A smart key is an electronic device which authorizes the owner of a car to unlock and start the car based on proximity, without the need to physical contact of the key with the car or interaction with the key by the owner. The idea originates from the early ’80s, and it is now used by different manufacturers under different names, e.g., Honda calls it Smart Entry System.

A number of scientific publications has shown that these Passive Keyless Entry and Start (PKES) systems are highly vulnerable to relay attacks, where an attacker amplifies or bridges the signal from the key over a distance to the car and is therefore able to unlock and start the car. For this attack, a criminal does not need special knowledge because there are low-coast off-the-shelf products on the market to facilitate the process.

In this project we aim to design a secure authentication protocol that can be used with smart devices such as smartphones or smartwatches to unlock and start the car without active interaction with the device. In order to achieve this, we will analyze different approaches such as Distance Bounding Protocol (DBP) and physical Device Fingerprinting (DFP) for smart devices which prevent relay attacks. Distance Bounding Protocols are cryptographic protocols that use the transmission time as an indicator to find out how far away a device is. Device Fingerprinting uses physical device characteristics in order to tell legitimate and relay devices apart. To support a wide range of smart devices, we will utilize Commercial off-the-shelf (COTS) wireless technology such as wireless LAN or Bluetooth and secure them to prevent relay attacks.

Project duration: 01.04.2017 - 28.02.2018.