Up to now, a vehicle control system (also referred to as an electronic key system, a smart entry system, or a passive entry passive start (PEPS)) that permits a predetermined operation on a vehicle based on a bidirectional communication between a vehicle-mounted device that is mounted on a vehicle and a mobile device that can be carried by a user has been known (for example, refer to Patent Literature 1). In the vehicle control system, a request signal is transmitted from the vehicle-mounted device, for example, periodically or when the user performs an operation such as touching a door handle or depressing an engine start switch. An ID included in a response signal transmitted from the mobile device in response to the request signal is checked against a master ID. When verification is successful, locking and unlocking of vehicle doors and an engine start are permitted.
In the above-described vehicle control system, relay attack which is one kind of theft method has been known. The method is illustrated in FIG. 14. In this method, in a situation where an owner is away from the vehicle, criminals X and Y are located between the vehicle and the owner. It is assumed that the owner carries the mobile device. The criminals X and Y possess radio repeaters.
In this state, the criminals X and Y first relay the request signal transmitted from the vehicle to a location of the owner. Although a transmission range of the request signal is limited to a periphery of the vehicle, the request signal can reach the location of the owner by signal relay performed by the criminals X and Y. Upon receiving the request signal, the mobile device carried by the owner of the vehicle returns the response signal responsive to the request signal as an RF signal.
The returned RF signal reaches the vehicle. The vehicle carries out a verification process between the received RF signal and the master ID. Since the RF signal is a signal returned from the mobile device carried by the owner, the verification is naturally successful. As a result, the vehicle permits unlocking of the vehicle door. In this way, the criminal can enter the vehicle.
Further, when the same procedure is repeated after the criminal X has gotten on the vehicle, the vehicle interior verification is successful and the engine start of the vehicle is permitted. In this way, the criminal enables the vehicle to travel. The above process is an outline of relay attack.
Effective countermeasures against such a relay attack are obviously necessary. As disclosed in a technique disclosed in Patent Literature 1, it is known that a first WAKE signal among multiple WAKE signals for activating a mobile device (or activating a communication start) transmitted from a vehicle to the mobile device at the beginning of a communication cannot be relayed to the mobile device by a third party. In order to reduce a damage caused by the relay attack, a vehicle side device disclosed in Patent Literature determines whether a response signal to the WAKE signal is a first response signal to a first WAKE signal or a second or subsequent response signal to a second or subsequent WAKE signal. When the vehicle side device determines that there is no first response signal, a predetermined operation of the vehicle is not permitted.