CN111083703A - Signal relay safety detection device and method for keyless access control system - Google Patents

Signal relay safety detection device and method for keyless access control system Download PDF

Info

Publication number
CN111083703A
CN111083703A CN201911380268.1A CN201911380268A CN111083703A CN 111083703 A CN111083703 A CN 111083703A CN 201911380268 A CN201911380268 A CN 201911380268A CN 111083703 A CN111083703 A CN 111083703A
Authority
CN
China
Prior art keywords
key
entrance guard
signal
detection module
relay
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911380268.1A
Other languages
Chinese (zh)
Other versions
CN111083703B (en
Inventor
黄磊
王智勇
陈燕呢
冀浩然
申任远
李承泽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Tsinghua Yaxun Electronic Information Research Institute
Original Assignee
Beijing Tsinghua Yaxun Electronic Information Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Tsinghua Yaxun Electronic Information Research Institute filed Critical Beijing Tsinghua Yaxun Electronic Information Research Institute
Priority to CN201911380268.1A priority Critical patent/CN111083703B/en
Publication of CN111083703A publication Critical patent/CN111083703A/en
Application granted granted Critical
Publication of CN111083703B publication Critical patent/CN111083703B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/06Optimizing the usage of the radio link, e.g. header compression, information sizing, discarding information
    • H04W28/065Optimizing the usage of the radio link, e.g. header compression, information sizing, discarding information using assembly or disassembly of packets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • H04W88/04Terminal devices adapted for relaying to or from another terminal or user

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Lock And Its Accessories (AREA)
  • Selective Calling Equipment (AREA)

Abstract

The embodiment of the invention provides a signal relay safety detection device and a signal relay safety detection method for a keyless access control system, wherein the signal relay safety detection device comprises the following steps: the system comprises an entrance guard end detection module, a key end detection module, a relay communication module and a detection result confirmation module; the entrance guard terminal detection module is used for receiving a key awakening signal sent by an entrance guard, transmitting the key awakening signal to the key terminal detection module through the relay communication module, receiving an entrance guard unlocking signal sent by the key terminal detection module through the relay communication module, and sending the entrance guard unlocking signal to the entrance guard; the key end detection module is used for receiving a key awakening signal sent by the entrance guard end detection module through the relay communication module, sending the key awakening signal to the key, receiving an entrance guard unlocking signal sent by the key and transmitting the entrance guard unlocking signal to the entrance guard end detection module through the relay communication module; and the detection result confirmation module confirms the relay safety of the keyless entrance guard system signal according to the result of whether the entrance guard is opened or not.

Description

Signal relay safety detection device and method for keyless access control system
Technical Field
The invention relates to the field of radio security, in particular to a signal relay security detection device and method for a keyless access control system.
Background
PKE (Passive key Entry) refers to a Keyless Entry system that can be opened and closed without a key, and may be applied to a plurality of fields such as automobiles and homes, and among them, is most widely applied in the automobile field.
Taking the application in the automotive field as an example, the working principle of the PKE technology is as follows: when an automobile owner brings a vehicle key to the vicinity of an automobile door, the automobile owner triggers an automobile door inductor by touching an automobile door handle, the inductor sends a starting signal to a controller, the controller sends a low-frequency radio frequency wake-up signal through a 125khz low-frequency coil, the signal is collected by an induction coil in the automobile key and is transmitted to an automobile key controller to identify the identity of the automobile and a command to be executed, once the identity is identified, the automobile key automatically sends a radio frequency signal which is the same as that in an RKE system to unlock the automobile door, and the automobile door controller receives the signal to open the automobile door; and similarly, when the vehicle owner is ready to leave the vehicle, the door controller sends a low-frequency signal by touching the door handle, and the vehicle key also sends a lock-falling signal after receiving the signal so as to lock the vehicle door.
The PKE technology is different from the traditional RKE (Remote Key Access control) technology in that the vehicle can be identified, and bidirectional identity authentication is realized. However, the bidirectional authentication has no credible third party as a notary, the identification is only carried out according to the identity information transmitted by the opposite party, and the key unlocking signal can be completely and automatically triggered. Such a mechanism makes PKE systems vulnerable to signal relay amplification. The specific attack principle is as follows: when a door handle is touched, a 125khz low-frequency radio frequency wake-up signal sent by a door controller is bridged to a vehicle key in a remote vehicle main packet, so that the vehicle key thinks that a vehicle owner wants to open a door beside a vehicle and then sends an unlocking signal, the unlocking signal is forwarded to the vicinity of the door in a bridging mode again, the door thinks that the vehicle key sends the unlocking signal, the door is opened, and the signal relay amplification attack is completed.
The door acts as the first line of defense for vehicle safety and if breached can have a significant impact on the subsequent parts of vehicle safety, which can also lead to property loss for vehicle owners who often leave valuables in the vehicle. After the door of the vehicle is broken, the control bus in the vehicle can be contacted, and then a plurality of small devices capable of communicating with the outside are additionally arranged, so that remote vehicle control is realized, and great threat is generated to the safety of personnel in the vehicle; furthermore, if left unattended, even if the vehicle is not remotely operated, some in-vehicle control units can be destroyed, causing some functions of the vehicle to fail, thus neither requiring excessive technical capabilities nor threatening the safety of the driver, which is a serious hazard, and therefore, there is a need for safety detection and protection of the PKE system. However, there is still no device and method for relay security detection of PKE system signals in the prior art.
Disclosure of Invention
The embodiment of the invention provides a signal relay safety detection device and method for a keyless access control system, which are used for overcoming the defect that a device and a method for carrying out relay safety detection on a keyless access control system signal are lacked in the prior art and realizing the relay safety detection on the keyless access control system signal.
An embodiment of a first aspect of the present invention provides a signal relay security detection apparatus for a keyless entry system, including: the system comprises an entrance guard end detection module 101, a key end detection module 102, a relay communication module 103 and a detection result confirmation module 104; wherein the content of the first and second substances,
the entrance guard end detection module 101 is configured to receive a key wake-up signal sent by an entrance guard, transmit the key wake-up signal to the key end detection module 102 through the relay communication module 103, receive an entrance guard unlocking signal sent by the key end detection module 102 through the relay communication module 103, and send the entrance guard unlocking signal to the entrance guard; the key terminal detection module 102 is configured to receive a key wake-up signal sent by the access control terminal detection module 101 through the relay communication module 103, send the key wake-up signal to the key, receive an access control unlocking signal sent by the key, and transmit the access control unlocking signal to the access control terminal detection module 101 through the relay communication module 103; the detection result confirmation module 104 confirms the relay security of the keyless entry system signal according to the result of whether the entry will be opened or not.
In the above technical solution, the access control terminal detecting module 101 includes a first low frequency signal unit 1011, a first controller 1012, a first rfid unit 1013, and a first communication unit 1014; the first low-frequency signal unit 1011 receives a key wake-up signal sent by an entrance guard under the control of the first controller 1012; the first rfid unit 1013 sends an entrance lock unlocking signal to an entrance under the control of the first controller 1012; the first communication unit 1014 is an interface between the access control end detection module 101 and an external communication network, and realizes sending and receiving of interactive data between an access control and a key; the first controller 1012 is configured to control the first low-frequency signal unit 1011, the first rfid unit 1013, and the first communication unit 1014, and implement data conversion, and package and unpack of data packets.
In the above technical solution, the key end detecting module 102 includes a second low frequency signal unit 1021, a second controller 1022, a second rfid unit 1023, and a second communication unit 1024; wherein the content of the first and second substances,
the second low frequency signal unit 1021 sends a key wake-up signal to the key under the control of the second controller 1022; the second rfid unit 1023 receives an entrance guard unlocking signal sent by a key under the control of the second controller 1022; the second communication unit 1024 is an interface between the key end detection module 102 and an external communication network, and realizes sending and receiving of interactive data between the access control and the key; the second controller 1022 is configured to control the second low frequency signal unit 1021, the second rfid unit 1023, and the second communication unit 1024, and implement data conversion, and package and unpack of data packets.
In the above technical solution, the first communication unit 1014 and the second communication unit 1024 use the same communication technology, and the communication technology uses one of the following communication technologies: 4G communication technology, 5G communication technology, 3G communication technology, and 2G communication technology.
In the above technical solution, the relay communication module 103 realizes intranet penetration; the relay communication module 103 is implemented by one of the following methods: virtual private servers, port mapping, intermediate proxy forwarding, and peer-to-peer intranet penetration.
An embodiment of a second aspect of the present invention provides a signal relay security detection method for a keyless entry system, where the method is implemented based on the signal relay security detection device for the keyless entry system provided by the embodiment of the first aspect of the present invention, and the method includes:
the entrance guard end detection module 101 transmits a key wake-up signal sent by an entrance guard to the key end detection module 102 through communication connection; wherein the communication connection is a communication connection between the gate inhibition detection module 101 and the key inhibition detection module 102 via the relay communication module 103;
the key end detection module 102 sends the key wake-up signal to a key; an entrance guard unlocking signal sent by a key is sent to the entrance guard detection module 101 through the communication connection;
the entrance guard side detection module 101 sends an entrance guard unlocking signal to an entrance guard;
the detection result confirmation module 104 confirms the relay security of the keyless entry system signal according to the result of whether the entry will be opened or not.
In the above technical solution, the communication connection is a virtual private network.
In the above technical scheme, the key wake-up signal that entrance guard sent is transmitted through communication connection to entrance guard end detection module 101 the key end detection module 102 includes:
the entrance guard end detection module 101 performs data encapsulation on a key wake-up signal sent by an entrance guard, and transmits a data packet which is obtained after encapsulation and comprises the key wake-up signal to the key end detection module 102 through communication connection; accordingly, the number of the first and second electrodes,
the sending of the key wake-up signal to the key by the key end detection module 102 includes:
the key end detection module 102 disassembles the data packet including the key wake-up signal, and sends the key wake-up signal obtained after disassembly to the key.
In the above technical solution, the sending the door lock unlock signal sent by the key to the door lock detection module 101 through the communication connection includes:
the key terminal detection module 102 performs data encapsulation on an entrance guard unlocking signal sent by a key, and transmits a data packet which is obtained after encapsulation and comprises the entrance guard unlocking signal to the entrance guard terminal detection module 101 through communication connection; accordingly, the number of the first and second electrodes,
entrance guard's end detection module 101 includes to entrance guard's transmission entrance guard's unblock signal:
the entrance guard terminal detection module 101 disassembles the data packet including the entrance guard unlocking signal, and sends the entrance guard unlocking signal obtained after disassembly to the entrance guard.
According to the signal relay safety detection device and method for the keyless access control system, provided by the embodiment of the invention, the relay amplification attack experimental environment is set for the keyless access control system signal, so that the signal relay safety of the keyless access control system can be detected, and the detection requirements of the signal relay safety in the whole vehicle safety detection are met.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a signal relay security detection device of a keyless entry system according to an embodiment of the present invention;
fig. 2 is a flowchart of a signal relay security detection method of a keyless entry system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the embodiment of the present invention, an automobile is taken as an example, and the structure of the signal relay security detection apparatus of the keyless entry system and the steps of the signal relay security detection method of the keyless entry system are described. However, it should be understood by those skilled in the art that the signal relay security detection apparatus and the signal relay security detection method for the keyless entry system provided by the embodiment of the present invention are also applicable to keyless entry systems in other situations.
Fig. 1 is a schematic structural diagram of a signal relay security detection apparatus of a keyless entry system according to an embodiment of the present invention, and as shown in fig. 1, the signal relay security detection apparatus of the keyless entry system according to the embodiment of the present invention includes: the system comprises an entrance guard end detection module 101, a key end detection module 102, a relay communication module 103 and a detection result confirmation module 104; the entrance guard side detection module 101 is configured to receive a key wake-up signal sent by an entrance guard and transmit the key wake-up signal to the key side detection module 102 through the relay communication module 103, and receive an entrance guard unlocking signal sent by the key side detection module 102 through the relay communication module 103 and send the entrance guard unlocking signal to the entrance guard; the key end detection module 102 is configured to receive a key wake-up signal sent by the access control end detection module 101 through the relay communication module 103, send the key wake-up signal to the key, receive an access control unlocking signal sent by the key, and transmit the access control unlocking signal to the access control end detection module 101 through the relay communication module 103; the detection result confirmation module 104 confirms the relay security of the keyless entry system signal according to the result of whether the entry will be opened or not.
The gate inhibition terminal detection module 101 includes a first low Frequency signal unit 1011, a first controller 1012, a first Radio Frequency Identification (RFID) unit 1013, and a first communication unit 1014; the first low-frequency signal unit 1011 receives a key wake-up signal sent by a vehicle door under the control of the first controller 1012; the first rfid unit 1013 sends an entrance guard unlocking signal to the vehicle door under the control of the first controller 1012; the first communication unit 1014 is an interface between the access control terminal detection module 101 and an external communication network, and realizes the transmission and reception of interactive data between an automobile and a key; the first controller 1012 is configured to control the first low-frequency signal unit 1011, the first rfid unit 1013, and the first communication unit 1014, and also implements functions such as data conversion, and package and disassembly of data packets.
In the embodiment of the present invention, the first communication unit 1014 employs a 4G communication technology to create a VPN (virtual private network) between the first communication unit 1014 and the second communication unit 1024, enabling communication between the first communication unit 1014 and an external public communication network. On the one hand, the bridging distance of the signal of the keyless access control system is increased, on the other hand, the safety of communication can be increased, the two-way authentication process of both communication parties is ensured, and the test data cannot be attacked by a man-in-the-middle to be leaked.
In other embodiments of the present invention, the first communication unit 1014 is not limited to the 4G communication technology, and may also be implemented by using a 3G communication technology, a 5G communication technology, or even a 2G communication technology.
The key end detection module 102 includes a second low frequency signal unit 1021, a second controller 1022, a second rfid unit 1023, and a second communication unit 1024; wherein, the second low frequency signal unit 1021 sends a key wake-up signal to the car key under the control of the second controller 1022 to trigger wake-up; the second rfid unit 1023 receives a door unlock signal from a key under the control of the second controller 1022; the second communication unit 1024 is an interface between the key end detection module 102 and an external communication network, and realizes sending and receiving of interactive data between the automobile and the key; the second controller 1022 is configured to control the second low-frequency signal unit 1021, the second rfid unit 1023, and the second communication unit 1024, and further implement functions of data conversion, and encapsulation and disassembly of data packets.
In the embodiment of the present invention, the second communication unit 1024 is implemented by using a 4G communication technology. In other embodiments of the present invention, the second communication unit 1024 is not limited to the 4G communication technology, and may also be implemented by using a 3G communication technology, a 5G communication technology, or even a 2G communication technology. Those skilled in the art will appreciate that the communication technology employed by the second communication unit 1024 should be consistent with the communication technology employed by the first communication unit 1014.
The relay communication module 103 is used as a network connection springboard for realizing data communication between the access control terminal and the key terminal. Due to the network address translation technology, the access control end detection module 101 and the key end detection module 102, which are intranet devices, cannot directly communicate with each other through a public communication network, and therefore the relay communication module 103 is required to assist in achieving remote mutual access between the two modules.
In the embodiment of the present invention, the relay communication module 103 uses a VPS (Virtual Private Server) technology to implement inter-intranet penetration. In other embodiments of the present invention, methods such as port mapping, intermediate proxy forwarding, peer-to-peer intranet tunneling, etc. may also be employed.
The use of the relay communication module 103 enables the entrance guard detection module 101 and the key terminal detection module 102 located in different networks to remotely communicate, so that the simulation of relay amplification attack is possible.
The signal relay safety detection device of the keyless access control system provided by the embodiment of the invention can realize the detection of the signal relay safety of the keyless access control system by setting an experimental environment for relay amplification attack for the signal of the keyless access control system, and meets the detection requirement of the signal relay safety detection in the whole vehicle safety detection.
Fig. 2 is a flowchart of a signal relay security detection method of a keyless entry system according to an embodiment of the present invention, where the method is implemented by using the signal relay security detection apparatus of the keyless entry system shown in fig. 1, and as shown in fig. 2, the signal relay security detection method of the keyless entry system according to the embodiment of the present invention includes:
step 201, the entrance guard end detection module 101 transmits a key wake-up signal sent by an entrance guard to the key end detection module 102 through communication connection; wherein the communication connection is a communication connection between the gate inhibition detection module 101 and the key inhibition detection module 102 via the relay communication module 103;
in an embodiment of the invention, the communication connection is a Virtual Private Network (VPN). On the one hand, the bridging distance of the signal of the keyless access control system is increased, on the other hand, the safety of communication can be increased, the two-way authentication process of both communication parties is ensured, and the test data cannot be attacked by a man-in-the-middle to be leaked.
Step 202, the key end detection module 102 sends the key wake-up signal to a key; an entrance guard unlocking signal sent by a key is sent to the entrance guard detection module 101 through the communication connection;
step 203, the entrance guard side detection module 101 sends an entrance guard unlocking signal to an entrance guard;
and step 204, the detection result confirmation module 104 confirms the relay security of the keyless entry system signal according to the result of whether the entry will be opened.
The signal relay safety detection method for the keyless access control system provided by the embodiment of the invention detects the relay safety of the keyless access control system signal by simulating the process of signal relay amplification attack of the keyless access control system, and meets the detection requirement of the part in the whole vehicle safety detection.
As a preferred implementation manner, in another embodiment of the present invention, the transmitting, by the gate inhibition terminal detecting module 101, a key wake-up signal sent by a gate inhibition to the key end detecting module 102 through a communication connection includes:
the entrance guard end detection module 101 performs data encapsulation on a key wake-up signal sent by an entrance guard, and transmits a data packet which is obtained after encapsulation and comprises the key wake-up signal to the key end detection module 102 through communication connection; accordingly, the number of the first and second electrodes,
the sending of the key wake-up signal to the key by the key end detection module 102 includes:
the key end detection module 102 disassembles the data packet including the key wake-up signal, and sends the key wake-up signal obtained after disassembly to the key.
The signal relay safety detection method of the keyless access control system provided by the embodiment of the invention increases the safety of data by packaging and disassembling the data of the key wake-up signal.
As a preferred implementation manner, in another embodiment of the present invention, the sending the access unlocking signal sent by the key to the access terminal detecting module 101 through the communication connection includes:
the key terminal detection module 102 performs data encapsulation on an entrance guard unlocking signal sent by a key, and transmits a data packet which is obtained after encapsulation and comprises the entrance guard unlocking signal to the entrance guard terminal detection module 101 through communication connection; accordingly, the number of the first and second electrodes,
entrance guard's end detection module 101 includes to entrance guard's transmission entrance guard's unblock signal:
the entrance guard terminal detection module 101 disassembles the data packet including the entrance guard unlocking signal, and sends the entrance guard unlocking signal obtained after disassembly to the entrance guard.
The signal relay safety detection method of the keyless access control system increases the safety of data by packaging and disassembling the data of the access control unlocking signal.
Another embodiment of the present invention provides a signal relay security detection method for a keyless entry system, further comprising:
s1-1, the first low frequency signal unit 1011 of the door control end detecting module 101 receives the key wake-up signal sent by the vehicle door and transmits the key wake-up signal to the first controller 1012.
S1-2, the first controller 1012 performs data encapsulation on the received key wake-up signal, establishes a communication connection between the first communication unit 1014 and the second communication unit 1024 of the key end detection module 102 through the relay communication module 103, and then sends out a data packet with the key wake-up signal through the communication connection.
In the embodiment of the present invention, the communication connection is a TCP socket connection of a virtual intranet.
S1-3, the second communication unit 1024 of the key end detection module 102 receives the data packet with the key wake-up signal through communication connection and transmits the data packet to the second controller 1022, and the second controller 1022 disassembles the data packet to obtain the key wake-up signal.
S1-4, the second RFID unit 1023 of the key end detection module 102 sends the key wake-up signal to the key.
S1-5, the second low frequency signal unit 1021 of the key end detection module 102 receives the door unlocking signal responded by the key, and transmits the door unlocking signal to the second controller 1022, and the second controller 1022 performs data encapsulation on the door unlocking signal, and then sends out the data packet containing the door unlocking signal through the second communication unit 1024 via the previously established communication connection.
And S1-6, transmitting the data packet with the entrance guard unlocking signal to the entrance guard detection module 101 through the relay communication module 103.
S1-7, the first communication unit 1014 of the access control end detection module 101 receives the data packet with the access control unlocking signal through the communication connection, and transmits the data packet to the first controller 1012, and the first controller 1012 disassembles the data packet to obtain the access control unlocking signal.
S1-8, the first radio frequency identification unit 1013 in the entrance guard side detection module 101 sends an entrance guard unlocking signal to an entrance guard.
S1-9, the detection result confirmation module 104 confirms the relay security of the keyless entry system signal according to the result of whether the entrance guard is opened or not.
The signal relay safety detection method for the keyless access control system provided by the embodiment of the invention detects the relay safety of the keyless access control system signal by simulating the process of signal relay amplification attack of the keyless access control system, and meets the detection requirement of the part in the whole vehicle safety detection.
The following describes a process of a PKE system signal relay security test of a certain type of automobile as an example.
S2-1, connecting all devices in the keyless entry system signal relay safety detection device provided by the embodiment of the invention;
s2-2, starting a server in the public Internet, starting VPS service, and setting a virtual intranet address segment 192.168.0.1/24 and virtual intranet DHCP service;
s2-3, starting the entrance guard end detection module 101 and the key end detection module 102, respectively setting VPN addresses to be connected for the entrance guard end detection module 101 and the key end detection module 102, then establishing a virtual network card for VPN service, enabling hardware equipment of a car door end and a key end to be connected to the same intranet, and allocating two IP addresses of 192.168.0.101 and 192.168.0.102 through DHCP service;
s2-4, establishing a TCP socket channel between the entrance guard end detection module 101 and the key end detection module 102 through the virtual intranet established in S2-3, setting communication transceiving port numbers to be 9998 and 9999, and sending a heartbeat signal every 5S to keep connection;
s2-5, moving the entrance guard end detection module 101 to the side of the vehicle and placing the entrance guard end detection module near the vehicle door, moving the key end detection module 102 away from the vehicle, and placing the key at the side of the key end detection module 102;
s2-6, a door handle is held at a door to trigger a sensor, so that the door sends a wake-up signal, and the wake-up signal is processed by the door access terminal detection module 101 and then sent to a virtual intranet 192.168.0.102:9998 through a port number 9999 through local socket service;
s2-7, after receiving the data packet from 192.168.0.101:9999, the 9998 port of the key end detection module 102 is processed and sent to the key;
s2-8, the key obtains the wake-up signal, sends the door unlock signal to the key end detection module 102, and then sends the signal to 192.168.0.101:9998 through the 9999 port after processing;
s2-9, a 9999 port of the entrance guard terminal detection module 101 receives data packets from 192.168.0.102:9999, unpacks the data packets, and sends a door unlocking signal to a vehicle door;
s2-10, if the door receives the unlocking signal to obtain the unlocking instruction so as to unlock the door, the fact that the PKE system of the automobile cannot defend signal relay amplification attack is proved, and otherwise, the PKE system of the automobile can defend.
The embodiment of the invention proves that the signal relay safety detection device and the signal relay safety detection method of the keyless access control system can realize signal relay safety detection of the keyless access control system.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (9)

1. The utility model provides a keyless entry system signal relay safety inspection device which characterized in that includes: the system comprises an entrance guard end detection module (101), a key end detection module (102), a relay communication module (103) and a detection result confirmation module (104); wherein the content of the first and second substances,
the entrance guard end detection module (101) is used for receiving a key awakening signal sent by an entrance guard, transmitting the key awakening signal to the key end detection module (102) through the relay communication module (103), receiving an entrance guard unlocking signal sent by the key end detection module (102) through the relay communication module (103), and sending the entrance guard unlocking signal to the entrance guard; the key end detection module (102) is used for receiving a key wake-up signal sent by the entrance guard end detection module (101) through the relay communication module (103), sending the key wake-up signal to a key, receiving an entrance guard unlocking signal sent by the key, and transmitting the entrance guard unlocking signal to the entrance guard end detection module (101) through the relay communication module (103); and the detection result confirmation module (104) confirms the relay security of the keyless entrance guard system signal according to the result of whether the entrance guard is opened or not.
2. The signal relay security detection device of the keyless entry system according to claim 1, wherein the access terminal detection module (101) comprises a first low frequency signal unit (1011), a first controller (1012), a first radio frequency identification unit (1013), and a first communication unit (1014); the first low-frequency signal unit (1011) receives a key wake-up signal sent by an entrance guard under the control of the first controller (1012); the first radio frequency identification unit (1013) sends an entrance guard unlocking signal to an entrance guard under the control of the first controller (1012); the first communication unit (1014) is an interface between the entrance guard terminal detection module (101) and an external communication network, and realizes the transmission and reception of interactive data between an entrance guard and a key; the first controller (1012) is used for controlling the first low-frequency signal unit (1011), the first radio frequency identification unit (1013) and the first communication unit (1014), and realizing data conversion, and packaging and dismantling of data packets.
3. The signal relay security detection device of claim 2, wherein the key-less access control system comprises a second low-frequency signal unit (1021), a second controller (1022), a second radio frequency identification unit (1023), and a second communication unit (1024); wherein the content of the first and second substances,
the second low-frequency signal unit (1021) sends a key wake-up signal to a key under the control of the second controller (1022); the second radio frequency identification unit (1023) receives an entrance guard unlocking signal sent by a key under the control of the second controller (1022); the second communication unit (1024) is an interface between the key end detection module (102) and an external communication network, and realizes the sending and receiving of interactive data between the entrance guard and the key; the second controller (1022) is configured to control the second low-frequency signal unit (1021), the second rfid unit (1023), and the second communication unit (1024), and to implement data conversion, and encapsulation and disassembly of data packets.
4. The keyless entry system signal relay security detection device of claim 3 wherein the first communication unit (1014) and the second communication unit (1024) employ the same communication technology, the communication technology employing one of the following: 4G communication technology, 5G communication technology, 3G communication technology, and 2G communication technology.
5. The signal relay safety detection device of the keyless entry system according to claim 1, wherein the relay communication module (103) realizes intranet penetration; the relay communication module (103) is realized by adopting one of the following methods: virtual private servers, port mapping, intermediate proxy forwarding, and peer-to-peer intranet penetration.
6. A signal relay security detection method for a keyless entry system, the method being implemented based on the signal relay security detection device for the keyless entry system according to any one of claims 1 to 5, the method comprising:
the entrance guard terminal detection module (101) transmits a key wake-up signal sent by an entrance guard to the key terminal detection module (102) through communication connection; wherein the communication connection is between the gate inhibition detection module (101) and the key inhibition detection module (102) via the relay communication module (103);
the key end detection module (102) sends the key wake-up signal to a key; an entrance guard unlocking signal sent by a key is sent to the entrance guard detection module (101) through the communication connection;
the entrance guard terminal detection module (101) sends an entrance guard unlocking signal to an entrance guard;
and the detection result confirmation module (104) confirms the relay security of the keyless entrance guard system signal according to the result of whether the entrance guard is opened or not.
7. The signal relay security detection method of the keyless entry system according to claim 6, wherein the communication connection is a virtual private network.
8. The signal relay security detection method of the keyless entry system according to claim 6, wherein the step of transmitting the key wake-up signal sent by the entrance guard to the key end detection module (102) by the entrance guard end detection module (101) through a communication connection comprises:
the entrance guard terminal detection module (101) performs data encapsulation on a key wake-up signal sent by an entrance guard, and transmits a data packet which is obtained after encapsulation and comprises the key wake-up signal to the key terminal detection module (102) through communication connection; accordingly, the number of the first and second electrodes,
the key end detection module (102) sending the key wake-up signal to a key comprises:
the key end detection module (102) disassembles the data packet including the key wake-up signal, and sends the key wake-up signal obtained after disassembly to the key.
9. The signal relay security detection method of the keyless entry system according to claim 6, wherein the sending the entry unlock signal sent by the key to the entry side detection module (101) through the communication connection comprises:
the key terminal detection module (102) performs data encapsulation on an entrance guard unlocking signal sent by a key, and transmits a data packet which is obtained after encapsulation and comprises the entrance guard unlocking signal to the entrance guard terminal detection module (101) through communication connection; accordingly, the number of the first and second electrodes,
entrance guard's end detection module (101) send entrance guard's unblock signal to entrance guard includes:
the entrance guard terminal detection module (101) disassembles the data packet including the entrance guard unlocking signal, and sends the entrance guard unlocking signal obtained after disassembly to the entrance guard.
CN201911380268.1A 2019-12-27 2019-12-27 Signal relay safety detection device and method for keyless access control system Active CN111083703B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911380268.1A CN111083703B (en) 2019-12-27 2019-12-27 Signal relay safety detection device and method for keyless access control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911380268.1A CN111083703B (en) 2019-12-27 2019-12-27 Signal relay safety detection device and method for keyless access control system

Publications (2)

Publication Number Publication Date
CN111083703A true CN111083703A (en) 2020-04-28
CN111083703B CN111083703B (en) 2021-03-09

Family

ID=70318850

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911380268.1A Active CN111083703B (en) 2019-12-27 2019-12-27 Signal relay safety detection device and method for keyless access control system

Country Status (1)

Country Link
CN (1) CN111083703B (en)

Citations (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1717705A (en) * 2002-11-29 2006-01-04 皇家飞利浦电子股份有限公司 Electronic communication system and method of detecting a relay attack thereon
CN203902481U (en) * 2014-06-03 2014-10-29 郑州大学 Automobile keyless access control system
CN105398420A (en) * 2015-11-09 2016-03-16 莆田市云驰新能源汽车研究院有限公司 Keyless entry system detecting method for automobile
CN103679058B (en) * 2013-12-25 2016-06-22 湖北警官学院 The system and method for non-contact IC card defence relay attack
CN105835834A (en) * 2015-01-29 2016-08-10 通用汽车环球科技运作有限责任公司 Method and system for authenticating vehicle equipped with passive keyless system
US9501883B2 (en) * 2011-03-17 2016-11-22 Unikey Technologies Inc. Wireless access control system including lock assembly generated magnetic field based unlocking and related methods
CN106507362A (en) * 2016-12-09 2017-03-15 中国科学院信息工程研究所 A kind ofly detect the method for the relay attack of wireless authentication based on full-duplex communication
EP3287331A1 (en) * 2016-08-25 2018-02-28 Nxp B.V. Automotive security apparatus and associated methods
CN108068759A (en) * 2016-11-18 2018-05-25 上海海拉电子有限公司 The system and method for preventing relay attack
EP3335942A1 (en) * 2016-12-14 2018-06-20 Nxp B.V. Secure vehicle access system, key, vehicle and method therefor
CN108297830A (en) * 2017-01-11 2018-07-20 福特全球技术公司 For protecting method and apparatus of the system for making Vehicular system passively unlock from relaying site attack
EP3376475A1 (en) * 2017-03-15 2018-09-19 Nxp B.V. Security apparatus
CN109462626A (en) * 2017-09-06 2019-03-12 上海海拉电子有限公司 A kind of vehicle enters system and car key, vehicle sharing method
US20190114857A1 (en) * 2017-10-18 2019-04-18 Nxp B.V. Passive keyless entry system for preventing relay attacks
CN109844823A (en) * 2016-10-12 2019-06-04 株式会社电装 The positioning of PEPS portable device
US10427643B1 (en) * 2018-07-13 2019-10-01 Nxp B.V. Defense against relay attack in passive keyless entry systems
CN110337390A (en) * 2016-12-30 2019-10-15 罗伯特·博世有限公司 For system of defense from the passive vehicle access control system of bluetooth low energy (BLE) and its method of relay attack
CN110562195A (en) * 2018-05-17 2019-12-13 大众汽车有限公司 Relay attack defense
US10515497B2 (en) * 2015-12-10 2019-12-24 Panasonic Intellectual Property Management Co., Ltd. On-vehicle device, mobile device, and wireless communication system for vehicles

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3596896A4 (en) * 2017-03-15 2020-02-19 Visa International Service Association Method and system for relay attack detection

Patent Citations (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060044108A1 (en) * 2002-11-29 2006-03-02 Koninklijke Philips Electronics N.V. Electronic communication system and method of detecting a relay attack thereon
CN1717705A (en) * 2002-11-29 2006-01-04 皇家飞利浦电子股份有限公司 Electronic communication system and method of detecting a relay attack thereon
US9501883B2 (en) * 2011-03-17 2016-11-22 Unikey Technologies Inc. Wireless access control system including lock assembly generated magnetic field based unlocking and related methods
CN103679058B (en) * 2013-12-25 2016-06-22 湖北警官学院 The system and method for non-contact IC card defence relay attack
CN203902481U (en) * 2014-06-03 2014-10-29 郑州大学 Automobile keyless access control system
CN105835834A (en) * 2015-01-29 2016-08-10 通用汽车环球科技运作有限责任公司 Method and system for authenticating vehicle equipped with passive keyless system
CN105398420A (en) * 2015-11-09 2016-03-16 莆田市云驰新能源汽车研究院有限公司 Keyless entry system detecting method for automobile
US10515497B2 (en) * 2015-12-10 2019-12-24 Panasonic Intellectual Property Management Co., Ltd. On-vehicle device, mobile device, and wireless communication system for vehicles
EP3287331A1 (en) * 2016-08-25 2018-02-28 Nxp B.V. Automotive security apparatus and associated methods
US20180056939A1 (en) * 2016-08-25 2018-03-01 Nxp B.V. Automotive security apparatus and associated methods
CN109844823A (en) * 2016-10-12 2019-06-04 株式会社电装 The positioning of PEPS portable device
CN108068759A (en) * 2016-11-18 2018-05-25 上海海拉电子有限公司 The system and method for preventing relay attack
CN106507362A (en) * 2016-12-09 2017-03-15 中国科学院信息工程研究所 A kind ofly detect the method for the relay attack of wireless authentication based on full-duplex communication
EP3335942A1 (en) * 2016-12-14 2018-06-20 Nxp B.V. Secure vehicle access system, key, vehicle and method therefor
CN110337390A (en) * 2016-12-30 2019-10-15 罗伯特·博世有限公司 For system of defense from the passive vehicle access control system of bluetooth low energy (BLE) and its method of relay attack
CN108297830A (en) * 2017-01-11 2018-07-20 福特全球技术公司 For protecting method and apparatus of the system for making Vehicular system passively unlock from relaying site attack
EP3376475A1 (en) * 2017-03-15 2018-09-19 Nxp B.V. Security apparatus
CN109462626A (en) * 2017-09-06 2019-03-12 上海海拉电子有限公司 A kind of vehicle enters system and car key, vehicle sharing method
US20190114857A1 (en) * 2017-10-18 2019-04-18 Nxp B.V. Passive keyless entry system for preventing relay attacks
CN110562195A (en) * 2018-05-17 2019-12-13 大众汽车有限公司 Relay attack defense
US10427643B1 (en) * 2018-07-13 2019-10-01 Nxp B.V. Defense against relay attack in passive keyless entry systems

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
姬国珍: "汽车无线钥匙安全分析及改进建议", 《通信技术》 *
蟹蟹: "对PKE(无钥匙进入系统)的简单分析及可用漏洞分析", 《知乎》 *

Also Published As

Publication number Publication date
CN111083703B (en) 2021-03-09

Similar Documents

Publication Publication Date Title
CN106851629B (en) Method for low power consumption Bluetooth communication between mobile equipment and vehicle
US10369964B2 (en) Keyless entry system security enhancement
CN105844749B (en) A kind of Automobile handset system for unlocking and its unlocking method
CN104517338B (en) Distance entrance and its implementation based on wireless network
CN101436934B (en) Method, system and equipment for controlling user networking
CN103918014B (en) Method and system for open technique device
CN101674109A (en) NFC monitoring device, NFC communication terminal and monitoring system
US20080066186A1 (en) Method and Service Control Center for Updating Authorization Data in an Access Arrangement
CN105323302A (en) Establishing secure communication for vehicle diagnostic data
US10252699B2 (en) Method for operating a passive radio-based locking device and passive radio-based locking device with a mobile device as a transportation vehicle key
CN109040285B (en) Method and device for safety authentication of vehicle-mounted network, storage medium and vehicle
CN104183036A (en) Movement history assurance for secure passive keyless entry and start systems
CN107516365A (en) Virtual key management method, device and system
CN105187442A (en) Vehicle authorization method, device, vehicle-mounted terminal, terminal and system
WO2021244589A1 (en) Smart key, and relay attack prevention method and system
CN105261091B (en) The method and apparatus of one-key start vehicle
Humayed et al. Cyber-physical security for smart cars: taxonomy of vulnerabilities, threats, and attacks
US11736466B2 (en) Access control system
JP2014032667A (en) Method and system for authenticating user in remote access to at least one automobile system of automobile
CN103216160A (en) Mobile phone Bluetooth automobile door lock
CN103617713A (en) Remote control method of vehicle, user terminal and vehicle-mounted terminal
CN102740141A (en) Mobile Internet instant video privacy protecting method and system
US20130185766A1 (en) Communications relay apparatus
CN106875532B (en) A kind of intelligent door lock and control equipment and system and remotely control method for unlocking
CN202141943U (en) Vehicle-mounted diagnosis safety verification system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant