CN116939614A - Method and device for detecting and defending automobile relay attack - Google Patents

Method and device for detecting and defending automobile relay attack Download PDF

Info

Publication number
CN116939614A
CN116939614A CN202310917548.1A CN202310917548A CN116939614A CN 116939614 A CN116939614 A CN 116939614A CN 202310917548 A CN202310917548 A CN 202310917548A CN 116939614 A CN116939614 A CN 116939614A
Authority
CN
China
Prior art keywords
signal
frequency
relay attack
signals
abnormal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310917548.1A
Other languages
Chinese (zh)
Inventor
鲁辉
田志宏
郑镛
伍郭成
张曼
周厚霖
张宇恒
苏申
孙彦斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou University
Original Assignee
Guangzhou University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou University filed Critical Guangzhou University
Priority to CN202310917548.1A priority Critical patent/CN116939614A/en
Publication of CN116939614A publication Critical patent/CN116939614A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/60Jamming involving special techniques
    • H04K3/62Jamming involving special techniques by exposing communication, processing or storing systems to electromagnetic wave radiation, e.g. causing disturbance, disruption or damage of electronic circuits, or causing external injection of faults in the information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/80Jamming or countermeasure characterized by its function
    • H04K3/82Jamming or countermeasure characterized by its function related to preventing surveillance, interception or detection
    • H04K3/825Jamming or countermeasure characterized by its function related to preventing surveillance, interception or detection by jamming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The embodiment of the specification provides a method and a device for detecting and defending an automobile relay attack, wherein the method comprises the following steps: detecting an abnormal signal by a signal receiver; decoding the abnormal signal, identifying a signal lead code in the decoded abnormal signal, and confirming that relay attack exists around the vehicle according to the signal lead code; the driving signal jammer transmits an interference signal to prevent relay attack. The method and the device can finish detection of relay attack behavior without changing in-vehicle hardware and updating firmware. And detection and defense of relay attack are realized.

Description

Method and device for detecting and defending automobile relay attack
Technical Field
The present document relates to the field of computer technologies, and in particular, to a method and apparatus for detecting and defending an automobile relay attack.
Background
The technology of wireless signal relay attack has long been, and is mainly applied to PEPS (Passive Entry Passive Start, keyless entry and start) scenes of intelligent network-connected automobiles. The keyless entry and start system of the automobile mainly uses RFID (Radio Frequency Identification ) technology. An RFID system mainly comprises three elements, namely a tag, a reader and an antenna. After the Tag approaches the reader, the Tag receives the radio frequency signal sent by the reader, the product information (Passive Tag or Passive Tag) stored in the chip is sent out by the energy obtained by the induced current, or the Tag actively sends a signal (Active Tag or Active Tag) with a certain frequency, the reader reads the information and decodes the information and then sends the information to the central information system for relevant data processing, and the PEPS system utilizes the principle. When the vehicle owner brings the vehicle key close to the door handle of the vehicle, an ECU (Electronic Control Unit ) in the vehicle communicates wirelessly with the vehicle key. At this point the vehicle will issue a 125KHz wake-up signal with a preamble to wake up the key. After receiving the 125KHz low-frequency signal, the key can check the data carried by the signal, and after passing the check, the key can send an encrypted unlocking instruction signal to the vehicle, and the frequency of the signal is generally stabilized at about 315MHz or 433 MHz. When the vehicle receives the unlocking signal, the ECU executes corresponding unlocking actions. The principle of keyless start-up and keyless entry is similar, both based on identification technology of radio frequency signals to accomplish the communication interaction, but keyless start-up may require more complex communication procedures.
The PEPS system greatly facilitates unlocking and starting of the automobile by an automobile owner, but has potential safety problems, namely relay attack of wireless signals. The transmission distance of the known 125KHz signal is only about 1-2m, namely, the PEPS system can be effective in 1-2m in theory, and the automobile cannot be unlocked and started normally when the automobile key leaves the range. However, if an attempt is made to forward and amplify this low frequency signal, the effective range of the PEPS system can be extended thereby. The relay attack is essentially a process of carrying signals, which is to forward the wake-up signal sent by the automobile by using high-power signal transmitting equipment, modulate and demodulate the signal and transmit the signal to a remote key for analysis. The attack mode needs two or more attackers to cooperate, wherein an attacker A carries decoding sensing equipment close to a vehicle owner, and an attacker B carries another equipment to stand on the side of a door of a target vehicle. When a car owner gets off a car lock door to go to public places such as supermarkets and markets, an attacker A can track and approach the car owner, a decoding induction device carried on the attacker A can acquire a digital code emitted by a car key and then transmit the digital code to an attacker B on the car side through a high-power repeater, and a decoding system on the waiting car can mistakenly take the decoding induction device carried on the attacker B as a car key, so that the attacker B can easily open the car door and even drive the car away.
The implementation modes of the relay attack are roughly classified into three modes of wired relay, mixed relay and high-frequency modulation relay. The wired relay is to connect two 125KHz loop antennas with a relay cable, the two antennas are respectively responsible for transmitting and receiving 125KHz automobile wake-up signals, and the relay cable is responsible for signal transmission. Although this method can complete the signal relay, the attack cost required by directly pulling one cable is high, and a series of factors such as antenna quality, cable length and the like are considered, so that the final relay effect is not satisfactory, and therefore, an attacker does not choose to realize the relay in this way. The mixing relay is realized by a wireless signal transmission mode, and the low-frequency signal in the vehicle is transmitted through a special radio frequency link, so that the delay is minimum. This link consists of two parts, a transmitter and a receiver. After the transmitter captures the low frequency signal, it will up-convert this signal to a high frequency signal at the frequency of 2.4 GHz. The 2.4GHz signal obtained in this way is amplified and transmitted over the air. The other side receives the signal from the receiver and down-converts it to the original low frequency signal. This low frequency signal is then amplified again and sent to a loop low frequency antenna which completely reproduces the signal emitted by the car. The scheme utilizes the concept of frequency mixing conversion of analog signals, can enable an attacker to reach larger relay distance of transmission and reception, and simultaneously keeps the scale, power consumption and cost of the attack at a lower level. However, the implementation of this relay device requires a lot of theoretical knowledge of analog circuits, and how to deal with the details of the mixing is an important problem, and its flexibility is poor, and it cannot be dynamically adjusted by programming.
Therefore, the currently mainstream relay attack mode is also to utilize the scheme of controlling the chip module by the MCU (Microcontroller Unit; micro control unit) to realize the relay attack. One such solution is a low cost wireless car unlocking tool, which can be used to implement relay attacks. The specific scheme is that the relay attack equipment is built by using the AS3933+CC1101+EM4095 chips, the relay attack equipment is controlled by using the MCU, the register configuration is modified to adjust the working mode of the chips, and finally the signal amplification and forwarding function is realized. The specific principle is that an AS3933 module is used for receiving a low-frequency wake-up signal sent by an automobile, and receiving the signal AS a digital signal for processing by an MCU. After receiving the corresponding signal, the MCU drives the CC1101 module to emit high-frequency electromagnetic waves. The CC1101 module has three selectable operating frequency bands, including 433Mhz, 868Mhz, and 915Mhz, which are also common frequency bands. Since 433Mhz may collide with the key signal operating frequency, it is generally chosen to modulate the low frequency wake-up signal to a frequency band of 868Mhz or 915Mhz, and transmit the wake-up signal to a remote location through high frequency signaling. And the other end of the relay equipment is close to the key, the CC1101 module is driven by the MCU to set into a carrier monitoring mode, the digital signal is demodulated after the carrier is monitored, and then the digital signal is sent to the EM4095 module by the MCU, and the module is used for simulating and sending the 125KHz low-frequency signal. Through the signal amplifying and forwarding process, namely, the automobile wake-up signal is carried around the key, the action range of the automobile keyless entry and starting system is enlarged. This scheme is a relay attack scheme that is widely used in the prior art.
There are many methods for identifying relay attack in PEPS scene at present, such as the latest UWB (Ultra Wide Band) smart key, which reduces the authentication delay to ns level, and can measure the distance between the car key and the car according to the duration of signal operation, and the positioning accuracy is high. The existing relay attack equipment cannot solve the time delay problem and the positioning deception problem, so the UWB technology also basically eliminates the possibility of relay attack. In addition, still other scholars have studied more defense schemes. For example, a plurality of radio frequency receivers outside the vehicle are mobilized, and whether relay attack is suffered or not is judged by comparing the signal strength difference and the signal direction difference of signals received by the plurality of receivers. Also, techniques using time-of-flight and radio frequency fingerprinting are used to compare it to normal values to verify if a relay attack is being suffered.
Although there are many prior art techniques for defending against relay attacks, many measures require vehicle return to the factory for reprocessing, including firmware updates to the PEPS system control host. UWB smart keys, although currently the most effective defense, are limited by technical and cost reasons and have not been widely used. Existing methods such as adding positioning information and adding more judgment conditions to detect relay attack all require that the vehicle be returned to the factory for upgrading, which requires huge manpower and financial cost. Even though newly produced vehicles may improve this technology to defend against potential relay attack threats, intelligent networked automobiles with PEPS systems have been produced and put into service, which are difficult to defend against by the prior art.
In contrast, for the threat of relay attack, automobile manufacturers propose to add a metal shielding box outside in the case that the key is not used, and then take the box out of the box. While this approach may be effective in defending against relay attacks, it also defeats the purpose of the PEPS system, while defending against relay attacks, it also discards the convenience of the PEPS system.
Furthermore, although the prior art proposes a method for detecting a relay attack of an automobile, there are few references as to what kind of emergency defensive measures should be performed after detection. If the automobile suffers from relay attack, the automobile can be unlocked and driven away by an attacker within a few seconds, and even if the attack behavior is detected, the automobile owner is informed of the attack behavior. Therefore, how to solve the problem is to ensure the vehicle to the greatest extent against the threat of relay attack without changing the vehicle control host and returning the vehicle to the factory.
Disclosure of Invention
The invention aims to provide a method and a device for detecting and defending an automobile relay attack, and aims to solve the problems in the prior art.
The invention provides a method for detecting and defending an automobile relay attack, which comprises the following steps:
detecting an abnormal signal by a signal receiver;
decoding the abnormal signal, identifying a signal lead code in the decoded abnormal signal, and confirming that relay attack exists around the vehicle according to the signal lead code;
the driving signal jammer transmits an interference signal to prevent relay attack.
The invention provides a detection and defending device for an automobile relay attack, which comprises the following components:
a signal receiver for detecting an abnormal signal;
the identification module is used for decoding the abnormal signals, identifying signal lead codes in the decoded abnormal signals and confirming that relay attack exists around the vehicle according to the signal lead codes;
and the signal jammer is used for transmitting an interference signal and preventing relay attack.
According to the embodiment of the invention, according to the principle of relay attack, the behavior characteristics such as relay signal frequency and a preamble are extracted to carry out relevant judgment so as to finish detection of relay attack behavior under the condition of not changing in-vehicle hardware and updating firmware. After the attack behavior is detected, the radio frequency signal with the same frequency as the car key is immediately sent to perform the same-frequency interference blocking, so that the detection and the defense of relay attack are realized.
Drawings
For a clearer description of one or more embodiments of the present description or of the solutions of the prior art, the drawings that are necessary for the description of the embodiments or of the prior art will be briefly described, it being apparent that the drawings in the description that follow are only some of the embodiments described in the description, from which, for a person skilled in the art, other drawings can be obtained without inventive faculty.
FIG. 1 is a flow chart of a method for detecting and defending an automobile relay attack according to an embodiment of the present invention;
FIG. 2 is a basic schematic of a keyless entry and start-up system according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of an exemplary relay attack of an embodiment of the present invention;
FIG. 4 is a schematic diagram of relay attack detection and defense according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a signal receiver according to an embodiment of the invention;
fig. 6 is a schematic diagram of preamble identification according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of a signal disruptor according to an embodiment of the invention;
FIG. 8 is an overall flow chart of a test defense of an embodiment of the present invention;
fig. 9 is a schematic diagram of a device for detecting and defending an automobile relay attack according to an embodiment of the present invention.
Detailed Description
In order to enable a person skilled in the art to better understand the technical solutions in one or more embodiments of the present specification, the technical solutions in one or more embodiments of the present specification will be clearly and completely described below with reference to the drawings in one or more embodiments of the present specification, and it is obvious that the described embodiments are only some embodiments of the present specification, not all embodiments. All other embodiments, which can be made by one or more embodiments of the present disclosure without inventive faculty, are intended to be within the scope of the present disclosure.
Method embodiment
According to the embodiment of the invention, the technical problems to be solved by the method for detecting and defending the automobile relay attack are as follows:
1. under the condition that the vehicle is not subjected to firmware updating and factory returning updating, the detection and protection equipment aiming at the automobile relay attack is designed, and the detection and protection equipment can be suitable for any vehicle type carrying the PEPS system. Therefore, the relay attack process is analyzed, and the characteristics of the relay signal are determined to realize detection;
2. in order to solve the time delay problem in the authentication of the automobile and the automobile key, the relay attack generally modulates the low-frequency signal to the high-frequency signal for transmission, and the frequency of the abnormal high-frequency signal can be determined by using a spectrum analysis method so as to determine the existence of the relay attack. However, the spectrum analysis also requires time, and if the method is added, even if a relay attack can be detected, the method is difficult to block in a short time;
3. if the vehicle is in a high-frequency environment, the relay attack is judged only by a frequency detection mode, so that misjudgment is easy to be caused, and normal use of a vehicle owner is influenced;
4. after the attack behavior is detected, the most effective blocking mode in a very short time is to transmit the same-frequency signal to interfere, but the interference effect is to be considered.
Fig. 1 is a flowchart of a method for detecting and defending an automobile relay attack according to an embodiment of the present invention, as shown in fig. 1, where the method for detecting and defending an automobile relay attack according to an embodiment of the present invention specifically includes:
step S101, detecting an abnormal signal through a signal receiver; specifically, abnormal signals are detected at 868MHz, 915MHz, and 2.4GHz, respectively, by a 868MHz frequency signal receiving module, 915MHz frequency signal receiving module, and a 2.4GHz frequency signal receiving module in the signal receiver.
Step S102, decoding the abnormal signal, identifying a signal lead code in the decoded abnormal signal, and confirming that relay attack exists around the vehicle according to the signal lead code; the method specifically comprises the following steps:
and decoding the abnormal signal, marking the signal after detecting the signal at the beginning of 10101010, tracking a plurality of subsequent 10101010 bytes until the frame delimiter of 11 appears, and judging the signal as the signal preamble if the complete signal characteristic appears.
And responding to the operation of triggering the keyless entry system of the vehicle, continuously sending out a 125KHz low-frequency wake-up signal, when a switch of a 125KHz frequency signal receiver is opened, receiving the 125KHz vehicle wake-up signal around the 125KHz frequency signal receiver, storing and comparing the received multiple vehicle wake-up signals, and if the signal lead codes and frame delimiters of the multiple vehicle wake-up signals are detected to be the same, determining the specific format of the lead codes in the vehicle wake-up signals.
Step S103, the driving signal jammer transmits an interference signal to prevent relay attack. The method specifically comprises the following steps:
driving the 433MHz frequency transmitting module and the 315MHz frequency transmitting module to transmit interference signals at 433MHz and 315MHz respectively, so as to prevent relay attack behavior;
and acquiring a remote signal interference closing function request of a user through a networking switch module, and closing the driving signal interference device.
In summary, the beneficial effects of the embodiment of the invention are as follows:
the identification of common frequency signals can be realized, and key signals are judged according to the characteristics of the lead codes; the automobile is not required to be changed, and the defending method can be universally used for all automobile types carrying the PEPS system; after the attack behavior is detected, the signal blocking defense measures with the same-frequency interference are adopted, so that the relay attack can be effectively defended; the user can realize the active control of the equipment, close the defensive measure by networking, and avoid influencing the normal communication of workshops.
The above technical solutions of the embodiments of the present invention are described in detail below with reference to the accompanying drawings.
Fig. 2 is a basic schematic diagram of a keyless entry and start system according to an embodiment of the present invention, where an automobile normally sends a 125KHz low-frequency wake-up signal, and may wake up a 433MHz or 315MHz unlock signal sent back by a key to complete interactive communication. However, due to the limited transmission distance of the low-frequency signals, the interactive scene can only be maintained at a distance of about 1 meter from the vehicle. This system thus allows the user to walk near the car with the key, enter and start the vehicle. However, the system has a loophole of low-frequency signal relay amplification and forwarding, and an attacker can amplify and forward the low-frequency signal and carry the low-frequency signal around a key, so that the original acting distance of the system is enlarged. As shown in fig. 3, a typical relay attack is to modulate a low frequency signal to a common high frequency band, such as 868MHz and 915MHz, and relay device a is used to read 125KHz data and forward the modulation. And the relay device B restores the data carried by the signals to 125KHz after receiving the forwarded high-frequency signals. After the key receives the restored signal, the key still responds to the 433MHz or 315MHz unlocking signal to complete interactive communication, thereby completing the whole amplification and forwarding relay attack process. The embodiment of the invention aims at detecting and defending the attack mode. The method specifically comprises the following steps:
s1: the embodiment of the invention detects and defends by capturing the signal characteristics of the relay attack, so a signal receiver needs to be arranged to capture the abnormal signal in the air. The embodiment of the invention takes the frequency characteristics of the signals and the carried data thereof as judgment points, so that the frequency of the signals which need to be received and judged is firstly determined, and the corresponding signal receiving module is assisted to complete the works. As shown in fig. 5, the signal receiver includes signal receiving modules with three frequencies of 868MHz, 915MHz and 2.4 GHz. This is the three most commonly used high frequency bands in ISM (industrial, scientific and medical) and SRD (short range device), and the present method picks up these frequencies for detection as a typical example.
S11: the 868MHz signal receiving module shown in fig. 5 may be designed with a CC1101 chip. The CC1101 chip is operable in two frequency bands of 387-464MHz and 779-928MHz, so it can cover three signal frequencies of 433MHz, 868MHz, and 915 MHz. Furthermore, the CC1101 chip can store the read data into a 64-bit receiving and dispatching FIFO stack, and can acquire electromagnetic wave data in a carrier sensing mode, so that transparent transmission of the data is realized. Both of these two modes can complete the signal receiving of specific frequency, so that the 868MHz signal can be received by using the chip and submitted to MCU for further processing.
S12: similarly, the 915MHz signal receiving module may also be designed using a CC1101 chip, and the specific receiving mode may use carrier sensing to perform transparent data reception, so as to reduce the time delay.
S13: for signals at 2.4GHz frequencies, the receiving module may be designed using a wireless transceiver chip nRF24L01 operating in the 2.4GHz to 2.5GHz frequency band. The chip adopts an FSK modulation mode and integrates Enhanced Short Burst protocol. Point-to-point wireless communication can be realized and the wireless communication speed can reach up to 2Mbps. The characteristic determines that the chip can complete the data receiving and transmitting task in a short time, and can rapidly submit the signals with corresponding frequencies to the MCU for processing after collecting the signals.
S2: after the suspicious signals with corresponding frequencies are collected, the suspicious signals cannot be directly judged as relay attack behaviors. Since these frequencies belong to the industrial frequency band, there is a high probability that other interfering signals will appear, but it does not belong to the wake-up signal emitted by the vehicle. Even if other unusual frequency bands are replaced, the device may be interfered by the surrounding environment, so that misjudgment occurs. In this case the method incorporates a mechanism for signal preamble identification. Similar to the transmission of data frames in ethernet, the radio frequency wake-up signal of the vehicle is also composed of a preamble, a frame delimiter (SFD), a frame length, and a data portion. The normal preamble is composed of several 10101010 bytes. When the sender sends data, the part of the preamble is added as a message header to be sent to the receiver, and the receiver adjusts the byte clock of the receiver to prepare for receiving the data after receiving the preamble. After the preamble is finished, there is a frame delimiter, the content is 10101011, meaning that it is used to inform the receiver that the content after 11 is received is the real data content. In the case of identical communication protocols, the preamble and delimiter portions of the two frames are identical and can therefore be distinguished as signal characteristics. The method proposes two preamble identification methods, namely automatic identification and manual matching, and is specifically shown in fig. 6.
S21: after understanding this principle, a preamble identification method can be designed for it, for example, a signal at the beginning of 10101010 is detected and marked, and a number of 10101010 bytes following it are tracked until a frame delimiter of 11 appears. These several complete signal characteristics occur, which can be determined as the preamble of the signal. This can be used as an automatic identification method. The automatic identification does not need to match the vehicle model, and the equipment can be directly used for preamble identification. But has the disadvantage that the recognition accuracy is not high, and erroneous judgment results are easily generated.
S22: in order to make the judgment more accurate, the identification accuracy of the preamble can be enhanced by adopting a manual matching mode. The user can trigger the vehicle keyless entry system by pulling the door handle or pressing a button, so that the vehicle keyless entry system can continuously send a 125KHz low-frequency wake-up signal. A125 KHz signal receiver and a manual matching switch are added on the device, and when the switch is opened, the signal receiver can receive 125KHz wake-up signals at the periphery and store and compare the received signals. It is thereby detected that the front portions of the plurality of signals are identical, i.e. the front preamble and the frame delimiter are identical, and thus the specific format of the preamble in the vehicle wake-up signal can be determined. The 125KHz signal receiver can be designed by using an AS3933 chip, works in the frequency range of 15-150KHz, has the functions of 3-channel low-frequency wake-up and automatic antenna tuning, and can meet the requirements of the technical scheme of the embodiment of the invention. Through manual matching's mode, can make the preamble discernment more accurate to promote the efficiency that equipment detected and defended.
S3: after the relay signal characteristics are identified and relay attacks exist around the vehicle, the safety of the vehicle can be ensured only by defending the key before the key returns an unlocking response. The intermediate processing time is extremely short, so that the shortest effective defense mode is that the signals interfere with the same frequency. Co-channel interference refers to the fact that the frequencies of two or more signals are identical and they can interfere with each other by mixing together, thereby confusing the corresponding signal receiver. Such problems are very common in communication systems, and there are also techniques of frequency hopping and frequency multiplexing to reduce the effects of co-channel interference. However, the workshop communication is relatively simpler, and most vehicles do not have the solution of co-channel interference, so that the workshop communication can be defended against the problem. The specific implementation scheme is to design a signal interference device on the defending equipment to generate a signal (315 MHz or 433 MHz) with the same frequency as the key signal to perform the same-frequency interference. In addition, in order to prevent misjudgment of the system and errors of program logic, the method also adds a networking module on the jammer, and a user can be directly connected to defending equipment through a network so as to control the switch of the signal jammer. Normally, the system can actively defend against signal interference, but also allows the user to remotely shut down the service. As shown in fig. 7, the signal jammer includes 433MHz and 315MHz signal transmitting modules and networking modules, covering the functions mentioned above.
S31: the signal with 433MHz frequency is adopted for co-channel interference, so a signal transmitting module with corresponding frequency is needed. Here, a 433M super regenerative high frequency transmission module mounted with an SC2262 chip may be used for design. The module has an initial transmitting power of 10mW, and can also increase the signal transmitting power through circuit reset design to achieve better interference effect. The implementation of the specific interference method can drive the MCU to send a section of all-carrier signal and maintain for 1-2 seconds after the MCU detects the relay attack. Since the shop communication of PEPS systems is mostly in the order of milliseconds, the signal interaction between the vehicle and the key can be completed in a very short time, and 1-2 seconds has been a long time disturbance to this communication process. If the interference effect is not found to be sufficient, further adjustment and adaptation can be made to the interference time and the transmit power of the interference module.
S32: because the automobile key basically only works at two signal frequencies of 315MHz and 433MHz, only the two corresponding frequency disrupters need to be designed. The 315MHz signal transmission module design is also similar, and the design can be accomplished using MX-FS-03V model 315M wireless transmission modules. The interference method is consistent with the 433MHz signal transmitter, and the interference effect can be realized by transmitting a full carrier signal for 1-2 seconds after the attack behavior is detected.
S33: because the equipment has misjudgment behavior in the use process to influence the normal communication of workshops, the method adds a networking module, and a user can carry out networking control on the equipment, so that the user is allowed to remotely close a signal interference function so as not to influence the normal function use. In addition, the networking module can also set up to timely inform the user in the form of short messages or mails after detecting the relay attack behavior, so that the user can take corresponding measures timely. The design of the networking module may be implemented using an ESP32 chip. The wireless Bluetooth wireless communication system adopts a Tensilica Xtensa LX microprocessor, and WiFi and dual-mode Bluetooth are integrated inside the wireless communication system. The user may connect to the WiFi of ESP32 through a cell phone to establish a connection with the defending device so that it may be remotely controlled. Under the condition of keeping connection, if the equipment detects relay attack, the equipment can also push alarm information to a mobile phone of a user through WiFi information transmission, so that an alarm effect is achieved.
From the above analysis, it can be understood that the relay attack detection defense device mainly comprises three parts of a signal receiver, a preamble identification and a signal jammer, and the whole framework can be seen in fig. 4. The method mainly detects the frequency characteristics of the signals, assisted by the identification of the signal lead codes, determines the characteristics of the relay signals and then transmits interference signals for defending the relay signals, and the whole flow chart is shown in figure 8.
Device embodiment
According to an embodiment of the present invention, a device for detecting and defending an automobile relay attack is provided, and fig. 9 is a schematic diagram of the device for detecting and defending an automobile relay attack according to the embodiment of the present invention, as shown in fig. 9, where the device for detecting and defending an automobile relay attack according to the embodiment of the present invention specifically includes:
a signal receiver 90 for detecting an abnormal signal; the method specifically comprises the following steps:
the 868MHz frequency signal receiving module is used for detecting abnormal signals at 868 MHz;
915MHz frequency signal receiving module for detecting abnormal signal at 915 MHz;
and the 2.4GHz frequency signal receiving module is used for detecting abnormal signals at 2.4 GHz.
The identifying module 92 is configured to decode the abnormal signal, identify a signal preamble in the decoded abnormal signal, and confirm that a relay attack exists around the vehicle according to the signal preamble; the method is particularly used for:
and decoding the abnormal signal, marking the signal after detecting the signal at the beginning of 10101010, tracking a plurality of subsequent 10101010 bytes until the frame delimiter of 11 appears, and judging the signal as the signal preamble if the complete signal characteristic appears.
And responding to the operation of triggering the keyless entry system of the vehicle, continuously sending out a 125KHz low-frequency wake-up signal, when a switch of a 125KHz frequency signal receiver is opened, receiving the 125KHz vehicle wake-up signal around the 125KHz frequency signal receiver, storing and comparing the received multiple vehicle wake-up signals, and if the signal lead codes and frame delimiters of the multiple vehicle wake-up signals are detected to be the same, determining the specific format of the lead codes in the vehicle wake-up signals.
The signal jammer 94 is configured to transmit a jammer signal to prevent relay attack. The method specifically comprises the following steps:
433MHz frequency transmitting module for transmitting interference signal at 433MHz to prevent relay attack
The 315MHz frequency transmitting module is used for transmitting interference signals at 315MHz to prevent relay attack behavior;
and the networking switch module is used for acquiring a remote signal interference closing function request of a user and closing the driving signal interference device.
The embodiment of the present invention is an embodiment of a device corresponding to the embodiment of the method, and specific operations of each module may be understood by referring to descriptions of the embodiment of the method, which are not repeated herein.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.

Claims (10)

1. The method for detecting and defending the automobile relay attack is characterized by comprising the following steps:
detecting an abnormal signal by a signal receiver;
decoding the abnormal signal, identifying a signal lead code in the decoded abnormal signal, and confirming that relay attack exists around the vehicle according to the signal lead code;
the driving signal jammer transmits an interference signal to prevent relay attack.
2. The method according to claim 1, wherein detecting an anomaly signal by the signal receiver comprises:
abnormal signals are detected at 868MHz, 915MHz and 2.4GHz by a 868MHz frequency signal receiving module, a 915MHz frequency signal receiving module and a 2.4GHz frequency signal receiving module in the signal receiver.
3. The method according to claim 1, wherein decoding the abnormal signal, identifying a signal preamble in the decoded abnormal signal, and confirming that a relay attack exists around the vehicle according to the signal preamble specifically comprises:
and decoding the abnormal signal, marking the signal after detecting the signal at the beginning of 10101010, tracking a plurality of subsequent 10101010 bytes until the frame delimiter of 11 appears, and judging the signal as the signal preamble if the complete signal characteristic appears.
4. A method according to claim 1 or 3, wherein decoding the abnormal signal, identifying a signal preamble in the decoded abnormal signal, and confirming that a relay attack exists around the vehicle according to the signal preamble specifically comprises:
and responding to the operation of triggering the keyless entry system of the vehicle, continuously sending out a 125KHz low-frequency wake-up signal, when a switch of a 125KHz frequency signal receiver is opened, receiving the 125KHz vehicle wake-up signal around the 125KHz frequency signal receiver, storing and comparing the received multiple vehicle wake-up signals, and if the signal lead codes and frame delimiters of the multiple vehicle wake-up signals are detected to be the same, determining the specific format of the lead codes in the vehicle wake-up signals.
5. The method of claim 1, wherein driving the signal jammer to transmit the interfering signal, preventing relay attack comprises:
driving the 433MHz frequency transmitting module and the 315MHz frequency transmitting module to transmit interference signals at 433MHz and 315MHz respectively, so as to prevent relay attack behavior;
and acquiring a remote signal interference closing function request of a user through a networking switch module, and closing the driving signal interference device.
6. The utility model provides a detection and defending device of car relay attack which characterized in that includes:
a signal receiver for detecting an abnormal signal;
the identification module is used for decoding the abnormal signals, identifying signal lead codes in the decoded abnormal signals and confirming that relay attack exists around the vehicle according to the signal lead codes;
and the signal jammer is used for transmitting an interference signal and preventing relay attack.
7. The apparatus of claim 6, wherein the signal receiver comprises:
the 868MHz frequency signal receiving module is used for detecting abnormal signals at 868 MHz;
915MHz frequency signal receiving module for detecting abnormal signal at 915 MHz;
and the 2.4GHz frequency signal receiving module is used for detecting abnormal signals at 2.4 GHz.
8. The apparatus of claim 6, wherein the identification module is specifically configured to:
and decoding the abnormal signal, marking the signal after detecting the signal at the beginning of 10101010, tracking a plurality of subsequent 10101010 bytes until the frame delimiter of 11 appears, and judging the signal as the signal preamble if the complete signal characteristic appears.
9. The apparatus according to claim 6 or 8, wherein the identification module is specifically configured to:
and responding to the operation of triggering the keyless entry system of the vehicle, continuously sending out a 125KHz low-frequency wake-up signal, when a switch of a 125KHz frequency signal receiver is opened, receiving the 125KHz vehicle wake-up signal around the 125KHz frequency signal receiver, storing and comparing the received multiple vehicle wake-up signals, and if the signal lead codes and frame delimiters of the multiple vehicle wake-up signals are detected to be the same, determining the specific format of the lead codes in the vehicle wake-up signals.
10. The apparatus of claim 6, wherein the signal disruptor comprises:
the 433MHz frequency transmitting module is used for transmitting interference signals at 433MHz, preventing relay attack behavior from 315MHz frequency transmitting module, and preventing relay attack behavior from transmitting interference signals at 315 MHz;
and the networking switch module is used for acquiring a remote signal interference closing function request of a user and closing the driving signal interference device.
CN202310917548.1A 2023-07-24 2023-07-24 Method and device for detecting and defending automobile relay attack Pending CN116939614A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310917548.1A CN116939614A (en) 2023-07-24 2023-07-24 Method and device for detecting and defending automobile relay attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310917548.1A CN116939614A (en) 2023-07-24 2023-07-24 Method and device for detecting and defending automobile relay attack

Publications (1)

Publication Number Publication Date
CN116939614A true CN116939614A (en) 2023-10-24

Family

ID=88385911

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310917548.1A Pending CN116939614A (en) 2023-07-24 2023-07-24 Method and device for detecting and defending automobile relay attack

Country Status (1)

Country Link
CN (1) CN116939614A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116193444A (en) * 2023-02-02 2023-05-30 广东为辰信息科技有限公司 Relay attack vulnerability detection method based on automobile keyless function

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116193444A (en) * 2023-02-02 2023-05-30 广东为辰信息科技有限公司 Relay attack vulnerability detection method based on automobile keyless function

Similar Documents

Publication Publication Date Title
CN108698561B (en) Method for activating at least one safety function of a vehicle safety system
EP3037306B1 (en) Method for preventing relay attack on vehicle smart key system
Rouf et al. Security and privacy vulnerabilities of {In-Car} wireless networks: A tire pressure monitoring system case study
USRE45166E1 (en) Remote keyless entry system with two-way long range communication
US11277742B2 (en) Method for operating authentication system and authentication system
US20140327517A1 (en) Remote control system, and method for automatically locking and/or unlocking at least one movable panel of a motor vehicle and/or for starting a motor vehicle engine using a remote control system
CN103353996B (en) Automobile wireless control system and the state information feedback method based on this system
CN116939614A (en) Method and device for detecting and defending automobile relay attack
CN101151642A (en) Generic radio transmission network for door applications
CN103858149A (en) Solutions for relay attacks on passive keyless entry and go
CN110858967A (en) System for securing keyless entry system
CN103036865B (en) System and method for the access request to safety means for the certification
US9902369B2 (en) Apparatus and method for dual range detection in a vehicle
CN105894697A (en) Network alarm system with identity recognition function and method
CN110562195A (en) Relay attack defense
CN105516443A (en) Terminal and multi-protection method thereof
CN203415013U (en) Wireless control system for vehicle
KR101846156B1 (en) Method to protect Relay-attack of Smart key System in vehicles
CN114940142B (en) Automobile anti-theft method and system based on radiation source individual verification and automobile
US10827356B2 (en) Electronic device, vehicle system and method for safeguarding wireless data communication
KR102354117B1 (en) Smart key ecu and method for processing tollgate charges payment using the same
KR101483154B1 (en) Method to protect Relay-attack of Smart key System in vehicles
US20100049799A1 (en) Systems and methods for providing frequency diversity in security transmitters
CN201696038U (en) Intelligent keyless electronic locking system
Ashworth et al. Radio frequency identification and tracking of vehicles and drivers by exploiting keyless entry systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination