Honda-funded project attacks keyless entry security issue

July 09, 2017 // By Christoph Hammerschmidt
Popular among carmakers are currently keyless entry systems that enable users to open the car automatically, without the need of manual activation – just by approaching the vehicle. However, these systems have proved to be not very secure; they can be easily defeated. That is why the Interdisciplinary Centre for Security, Reliability and Trust (SnT) at the University of Luxembourg partnered up with Honda R&D Europe to address security vulnerabilities. In a joint R&D project, Honda and two SnT scientists are working on improving the security of such keyless entry systems.

Much like contactless payments, keyless entry systems let individuals unlock their cars just by getting close to it. Conversely, walking away from a vehicle locks it. The only security measure is thus the limited range of key systems that is about 10 meters. Car thieves can buy off-the-shelf products from the black market to amplify the key signal. This enables them to unlock and start the car and drive away while its owner is just a few meters away. It is such a clean theft that no traces are effectively left behind, making a claim with insurance difficult to nearly impossible. These so-called relay attacks have been around since 2011, but the problem has been growing exponentially and gaining increased attention.

To prevent such attacks, professor Thomas Engel from the University of Luxembourg and his team are working on a solution that involves additional authentication measures based on smart devices like a phone or a smart watch. They analyse the time the signal needs to travel from the key to the car, and assess if it occurs within a certain distance (distance bounding protocol). This time-of-flight measurement returns a precise information on the distance between the key holder and the car. When the signal exceeds a specific time, the system recognises the tampering attempt and automatically locks the vehicle. “A big challenge will be the amount of interference on the 2.4 Ghz band because nearly all wireless devices use this frequency nowadays,” states Florian Adamsky. “Since the distance bounding protocol is very time-critical, it will also prove difficult to implement that protocol on a normal smart device.”