , we can be sure that is the minimum value that can be achieved. As such, our scheme is secure as far as the attackers are not able to achieve the following statement:
On the other hand, we have a PRKE relay attack scenario as depicted in Figure 10. If the minimum time it can ever take for the user’s hardware to send a message from D to F and send the answer back to D is , we can be sure that is the minimum value that can be achieved. As such, our scheme is secure as far as the attackers are not able to achieve the following statement:
If we take as an example the results we got, the attackers trying to hack LASER should achieve the next statements to succeed, where and for RKE:
And and for PRKE:
As detailed in Section 2, the bridge between and can be done through an LTE network or similar. Knowing that the average uplink latency in LTE networks is [Amjad et al., 2018], we could assume two attackers getting lower values for and . Even so, assuming that a relay attack can be successful against LASER is a strong premise.
In this paper we have introduced LASER, a lightweight and secure scheme for both RKE and PRKE systems. LASER solves the security issues present into these systems, completely avoiding jamming-and-replay and relay attacks without using complex cryptographic schemes. Furthermore, it mitigates DoS attacks thanks to a simple frequency-hopping protocol. LASER is easy-to-implement and we demonstrated it by implementing a prototype using non-expensive hardware. Last but not least, we proved the effectiveness and robustness of our solution through different experiments we performed.
This work was supported by Project RTI2018-102112-B-I00 and by the European Research Council under the H2020 Framework Programme/ERC grant agreement 694974.
- Amjad et al., 2018 Amjad, Z., Sikora, A., Lauffenburger, J.-P., and Hilt, B. (2018). Latency reduction in narrowband 4g lte networks. In 2018 15th International Symposium on Wireless Communication Systems (ISWCS).
- Aumasson et al., 2013 Aumasson, J. P., Neves, S., Wilcox-OâHearn, Z., and Winnerlein, C. (2013). BLAKE2: simpler, smaller, fast as MD5. https://blake2.net/.
- Francillon et al., 2010 Francillon, A., Danev, B., and Capkun, S. (2010). Relay attacks on passive keyless entry and start systems in modern cars. https://eprint.iacr.org/2010/332.
- Garcia and Oswald, 2016 Garcia, F. D. and Oswald, D. (2016). Lock It and Still Lose It-On the (In)Security of Automotive Remote Keyless Entry Systems. 25th USENIX Security Symposium (USENIX Security 16).
- Glocker et al., 2017 Glocker, T., Mantere, T., and Elmusrati, M. (2017). A protocol for a secure remote keyless entry system applicable in vehicles using symmetric-key cryptography. In 2017 8th International Conference on Information and Communication Systems (ICICS), pages 310–315.
- Ibrahim et al., 2018 Ibrahim, O. A., Hussain, A. M., Oligeri, G., and Di Pietro, R. (2018). Key is in the air: Hacking remote keyless entry systems. In Proc. of the International Workshop on Cyber Security for Intelligent Transportation Systems (CSITS2018).
- Jeong and So, 2018 Jeong, H. and So, J. (2018). Channel correlation-based relay attack avoidance in vehicle keyless-entry systems. Electronics Letters, 54(6):395–397.
- Kamkar, 2015 Kamkar, S. (2015). Drive it like you hacked it: New attacks and tools to wirelessly steal cars. DEFCON 23.
- Karani et al., 2016 Karani, R., Dhote, S., Khanduri, N., Srinivasan, A., Sawant, R., Gore, G., and Joshi, J. (2016). Implementation and design issues for using bluetooth low energy in passive keyless entry systems. In 2016 IEEE Annual India Conference (INDICON).
- King, 1998 King, J. D. (1998). Passive remote keyless entry system. US6236333B1.
- Lv and Xu, 2012 Lv, X. and Xu, L. (2012). AES encryption algorithm keyless entry system. In 2012 2nd International Conference on Consumer Electronics, Communications and Networks (CECNet), pages 3090–3093.
- Microchip Technology Inc., 1996 Microchip Technology Inc. (1996). TB003 An Introduction to KEELOQ Code Hopping.
- Ni et al., 2007 Ni, X., Shi, W., and Fook, V. F. S. (2007). AES security protocol implementation for automobile remote keyless system. IEEE 65th Vehicular Technology Conference - VTC2007-Spring.
- NXP Semiconductors N.V., 2012 NXP Semiconductors N.V. (2012). NXP keyless entry/go solutions: Advancing keyless entry/go.
- Philips Semiconductors, 1998 Philips Semiconductors (1998). HT2 DC20 S20 HITAG2 Transponders Revision 2.0.
- Ranganathan and Capkun, 2018 Ranganathan, A. and Capkun, S. (2018). Are we really close? verifying proximity in wireless systems. IEEE Security Privacy, pages 1–1.
- Thakur and Sankaralingam, 2013 Thakur, N. and Sankaralingam, A. (2013). Introduction to jamming attacks and prevention techniques using honeypots in wireless networks. IRACST - International Journal of Computer Science and Information Technology and Security (IJCSITS).