CN114630329A - Method and device for identifying relay attack in PEPS scene - Google Patents

Method and device for identifying relay attack in PEPS scene Download PDF

Info

Publication number
CN114630329A
CN114630329A CN202210291320.1A CN202210291320A CN114630329A CN 114630329 A CN114630329 A CN 114630329A CN 202210291320 A CN202210291320 A CN 202210291320A CN 114630329 A CN114630329 A CN 114630329A
Authority
CN
China
Prior art keywords
signal
condition
signal strength
difference threshold
signal direction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210291320.1A
Other languages
Chinese (zh)
Inventor
文峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Continental Investment China Co ltd
Original Assignee
Continental Investment China Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Continental Investment China Co ltd filed Critical Continental Investment China Co ltd
Priority to CN202210291320.1A priority Critical patent/CN114630329A/en
Publication of CN114630329A publication Critical patent/CN114630329A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/65Environment-dependent, e.g. using captured environmental data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]

Abstract

The invention discloses a method for identifying relay attack in a PEPS scene, which comprises the following steps: obtaining at least one of the following parameters for a plurality of messages: signal strength and signal direction; determining that a relay attack is present if at least one of the following conditions is met: condition 1: a signal strength difference between at least two signal strengths of the plurality of messages is less than a set signal strength difference threshold, condition 2: the signal direction difference between at least two of the signal directions of the plurality of messages is less than the set signal direction difference threshold. By the method, whether the relay attack exists or not is judged according to the signal strength difference and/or the signal direction difference of the messages, so that the relay attack can be identified on the condition of not adding extra hardware, and the safety of a PEPS scene is improved.

Description

Method and device for identifying relay attack in PEPS scene
Technical Field
The invention relates to the technical field of automobiles and communication, in particular to a method and equipment for identifying relay attack in a PEPS scene.
Background
In a PEPS (Passive Entry Passive Start) scenario, wireless communication is performed between an end-of-vehicle controller (e.g., an ECU (Electronic Control Unit)) disposed on a vehicle and a mobile terminal (e.g., a smart key or a smart phone) carried by a vehicle user, so as to achieve functions of authorization for Entry and Start, monitoring a vehicle user orientation, controlling opening and closing of a vehicle door, ignition of the vehicle, and the like, thereby replacing a conventional mechanical key of the vehicle. Fig. 1 shows a common PEPS scenario, as shown in fig. 1, a plurality of antennas 3 are disposed on a vehicle 1, and a wireless communication connection is established between the vehicle 1 and a mobile terminal 2 through BLE (Bluetooth Low Energy) technology.
However, the PEPS scenario has a potential vulnerability to attack, namely relay attack. Fig. 2 shows a schematic diagram of a relay attack, in which an attacker places a relay device a near a vehicle 1 to function as a simulator of a mobile terminal 2 and a relay device B near a vehicle user to function as a simulator of a vehicle-end controller in a scenario where the vehicle user (carrying the mobile terminal 2) is far away from the vehicle, and communication is performed between the relay device a and the relay device B via a wireless link. During a relay attack, the relay device a and the relay device B do not have to understand the contents of messages sent by the mobile terminal and the vehicle-end controller. The relay device a and the relay device B only need to receive a message on one side and reproduce the message as it is on the other side, so that the vehicle-end controller and the mobile terminal carried by the vehicle user can mistakenly assume that the other is nearby and establish wireless communication, thereby achieving an aggressive behavior of unlocking and starting the vehicle.
Disclosure of Invention
The present invention is based on the idea of providing a method and an apparatus for identifying a relay attack in a PEPS scenario, thereby solving the above-mentioned problems in the prior art.
The embodiment of the invention provides a method for identifying relay attack in a PEPS scene, which comprises the following steps:
obtaining at least one of the following parameters for a plurality of messages: signal strength and signal direction;
determining that a relay attack is present if at least one of the following conditions is met:
condition 1: a signal strength difference between at least two of the signal strengths of the plurality of messages is less than a set signal strength difference threshold, an
Condition 2: a signal direction difference between at least two signal directions of the plurality of message signal directions is less than a set signal direction difference threshold.
Alternatively, as long as either of the condition 1 and the condition 2 is satisfied, it is determined that the relay attack exists.
Alternatively, only if both of the condition 1 and the condition 2 are satisfied, it is determined that the relay attack exists.
Optionally, the condition 1 is specifically: there is a signal strength difference that is less than the set signal strength difference threshold.
Optionally, the condition 1 is specifically: the ratio of the number of signal strength differences smaller than the set signal strength difference threshold to the number of all signal strength differences is larger than the set first ratio threshold.
Optionally, the condition 1 is specifically: all the signal intensity differences are smaller than the set signal intensity difference threshold value.
Optionally, the condition 2 is specifically: there is a signal direction difference that is less than a set signal direction difference threshold.
Optionally, the condition 2 is specifically: the ratio of the number of signal direction differences smaller than the set signal direction difference threshold value to the number of all signal direction differences is larger than the set second ratio threshold value.
Optionally, the condition 2 is specifically: all the signal direction differences are smaller than the set signal direction difference threshold value.
Optionally, the plurality of messages correspond to different signal transmitters provided on the vehicle.
According to another aspect of the invention, a computer-readable storage medium is proposed, on which a computer program is stored, the computer program comprising executable instructions which, when executed by a processor, carry out the method as described above.
According to still another aspect of the present invention, there is provided a mobile terminal including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to execute the executable instructions to implement the method as described above.
According to still another aspect of the present invention, there is provided an end controller including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to execute the executable instructions to implement the method as described above.
The method and the equipment for identifying the relay attack in the PEPS scene at least have the following advantages that:
in the invention, whether the relay attack exists is judged according to the signal strength difference and/or the signal direction difference of the messages, so that the relay attack can be identified on the condition of not increasing additional hardware, and the safety of a PEPS scene is improved.
Drawings
Further details and advantages of the present invention will become apparent from the detailed description provided hereinafter. It is to be understood that the following drawings are merely illustrative and not drawn to scale and are not to be considered limiting of the application, the detailed description being made with reference to the accompanying drawings, in which:
fig. 1 shows a common PEPS scenario.
Fig. 2 shows a schematic diagram of a relay attack.
Fig. 3 shows a flowchart of a method for identifying a relay attack in a PEPS scenario according to one embodiment of the present invention.
Detailed Description
Embodiments of the present invention are described below with reference to the drawings. In the following description, numerous specific details are set forth in order to provide a thorough understanding of, and enabling description for, those skilled in the art. It will be apparent, however, to one skilled in the art that the present invention may be practiced without some of these specific details. Furthermore, it should be understood that the invention is not limited to specific described embodiments. Rather, any combination of the features and elements described below is contemplated as carrying out the invention, whether or not they relate to different embodiments. Thus, the following aspects, features, embodiments and advantages are merely illustrative and are not considered elements or limitations of the claims except where explicitly recited in a claim.
The method for identifying the relay attack in the PEPS scene is mainly based on the following principle:
in a normal PEPS, messages received by the mobile terminal originate from multiple signal transmitters (e.g., multiple antennas) disposed at different locations of the vehicle, and therefore, the signal strength difference and the signal direction difference between different messages may be relatively large. In contrast, when there is a relay attack, the messages received by the mobile terminal are all forwarded by the same relay device (e.g., relay device B in fig. 2), and the signal strength and signal direction of the messages transmitted by the relay device are substantially the same. Therefore, a signal strength difference threshold and/or a signal direction difference threshold may be set, and when the mobile terminal receives a signal strength difference between a plurality of messages that is less than the set signal strength difference threshold and/or a signal direction difference between a plurality of messages that is less than the set signal direction difference threshold, it is determined that a relay attack is present.
Referring now to fig. 3, a flowchart of a method for identifying a relay attack in a PEPS scenario is shown in accordance with an embodiment of the present invention. As shown in fig. 3, the method for identifying relay attack in PEPS scenario of the present invention comprises the following steps:
step S301, acquiring at least one of the following parameters of a plurality of messages: signal strength and signal direction.
The Signal Strength of the message may be an RSSI (Received Signal Strength Indication) value. The signal direction of the message may be an Angle-of-Arrival (AoA) value. The multiple messages may be sent from the same MAC (Medium Access Control) address in different timeslots, or may be messages from different MAC addresses. Due to the existence of noise, the relevant signals need to be filtered to remove the noise, so that the accuracy and the stationarity of the acquired signal strength and signal direction are ensured.
Step S302, determining that a relay attack exists if at least one of the following conditions is satisfied: condition 1: a signal strength difference between at least two signal strengths of the plurality of messages is less than a set signal strength difference threshold; condition 2: the signal direction difference between at least two of the signal directions of the plurality of messages is less than the set signal direction difference threshold.
In the first embodiment, it may be determined that a relay attack exists in the case where either one of the conditions 1 and 2 is satisfied, that is, in the case where a signal strength difference between at least two signal strengths is smaller than a set signal strength difference threshold value or a signal direction difference between at least two signal directions is smaller than a set signal direction difference threshold value, it may be considered that a relay attack exists. The specific values of the signal strength difference threshold and the signal direction difference threshold can be self-defined according to actual needs.
In the second embodiment, it is determined that a relay attack exists only in the case where both of the condition 1 and the condition 2 are satisfied. That is, a relay attack is considered to be present in the case where the signal strength difference between at least two signal strengths is less than a set signal strength difference threshold and the signal direction difference between at least two signal directions is less than a set signal direction difference threshold. The specific values of the signal strength difference threshold and the signal direction difference threshold can be self-defined according to actual needs.
The skilled person can select one of the first and second embodiments described above depending on the actual situation. The amount of calculation required with the first embodiment is smaller than that with the second embodiment, but the probability of occurrence of a recognition error with the second embodiment (i.e., the relay attack is considered to be present in the case where there is no relay attack in reality) is smaller than that with the first embodiment.
A specific form of condition 1 may be any one of the following:
1. there is a signal strength difference that is less than the set signal strength difference threshold. That is, the condition 1 is considered to be satisfied as long as the signal strength difference between two signal strengths among the signal strengths of the plurality of messages is smaller than the set signal strength difference threshold.
2. The ratio of the number of signal strength differences smaller than the set signal strength difference threshold to the number of all signal strength differences is larger than the set first ratio threshold. The specific value of the first proportional threshold may be self-defined according to actual needs, and may be, for example, 50%. Taking the first scale threshold as an example of 50%, if the number of messages is 3, the number of all signal strength differences is 3 (i.e., the signal strength difference between the first signal and the second signal, the signal strength difference between the second signal and the third signal, and the signal strength difference between the first signal and the third signal), and at this time, if the number of signal strength differences smaller than the set signal strength difference threshold is 2, it is considered that the condition 1 is satisfied.
3. All the signal intensity differences are smaller than the set signal intensity difference threshold value. That is, condition 1 is considered to be satisfied only if the signal strength difference between any two of the signal strengths of the plurality of messages is less than the set signal strength difference threshold.
One skilled in the art can select any one of the above three specific forms as condition 1 according to actual circumstances (e.g., an affordable amount of calculation, an affordable probability of occurrence of a recognition error, etc.).
A specific form of condition 2 may be any one of the following:
1. there is a signal direction difference that is less than a set signal direction difference threshold. That is, the condition 2 is considered to be satisfied if the signal direction difference between two signal directions among the signal directions of the plurality of messages is smaller than the set signal direction difference threshold.
2. The ratio of the number of signal direction differences smaller than the set signal direction difference threshold value to the number of all signal direction differences is larger than the set second ratio threshold value. The specific value of the second ratio threshold may be self-defined according to actual needs, and may be, for example, 50%. Taking the second proportional threshold of 50% as an example, if the number of messages is 3, the number of all signal direction differences is 3 (i.e., the signal direction difference between the first signal and the second signal, the signal direction difference between the second signal and the third signal, and the signal direction difference between the first signal and the third signal), and at this time, if the number of signal direction differences smaller than the set signal direction difference threshold is 2, it is considered that the condition 2 is satisfied.
3. All the signal direction differences are smaller than the set signal direction difference threshold value. That is, condition 2 is considered to be satisfied only if the signal direction difference between any two signal directions of the plurality of messages is smaller than the set signal direction difference threshold value.
One skilled in the art can select any one of the above three specific forms as condition 2 according to actual circumstances (e.g., an affordable amount of calculation, an affordable probability of occurrence of a recognition error, etc.).
Since the signal strength and signal direction of messages originating from the same signal transmitter are also substantially identical, messages originating from different signal transmitters on the vehicle may be selected for comparison of signal strength and/or signal direction in order to further reduce the probability of identification errors occurring (i.e., in the case where a relay attack is deemed to be present in the actual absence of a relay attack). In particular, the signal emitter to which the message corresponds may be identified by the message content of the message, and multiple messages corresponding to different signal emitters are selected for comparison of signal strength and/or signal direction.
By means of the method, whether the relay attack exists or not is judged according to the signal strength difference and/or the signal direction difference of the messages, so that the relay attack can be identified on the condition that extra hardware is not added, and the safety of a PEPS scene is improved.
The method for identifying the relay attack in the PEPS scene can be implemented on the mobile terminal and can also be implemented on the vehicle-end controller. When implemented on a mobile terminal, a mobile terminal carried by a vehicle user receives a message from an external device, detects the signal strength and/or signal direction of the message, and determines whether a relay attack is present according to the method of the present invention. When the method is implemented on the vehicle-end controller, the mobile terminal carried by a vehicle user sends the signal strength and/or the signal direction to the vehicle-end controller after receiving the message from the external equipment and detecting the signal strength and/or the signal direction of the message, and then the vehicle-end controller determines whether relay attack exists according to the method of the invention.
Those skilled in the art can understand that the method for identifying relay attack in PEPS scenario of the present invention can be applied in any manner of communication scenario, and is particularly applicable to BLE communication scenario.
It should be noted that the above description is only an example and not a limitation of the present invention. In other embodiments of the invention, the method may have more, fewer, or different steps, and the order, inclusion, or functional relationship between the steps may be different from that described and illustrated. For example, generally, steps may be combined into a single step, or a single step may be split into multiple steps. For a person skilled in the art, the sequence of the steps is not changed without creative efforts and is within the protection scope of the invention.
The technical solution of the present invention may be substantially implemented or partially implemented in the prior art, or all or part of the technical solution may be implemented in a software product, which is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor or a microcontroller to execute all or part of the steps of the method according to the embodiments of the present invention.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Although the present invention has been described with reference to the preferred embodiments, it is not to be limited thereto. Various changes and modifications within the spirit and scope of the present invention will become apparent to those skilled in the art from this disclosure, and it is intended that the scope of the present invention be defined by the appended claims.

Claims (13)

1. A method for identifying relay attacks in a PEPS scenario, the method comprising:
obtaining at least one of the following parameters for a plurality of messages: signal strength and signal direction;
determining that a relay attack is present if at least one of the following conditions is met:
condition 1: a signal strength difference between at least two of the signal strengths of the plurality of messages is less than a set signal strength difference threshold, an
Condition 2: a signal direction difference between at least two signal directions of the plurality of message signal directions is less than a set signal direction difference threshold.
2. The method of claim 1, wherein the presence of a relay attack is determined as long as either of condition 1 and condition 2 is satisfied.
3. The method of claim 1, wherein the presence of a relay attack is determined only if both condition 1 and condition 2 are satisfied.
4. The method according to claim 1, wherein the condition 1 is in particular: there is a signal strength difference that is less than a set signal strength difference threshold.
5. The method according to claim 1, wherein the condition 1 is in particular: the ratio of the number of signal strength differences smaller than the set signal strength difference threshold to the number of all signal strength differences is larger than the set first ratio threshold.
6. The method according to claim 1, wherein the condition 1 is in particular: all the signal intensity differences are smaller than the set signal intensity difference threshold value.
7. The method according to claim 1, wherein the condition 2 is in particular: there is a signal direction difference that is less than a set signal direction difference threshold.
8. The method according to claim 1, wherein the condition 2 is in particular: the ratio of the number of signal direction differences smaller than the set signal direction difference threshold value to the number of all signal direction differences is larger than the set second ratio threshold value.
9. The method according to claim 1, wherein the condition 2 is in particular: all the signal direction differences are smaller than the set signal direction difference threshold value.
10. The method of claim 1, wherein the plurality of messages correspond to different signal emitters disposed on a vehicle.
11. A computer-readable storage medium, on which a computer program is stored, the computer program comprising executable instructions that, when executed by a processor, carry out the method according to any one of claims 1 to 10.
12. A mobile terminal, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to execute the executable instructions to implement the method of any of claims 1 to 10.
13. An end-of-vehicle controller, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to execute the executable instructions to implement the method of any of claims 1 to 10.
CN202210291320.1A 2022-03-23 2022-03-23 Method and device for identifying relay attack in PEPS scene Pending CN114630329A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210291320.1A CN114630329A (en) 2022-03-23 2022-03-23 Method and device for identifying relay attack in PEPS scene

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210291320.1A CN114630329A (en) 2022-03-23 2022-03-23 Method and device for identifying relay attack in PEPS scene

Publications (1)

Publication Number Publication Date
CN114630329A true CN114630329A (en) 2022-06-14

Family

ID=81904341

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210291320.1A Pending CN114630329A (en) 2022-03-23 2022-03-23 Method and device for identifying relay attack in PEPS scene

Country Status (1)

Country Link
CN (1) CN114630329A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024055639A1 (en) * 2022-09-16 2024-03-21 上海银基信息安全技术股份有公司 Relay attack detection method and device, vehicle and medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024055639A1 (en) * 2022-09-16 2024-03-21 上海银基信息安全技术股份有公司 Relay attack detection method and device, vehicle and medium

Similar Documents

Publication Publication Date Title
CN107426285B (en) Vehicle-mounted CAN bus safety protection method and device
CN108965267B (en) Network attack processing method and device and vehicle
CN104320295B (en) CAN message method for detecting abnormality and system
CN109548027B (en) Method and device for identifying pseudo base station in mobile terminal
US10721241B2 (en) Method for protecting a vehicle network against manipulated data transmission
US20110153855A1 (en) Method of defending against battery exhaustion attack and wireless communication device and recording medium using the method
EP2611226B1 (en) Processing method and system for over-the-air bootstrap
US20200183373A1 (en) Method for detecting anomalies in controller area network of vehicle and apparatus for the same
US11916904B2 (en) Electronic control unit and communication system
KR20210075458A (en) Control method, device and program of intrusion detection system based on can id filtering
CN114630329A (en) Method and device for identifying relay attack in PEPS scene
CN110189452B (en) Vehicle key access processing method, device and system and vehicle
KR102204655B1 (en) A mitigation method against message flooding attacks for secure controller area network by predicting attack message retransfer time
CN106255224B (en) Channel access method and device of wireless network
US11012453B2 (en) Method for protecting a vehicle network against manipulated data transmission
CN105848157B (en) Method for determining non-secure short message and electronic equipment
US20240031404A1 (en) Counterattack method against hacked node in can bus physical layer, physical layer security method with can bus node id auto-setting, and recording medium and system for performing the method
CN114567456A (en) Method for checking messages in a communication system
JP4840286B2 (en) RFID tag reader
KR102204656B1 (en) A mitigation system against message flooding attacks for secure controller area network by predicting transfer delay of normal can message
JP2018166309A (en) In-vehicle network system, electronic control device, communication method and computer program
CN113489556A (en) Signal receiving method, signal receiving device, electronic equipment and storage medium
KR102456506B1 (en) Counterattack method against hacked node in can bus physical layer, recording medium and system for performing the method
US20220394470A1 (en) Method and control unit for detecting unauthorised data traffic in a packet-oriented data network of a motor vehicle, and corresponding motor vehicle
US8410900B2 (en) Method for processing received event message

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination