Originally, vehicles were able to be opened and started only by using mechanical locking systems. This required a key to be put into a locking cylinder or an ignition lock and turned. These systems were largely ousted by what are known as “remote access” systems, however. These electronic systems allow the vehicle to be opened or locked by operating a button, a remote control integrated in the key. To start the vehicle, these systems usually also require the key to be put into an ignition lock or a comparable apparatus.
For some time, automobile manufacturers have provided keyless access and starting systems, also known by the term “keyless entry and start systems”, or “keyless systems” for short. These systems allow a vehicle to be opened and started without having to actively use a vehicle key. For this, an identification encoder (ID encoder) is integrated in the vehicle key. It suffices for the user merely to carry the key on him. As a result, a keyless system is very convenient, since unlocking and starting the vehicle no longer require the key to be sought and operated. So as also to be able to use the vehicle if the electronics fail, the keys also contain purely mechanical “emergency keys” nowadays.
In the meantime, various keyless systems have become known which all operate on the basis of a similar principle. The vehicle contains a plurality of antennas, and the key contains the ID encoder or a transponder. When the key is in proximity to the vehicle, the ID encoder or transponder receives a coded, electromagnetic signal from the antennas in the vehicle, decodes this signal and returns it with new coding. The signal received from the identification encoder is then compared with known code signals by means of evaluation electronics in the vehicle. In the event of a positive match between the signals, the vehicle is opened and started. When the ID encoder or transponder is outside a particular range, the vehicle is usually locked automatically.
Today, electronic engine immobilizers usually operate on the basis of a similar principle. For these, the key requires a simple read only transponder, which cyclically transmits a serial number in plain text, or a rewritable transponder, with which an identification number can be associated. The evaluation electronics in a vehicle are in turn coupled to the transponder by means of electromagnetic waves.
Since the transmission between vehicle and ID encoder is implemented by radio in all cases, the signals can be measured, disturbed or otherwise used by third parties. For example, by using two devices, one of which is situated in proximity to the vehicle and the other of which is situated in proximity to the ID encoder, it is possible to bridge a relatively long distance between the vehicle and the authorized ID encoder of the user by extending the radio link of the LF (low frequency) or HF (high frequency) communication channel used. In this way, it is possible to open and start a vehicle even though the ID encoder is not within the necessary range. In general terms, this is called a relay attack.
DE 10 2005 013 910 B3 describes a method for access and starting verification for a motor vehicle using a mobile identification transmitter with an evaluation unit. In this case the identification transmitter receives signals from antennas arranged in the vehicle, either simultaneously or at independent times from one another, measures the field strength thereof and in turn transmits them to an evaluation unit in the vehicle. This is intended to increase the security of such starting and access systems.
In the case of a relay attack on a keyless system or a transponder-based engine immobilizer, an attempt is usually made to analyze the field strength values transmitted by the vehicle antennas, the order and the combinations in which the antennas are actuated, and to simulate them to the authorized ID encoder. If it is possible to simulate the LF field on the ID encoder with a sufficient level of similarity to that in the vehicle when the communication channel between the vehicle and the authorized ID encoder is extended, the probability of the relay attack overcoming the keyless system or the engine immobilizer increases with every repetition.