Known authentication systems for vehicles such as “passive keyless systems” or “hands-free entry/go systems” or keyless entry systems do not require an authentication tool or a key to be used to activate certain actions.
Thus, it is possible with such systems, for example, to unlock a vehicle without active use of an authentication tool or car key and to start the vehicle by merely pressing a start button. This is made possible by the authentication tool or a keyless entry key with a chip that the user keeps on hand.
When systems from the state of the art of technology are used, the vehicle sends a weak signal with a range of a few meters, which is received by the authentication tool. The authentication tool then sends a signal to the vehicle, which the vehicle uses to determine whether the authentication tool is authorized and then, based on that determination, whether access or driver authentication commands can be implemented.
Thus, such authentication systems no longer require a deliberate user interaction on the authentication tool. Instead, they merely check whether the authentication tool is in the immediate vicinity of the car (in the case of access) or inside the car (in the case of driver authentication) at the moment when an authentication check is supposed to take place.
In the context of these authentication or keyless entry systems, attack scenarios relying on special properties of the technologies associated with these systems are brought to the foreground.
Thus, attack scenarios are currently known which extend the associated transmission path of the authentication system or the transmission path between the key and vehicle. These scenarios are known as relay station attacks (RSAs).
When this type of relay station attack is carried out, the signal of the vehicle to the authentication tool is forwarded or extended via a pair of antennas. An antenna/relay station must be close to the vehicle (typically less than 2 meters away) and the other antenna/relay station must be close to the authorized authentication tool (typically less than 2 meters away). The distance between the two relay stations (wireless transmission extension stations) can be very large here and is merely dependent on the specific implementation of the relay stations, whose objective is typically criminal in nature and on which it cannot be assumed that regulatory provisions have a limiting effect.
Consequently, the vehicle can be opened or started through a relay attack, even though the associated authentication tool is located outside of the usual distance for opening the vehicle or authenticating the driver.