New key systems allows car owners to enter and start their vehicle without ever touching a key. But the technology is not entirely safe. That is why two ICT experts from the Interdisciplinary Centre for Security, Reliability and Trust (SnT) at the University of Luxembourg partnered up with Honda R&D Europe to address security vulnerabilities. Prof. Thomas Engel and Dr Florian Adamsky signed a 30.000 euro grant agreement with the automotive giant in the Spring of 2017 to collaborate on secure key systems.
Much like contactless payments, the new key technology lets individuals unlock their cars just by getting close to it. Conversely, walking away from a vehicle locks it. The only security measure is thus the limited range of key systems that is about 10 meters. Car thieves can buy off-the-shelf products from the black market to amplify the key signal. This enables them to unlock and start the car and drive away while its owner is just a few meters away. It is such a clean theft that no traces are effectively left behind, making a claim with insurance difficult to nearly impossible.
Unknown to most car owners, passive key entry systems carry this new kind of vulnerability that causes major headaches to insurance companies and authorities. The so-called relay attacks have been around since 2011, but the problem has been growing exponentially and gaining increased attention. Several automobile clubs have begun alerting the population (in German), such as the German automobile club (ADAC).
To prevent such attacks, Thomas Engel and his team have begun working on a solution that works with a smart device, like a phone or a smart watch. They analyse the time the signal needs to travel from the key to the car, and assess if it occurs within a certain distance (distance bounding protocol). When the signal exceeds a specific time, the system recognises the tampering attempt and automatically locks the car. "A big challenge will be the amount of interference on the 2.4 GhZ band because nearly all wireless devices use this frequency nowadays," states Florian Adamsky. "Since the distance bounding protocol is very time-critical, it will also prove difficult to implement that protocol on a normal smart device."
Other car manufacturers, like GM for instance, have also tackled this vulnerability. But so far, no one has yet created a secure and smart key entry system that does not require an internet connection or the push of a button.
The team applied to the call "Honda Initiative Grant Europe Program" in late 2016. The 30.000 euro grant was formally awarded to them in the spring of 2017, and will cover research activities for one year--after which both parties can agree to extend their partnership. SnT researchers Thomas Engel and Florian Adamsky are part of the SECAN-Lab (secan-lab.uni.lu), which addresses both fundamental and applied research activities in computer networking and security.