CN114630329A - Method and device for identifying relay attack in PEPS scene - Google Patents
Method and device for identifying relay attack in PEPS scene Download PDFInfo
- Publication number
- CN114630329A CN114630329A CN202210291320.1A CN202210291320A CN114630329A CN 114630329 A CN114630329 A CN 114630329A CN 202210291320 A CN202210291320 A CN 202210291320A CN 114630329 A CN114630329 A CN 114630329A
- Authority
- CN
- China
- Prior art keywords
- signal
- condition
- signal strength
- difference threshold
- signal direction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/65—Environment-dependent, e.g. using captured environmental data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
Abstract
The invention discloses a method for identifying relay attack in a PEPS scene, which comprises the following steps: obtaining at least one of the following parameters for a plurality of messages: signal strength and signal direction; determining that a relay attack is present if at least one of the following conditions is met: condition 1: a signal strength difference between at least two signal strengths of the plurality of messages is less than a set signal strength difference threshold, condition 2: the signal direction difference between at least two of the signal directions of the plurality of messages is less than the set signal direction difference threshold. By the method, whether the relay attack exists or not is judged according to the signal strength difference and/or the signal direction difference of the messages, so that the relay attack can be identified on the condition of not adding extra hardware, and the safety of a PEPS scene is improved.
Description
Technical Field
The invention relates to the technical field of automobiles and communication, in particular to a method and equipment for identifying relay attack in a PEPS scene.
Background
In a PEPS (Passive Entry Passive Start) scenario, wireless communication is performed between an end-of-vehicle controller (e.g., an ECU (Electronic Control Unit)) disposed on a vehicle and a mobile terminal (e.g., a smart key or a smart phone) carried by a vehicle user, so as to achieve functions of authorization for Entry and Start, monitoring a vehicle user orientation, controlling opening and closing of a vehicle door, ignition of the vehicle, and the like, thereby replacing a conventional mechanical key of the vehicle. Fig. 1 shows a common PEPS scenario, as shown in fig. 1, a plurality of antennas 3 are disposed on a vehicle 1, and a wireless communication connection is established between the vehicle 1 and a mobile terminal 2 through BLE (Bluetooth Low Energy) technology.
However, the PEPS scenario has a potential vulnerability to attack, namely relay attack. Fig. 2 shows a schematic diagram of a relay attack, in which an attacker places a relay device a near a vehicle 1 to function as a simulator of a mobile terminal 2 and a relay device B near a vehicle user to function as a simulator of a vehicle-end controller in a scenario where the vehicle user (carrying the mobile terminal 2) is far away from the vehicle, and communication is performed between the relay device a and the relay device B via a wireless link. During a relay attack, the relay device a and the relay device B do not have to understand the contents of messages sent by the mobile terminal and the vehicle-end controller. The relay device a and the relay device B only need to receive a message on one side and reproduce the message as it is on the other side, so that the vehicle-end controller and the mobile terminal carried by the vehicle user can mistakenly assume that the other is nearby and establish wireless communication, thereby achieving an aggressive behavior of unlocking and starting the vehicle.
Disclosure of Invention
The present invention is based on the idea of providing a method and an apparatus for identifying a relay attack in a PEPS scenario, thereby solving the above-mentioned problems in the prior art.
The embodiment of the invention provides a method for identifying relay attack in a PEPS scene, which comprises the following steps:
obtaining at least one of the following parameters for a plurality of messages: signal strength and signal direction;
determining that a relay attack is present if at least one of the following conditions is met:
condition 1: a signal strength difference between at least two of the signal strengths of the plurality of messages is less than a set signal strength difference threshold, an
Condition 2: a signal direction difference between at least two signal directions of the plurality of message signal directions is less than a set signal direction difference threshold.
Alternatively, as long as either of the condition 1 and the condition 2 is satisfied, it is determined that the relay attack exists.
Alternatively, only if both of the condition 1 and the condition 2 are satisfied, it is determined that the relay attack exists.
Optionally, the condition 1 is specifically: there is a signal strength difference that is less than the set signal strength difference threshold.
Optionally, the condition 1 is specifically: the ratio of the number of signal strength differences smaller than the set signal strength difference threshold to the number of all signal strength differences is larger than the set first ratio threshold.
Optionally, the condition 1 is specifically: all the signal intensity differences are smaller than the set signal intensity difference threshold value.
Optionally, the condition 2 is specifically: there is a signal direction difference that is less than a set signal direction difference threshold.
Optionally, the condition 2 is specifically: the ratio of the number of signal direction differences smaller than the set signal direction difference threshold value to the number of all signal direction differences is larger than the set second ratio threshold value.
Optionally, the condition 2 is specifically: all the signal direction differences are smaller than the set signal direction difference threshold value.
Optionally, the plurality of messages correspond to different signal transmitters provided on the vehicle.
According to another aspect of the invention, a computer-readable storage medium is proposed, on which a computer program is stored, the computer program comprising executable instructions which, when executed by a processor, carry out the method as described above.
According to still another aspect of the present invention, there is provided a mobile terminal including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to execute the executable instructions to implement the method as described above.
According to still another aspect of the present invention, there is provided an end controller including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to execute the executable instructions to implement the method as described above.
The method and the equipment for identifying the relay attack in the PEPS scene at least have the following advantages that:
in the invention, whether the relay attack exists is judged according to the signal strength difference and/or the signal direction difference of the messages, so that the relay attack can be identified on the condition of not increasing additional hardware, and the safety of a PEPS scene is improved.
Drawings
Further details and advantages of the present invention will become apparent from the detailed description provided hereinafter. It is to be understood that the following drawings are merely illustrative and not drawn to scale and are not to be considered limiting of the application, the detailed description being made with reference to the accompanying drawings, in which:
fig. 1 shows a common PEPS scenario.
Fig. 2 shows a schematic diagram of a relay attack.
Fig. 3 shows a flowchart of a method for identifying a relay attack in a PEPS scenario according to one embodiment of the present invention.
Detailed Description
Embodiments of the present invention are described below with reference to the drawings. In the following description, numerous specific details are set forth in order to provide a thorough understanding of, and enabling description for, those skilled in the art. It will be apparent, however, to one skilled in the art that the present invention may be practiced without some of these specific details. Furthermore, it should be understood that the invention is not limited to specific described embodiments. Rather, any combination of the features and elements described below is contemplated as carrying out the invention, whether or not they relate to different embodiments. Thus, the following aspects, features, embodiments and advantages are merely illustrative and are not considered elements or limitations of the claims except where explicitly recited in a claim.
The method for identifying the relay attack in the PEPS scene is mainly based on the following principle:
in a normal PEPS, messages received by the mobile terminal originate from multiple signal transmitters (e.g., multiple antennas) disposed at different locations of the vehicle, and therefore, the signal strength difference and the signal direction difference between different messages may be relatively large. In contrast, when there is a relay attack, the messages received by the mobile terminal are all forwarded by the same relay device (e.g., relay device B in fig. 2), and the signal strength and signal direction of the messages transmitted by the relay device are substantially the same. Therefore, a signal strength difference threshold and/or a signal direction difference threshold may be set, and when the mobile terminal receives a signal strength difference between a plurality of messages that is less than the set signal strength difference threshold and/or a signal direction difference between a plurality of messages that is less than the set signal direction difference threshold, it is determined that a relay attack is present.
Referring now to fig. 3, a flowchart of a method for identifying a relay attack in a PEPS scenario is shown in accordance with an embodiment of the present invention. As shown in fig. 3, the method for identifying relay attack in PEPS scenario of the present invention comprises the following steps:
step S301, acquiring at least one of the following parameters of a plurality of messages: signal strength and signal direction.
The Signal Strength of the message may be an RSSI (Received Signal Strength Indication) value. The signal direction of the message may be an Angle-of-Arrival (AoA) value. The multiple messages may be sent from the same MAC (Medium Access Control) address in different timeslots, or may be messages from different MAC addresses. Due to the existence of noise, the relevant signals need to be filtered to remove the noise, so that the accuracy and the stationarity of the acquired signal strength and signal direction are ensured.
Step S302, determining that a relay attack exists if at least one of the following conditions is satisfied: condition 1: a signal strength difference between at least two signal strengths of the plurality of messages is less than a set signal strength difference threshold; condition 2: the signal direction difference between at least two of the signal directions of the plurality of messages is less than the set signal direction difference threshold.
In the first embodiment, it may be determined that a relay attack exists in the case where either one of the conditions 1 and 2 is satisfied, that is, in the case where a signal strength difference between at least two signal strengths is smaller than a set signal strength difference threshold value or a signal direction difference between at least two signal directions is smaller than a set signal direction difference threshold value, it may be considered that a relay attack exists. The specific values of the signal strength difference threshold and the signal direction difference threshold can be self-defined according to actual needs.
In the second embodiment, it is determined that a relay attack exists only in the case where both of the condition 1 and the condition 2 are satisfied. That is, a relay attack is considered to be present in the case where the signal strength difference between at least two signal strengths is less than a set signal strength difference threshold and the signal direction difference between at least two signal directions is less than a set signal direction difference threshold. The specific values of the signal strength difference threshold and the signal direction difference threshold can be self-defined according to actual needs.
The skilled person can select one of the first and second embodiments described above depending on the actual situation. The amount of calculation required with the first embodiment is smaller than that with the second embodiment, but the probability of occurrence of a recognition error with the second embodiment (i.e., the relay attack is considered to be present in the case where there is no relay attack in reality) is smaller than that with the first embodiment.
A specific form of condition 1 may be any one of the following:
1. there is a signal strength difference that is less than the set signal strength difference threshold. That is, the condition 1 is considered to be satisfied as long as the signal strength difference between two signal strengths among the signal strengths of the plurality of messages is smaller than the set signal strength difference threshold.
2. The ratio of the number of signal strength differences smaller than the set signal strength difference threshold to the number of all signal strength differences is larger than the set first ratio threshold. The specific value of the first proportional threshold may be self-defined according to actual needs, and may be, for example, 50%. Taking the first scale threshold as an example of 50%, if the number of messages is 3, the number of all signal strength differences is 3 (i.e., the signal strength difference between the first signal and the second signal, the signal strength difference between the second signal and the third signal, and the signal strength difference between the first signal and the third signal), and at this time, if the number of signal strength differences smaller than the set signal strength difference threshold is 2, it is considered that the condition 1 is satisfied.
3. All the signal intensity differences are smaller than the set signal intensity difference threshold value. That is, condition 1 is considered to be satisfied only if the signal strength difference between any two of the signal strengths of the plurality of messages is less than the set signal strength difference threshold.
One skilled in the art can select any one of the above three specific forms as condition 1 according to actual circumstances (e.g., an affordable amount of calculation, an affordable probability of occurrence of a recognition error, etc.).
A specific form of condition 2 may be any one of the following:
1. there is a signal direction difference that is less than a set signal direction difference threshold. That is, the condition 2 is considered to be satisfied if the signal direction difference between two signal directions among the signal directions of the plurality of messages is smaller than the set signal direction difference threshold.
2. The ratio of the number of signal direction differences smaller than the set signal direction difference threshold value to the number of all signal direction differences is larger than the set second ratio threshold value. The specific value of the second ratio threshold may be self-defined according to actual needs, and may be, for example, 50%. Taking the second proportional threshold of 50% as an example, if the number of messages is 3, the number of all signal direction differences is 3 (i.e., the signal direction difference between the first signal and the second signal, the signal direction difference between the second signal and the third signal, and the signal direction difference between the first signal and the third signal), and at this time, if the number of signal direction differences smaller than the set signal direction difference threshold is 2, it is considered that the condition 2 is satisfied.
3. All the signal direction differences are smaller than the set signal direction difference threshold value. That is, condition 2 is considered to be satisfied only if the signal direction difference between any two signal directions of the plurality of messages is smaller than the set signal direction difference threshold value.
One skilled in the art can select any one of the above three specific forms as condition 2 according to actual circumstances (e.g., an affordable amount of calculation, an affordable probability of occurrence of a recognition error, etc.).
Since the signal strength and signal direction of messages originating from the same signal transmitter are also substantially identical, messages originating from different signal transmitters on the vehicle may be selected for comparison of signal strength and/or signal direction in order to further reduce the probability of identification errors occurring (i.e., in the case where a relay attack is deemed to be present in the actual absence of a relay attack). In particular, the signal emitter to which the message corresponds may be identified by the message content of the message, and multiple messages corresponding to different signal emitters are selected for comparison of signal strength and/or signal direction.
By means of the method, whether the relay attack exists or not is judged according to the signal strength difference and/or the signal direction difference of the messages, so that the relay attack can be identified on the condition that extra hardware is not added, and the safety of a PEPS scene is improved.
The method for identifying the relay attack in the PEPS scene can be implemented on the mobile terminal and can also be implemented on the vehicle-end controller. When implemented on a mobile terminal, a mobile terminal carried by a vehicle user receives a message from an external device, detects the signal strength and/or signal direction of the message, and determines whether a relay attack is present according to the method of the present invention. When the method is implemented on the vehicle-end controller, the mobile terminal carried by a vehicle user sends the signal strength and/or the signal direction to the vehicle-end controller after receiving the message from the external equipment and detecting the signal strength and/or the signal direction of the message, and then the vehicle-end controller determines whether relay attack exists according to the method of the invention.
Those skilled in the art can understand that the method for identifying relay attack in PEPS scenario of the present invention can be applied in any manner of communication scenario, and is particularly applicable to BLE communication scenario.
It should be noted that the above description is only an example and not a limitation of the present invention. In other embodiments of the invention, the method may have more, fewer, or different steps, and the order, inclusion, or functional relationship between the steps may be different from that described and illustrated. For example, generally, steps may be combined into a single step, or a single step may be split into multiple steps. For a person skilled in the art, the sequence of the steps is not changed without creative efforts and is within the protection scope of the invention.
The technical solution of the present invention may be substantially implemented or partially implemented in the prior art, or all or part of the technical solution may be implemented in a software product, which is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor or a microcontroller to execute all or part of the steps of the method according to the embodiments of the present invention.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Although the present invention has been described with reference to the preferred embodiments, it is not to be limited thereto. Various changes and modifications within the spirit and scope of the present invention will become apparent to those skilled in the art from this disclosure, and it is intended that the scope of the present invention be defined by the appended claims.
Claims (13)
1. A method for identifying relay attacks in a PEPS scenario, the method comprising:
obtaining at least one of the following parameters for a plurality of messages: signal strength and signal direction;
determining that a relay attack is present if at least one of the following conditions is met:
condition 1: a signal strength difference between at least two of the signal strengths of the plurality of messages is less than a set signal strength difference threshold, an
Condition 2: a signal direction difference between at least two signal directions of the plurality of message signal directions is less than a set signal direction difference threshold.
2. The method of claim 1, wherein the presence of a relay attack is determined as long as either of condition 1 and condition 2 is satisfied.
3. The method of claim 1, wherein the presence of a relay attack is determined only if both condition 1 and condition 2 are satisfied.
4. The method according to claim 1, wherein the condition 1 is in particular: there is a signal strength difference that is less than a set signal strength difference threshold.
5. The method according to claim 1, wherein the condition 1 is in particular: the ratio of the number of signal strength differences smaller than the set signal strength difference threshold to the number of all signal strength differences is larger than the set first ratio threshold.
6. The method according to claim 1, wherein the condition 1 is in particular: all the signal intensity differences are smaller than the set signal intensity difference threshold value.
7. The method according to claim 1, wherein the condition 2 is in particular: there is a signal direction difference that is less than a set signal direction difference threshold.
8. The method according to claim 1, wherein the condition 2 is in particular: the ratio of the number of signal direction differences smaller than the set signal direction difference threshold value to the number of all signal direction differences is larger than the set second ratio threshold value.
9. The method according to claim 1, wherein the condition 2 is in particular: all the signal direction differences are smaller than the set signal direction difference threshold value.
10. The method of claim 1, wherein the plurality of messages correspond to different signal emitters disposed on a vehicle.
11. A computer-readable storage medium, on which a computer program is stored, the computer program comprising executable instructions that, when executed by a processor, carry out the method according to any one of claims 1 to 10.
12. A mobile terminal, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to execute the executable instructions to implement the method of any of claims 1 to 10.
13. An end-of-vehicle controller, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to execute the executable instructions to implement the method of any of claims 1 to 10.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210291320.1A CN114630329A (en) | 2022-03-23 | 2022-03-23 | Method and device for identifying relay attack in PEPS scene |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210291320.1A CN114630329A (en) | 2022-03-23 | 2022-03-23 | Method and device for identifying relay attack in PEPS scene |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114630329A true CN114630329A (en) | 2022-06-14 |
Family
ID=81904341
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210291320.1A Pending CN114630329A (en) | 2022-03-23 | 2022-03-23 | Method and device for identifying relay attack in PEPS scene |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114630329A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2024055639A1 (en) * | 2022-09-16 | 2024-03-21 | 上海银基信息安全技术股份有公司 | Relay attack detection method and device, vehicle and medium |
-
2022
- 2022-03-23 CN CN202210291320.1A patent/CN114630329A/en active Pending
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2024055639A1 (en) * | 2022-09-16 | 2024-03-21 | 上海银基信息安全技术股份有公司 | Relay attack detection method and device, vehicle and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107426285B (en) | Vehicle-mounted CAN bus safety protection method and device | |
CN108965267B (en) | Network attack processing method and device and vehicle | |
CN104320295B (en) | CAN message method for detecting abnormality and system | |
CN109548027B (en) | Method and device for identifying pseudo base station in mobile terminal | |
US10721241B2 (en) | Method for protecting a vehicle network against manipulated data transmission | |
US20110153855A1 (en) | Method of defending against battery exhaustion attack and wireless communication device and recording medium using the method | |
EP2611226B1 (en) | Processing method and system for over-the-air bootstrap | |
US20200183373A1 (en) | Method for detecting anomalies in controller area network of vehicle and apparatus for the same | |
US11916904B2 (en) | Electronic control unit and communication system | |
KR20210075458A (en) | Control method, device and program of intrusion detection system based on can id filtering | |
CN114630329A (en) | Method and device for identifying relay attack in PEPS scene | |
CN110189452B (en) | Vehicle key access processing method, device and system and vehicle | |
KR102204655B1 (en) | A mitigation method against message flooding attacks for secure controller area network by predicting attack message retransfer time | |
CN106255224B (en) | Channel access method and device of wireless network | |
US11012453B2 (en) | Method for protecting a vehicle network against manipulated data transmission | |
CN105848157B (en) | Method for determining non-secure short message and electronic equipment | |
US20240031404A1 (en) | Counterattack method against hacked node in can bus physical layer, physical layer security method with can bus node id auto-setting, and recording medium and system for performing the method | |
CN114567456A (en) | Method for checking messages in a communication system | |
JP4840286B2 (en) | RFID tag reader | |
KR102204656B1 (en) | A mitigation system against message flooding attacks for secure controller area network by predicting transfer delay of normal can message | |
JP2018166309A (en) | In-vehicle network system, electronic control device, communication method and computer program | |
CN113489556A (en) | Signal receiving method, signal receiving device, electronic equipment and storage medium | |
KR102456506B1 (en) | Counterattack method against hacked node in can bus physical layer, recording medium and system for performing the method | |
US20220394470A1 (en) | Method and control unit for detecting unauthorised data traffic in a packet-oriented data network of a motor vehicle, and corresponding motor vehicle | |
US8410900B2 (en) | Method for processing received event message |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |