Traditionally, door access and authorization to start a vehicle such as an automobile has been achieved using physical key and lock systems. In these systems, inserting a correct key into the door and ignition locks enabled the user to enter and drive the car.
In recent years, however, traditional key systems have been augmented with, and in many cases replaced, with remote keyless entry (RKE) devices in which users are able to open their car remotely by pressing a button on a portable communication device such as a key fob or key card. In these systems, the authorization to drive typically continued to be provided by physical key and lock systems. In some cases, however, physical keys included embedded immobilizer chips to prevent key copying.
Even more recently, complex embedded electronic systems have become common to provide access and start functions, and to provide wide ranging functions to improve driver safety and convenience. These systems include Passive Entry Passive Start (PEPS) systems. In PEPS systems, a remote receiver and transmitter (or transceiver) is carried with the user in a portable communication device such as a key fob or a card. The portable communication device when successfully challenged transmits a radio frequency (RF) signal to a module within the vehicle for performing a variety of remote vehicle function such door lock/unlock, enabling engine start, or activating external/internal lighting. Passive entry systems include a transmitter and receiver (or transceiver) in an electronic control module disposed within the vehicle. The transceiver is typically in communication with one or more devices (e.g., door lock mechanism) for determining when a request for actuation of a device is initiated (e.g., lifting a door handle) by a user.
Upon sensing the request for actuation, the transceiver broadcasts a passive entry interrogating signal. The fob upon receiving the interrogating signal from the ECU, the portable communication device determines if the interrogating signal is valid. If it is determined a valid signal, then the fob automatically broadcasts an output signal which includes an encrypted or rolling identification code to the electronic control module. The electronic module thereafter determines the validity of the output signal and generates a signal to the device to perform an operation (e.g., the door lock mechanism to unlock the door) if the output signal is determined valid.
Passive entry systems are susceptible to security threats such as relay attack. Relay attack occurs when a first thief triggers the actuation of an interrogation signal, for example, by lifting the vehicle door handle. The passive entry system in the vehicle broadcasts the interrogation signal, since it is expected the fob is in the vicinity of a user lifting the door handle. The first thief carries a repeater which receives the interrogation signal and retransmits the interrogation signal to a second thief in close proximity to a user having an authorized fob capable of broadcasting a response signal for unlocking the vehicle. The re-transmitted signal is typically a UHF signal which can be transmitted over a long range distance as opposed to a low frequency (LF) signal. The second thief also carrying a repeater device receives the UHF signal from the first thief. The signal is decoded and the re-transmitted as a LF signal to the user carrying the authorized fob. The fob receives the re-transmitted signal from the second thief and responds to the received interrogation signal accordingly. The second thief receives the response signal having the valid coded information therein and re-transmits the signal to the first thief. The first thief receives the authenticated response signal and transmits it to the vehicle. The vehicle receives the response signal, validates the signal, and unlocks the vehicle doors. The PEPS system can also be prompted to allow the thief to start the vehicle. The present disclosure addresses methods for preventing relay attacks of the type described above.