Some motor vehicle security systems regulate operation of the vehicle's engine so that the engine operates only if a valid ignition key is provided in the vehicle ignition. One type of security system, a motor vehicle engine immobilizer system, offers this security by preventing the motor vehicle engine from operating fully unless the motor vehicle security system confirms that the user requesting engine operation is authorized to use the vehicle. Whenever an ignition request is made, the electronics system that governs engine operation checks to make sure this ignition request is made by an authorized user.
Recent vehicle immobilizer systems utilize a system known as “challenge/response” by which the engine electronics checks to make sure the user requesting engine starting is authorized to start the vehicle. One portion of the security system (the challenger) requests another portion of the system (the responder) to “prove” its identity. This proof is based on knowledge of secret information that is shared by the challenger and the responder.
In principle the challenge/response system is fairly simple. The challenger sends a message (the challenge) containing a random number to the responder. The responder takes the random number, performs some manipulation based on the shared secret, and returns the result (the response) to the challenger. The challenger performs the identical manipulation on the If the results match, the responder is deemed to have proven its identity to the challenger and vehicle operation is authorized.
In order for the challenge/response system to be secure, however, the challenge needs to change each time a challenge is sent and the challenge needs to be unpredictable. If the challenge does not change, the correct response would also not change. A potential thief, for example a parking valet in temporary authorized possession of the vehicle, who witnesses one response to the challenge would be able to replay the identical response at a later time and defeat the security system. In addition, if the challenge is predictable (for example, a counter which is simply incremented by one for each new challenge), a potential thief, again in temporary authorized possession of the vehicle, would be able to request the system to compute a response for a challenge that will be used in the near future or even for the set of all challenges that will be used in the near future. The thief would then already have the correct response for a future challenge and would be able to defeat the security of the system in the future.
In order to secure the system against such manipulation, the device that is acting as the challenger should use a random number generation technique to generate a sequence of changing, unpredictable numbers for the challenge. Ideally the number would be generated using a truly random number generator. Unfortunately, however, it is generally difficult to generate a truly random number. It is difficult to find an adequate source of randomness that would result in the number of independent random bits required for a secure challenge. To overcome this problem, immobilizer systems conventionally use pseudo-random number generation techniques to generate a sequence of numbers that have characteristics similar to a true random sequence. Pseudo-random number generators (PRNG's) make use of state information; the output of the generator (and possibly the evolution to the next state) are based on a series of operations based on the current state. The techniques underlying PRNG's are well known to those of skill in the art.
The PRNG, which can be, for example, a portion of the vehicle powertrain controller, generates a stream of continuously changing numbers that are (in theory) unpredictable as long as the potential attacker does not know the key used for the random number generation. The security of the PRNG, however, is only as good as the ability of the challenger to protect its state. If the attacker is able to force specific values of the state, the sequence of challenges will follow a predictable path. For example, if removing power to the powertrain controller or at least to the PRNG resulted in the PRNG state being reset to a fixed value such as all zeros, the system would be insecure. The attacker could simply cause the PRNG to reset, and then the sequence of challenges would be completely predictable. If the attacker can determine the predictable path, the correct responses to subsequent challenges can also be discerned and the security of the vehicle can be compromised. To overcome this weakness in the security system, it is conventional to store the state of the PRNG in non-volatile memory in the powertrain controller.
Even if the state information of the PRNG can be protected in non-volatile memory, it is still possible for a potential thief who has temporary authorized possession of the vehicle to exploit the security system. There are, for example, certain techniques that allow the powertrain controller to be modified such that the controller does not update its copy of the PRNG state variable on power down. With these modifications, the system will repeatedly generate the same challenges, thus allowing the security of the system to be defeated.
Accordingly, it is desirable to provide a motor vehicle engine immobilizer security system and a method for its operation that overcome the problems attendant with conventional immobilizer systems that are based solely on pseudo-random number generation. Further, it is desirable to provide a motor vehicle engine immobilizer security system and a method for its operation that can be implemented without requiring additional expensive hardware. Furthermore, other desirable features and characteristics of the present invention will become apparent from the subsequent detailed description and the appended claims, taken in conjunction with the accompanying drawings and the foregoing technical field and background.