GB2587323A - Computer-Implemented system and method - Google Patents

Computer-Implemented system and method Download PDF

Info

Publication number
GB2587323A
GB2587323A GB1912069.0A GB201912069A GB2587323A GB 2587323 A GB2587323 A GB 2587323A GB 201912069 A GB201912069 A GB 201912069A GB 2587323 A GB2587323 A GB 2587323A
Authority
GB
United Kingdom
Prior art keywords
stream
symbol
challenge
resource
response
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
GB1912069.0A
Other versions
GB201912069D0 (en
Inventor
Reedman Ivan
Reedman Anna
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to GB1912069.0A priority Critical patent/GB2587323A/en
Publication of GB201912069D0 publication Critical patent/GB201912069D0/en
Publication of GB2587323A publication Critical patent/GB2587323A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/20Means to switch the anti-theft system on or off
    • B60R25/24Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S13/00Systems using the reflection or reradiation of radio waves, e.g. radar systems; Analogous systems using reflection or reradiation of waves whose nature or wavelength is irrelevant or unspecified
    • G01S13/74Systems using reradiation of radio waves, e.g. secondary radar systems; Analogous systems
    • G01S13/76Systems using reradiation of radio waves, e.g. secondary radar systems; Analogous systems wherein pulse-type signals are transmitted
    • G01S13/765Systems using reradiation of radio waves, e.g. secondary radar systems; Analogous systems wherein pulse-type signals are transmitted with exchange of information between interrogator and responder
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00388Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks code verification carried out according to the challenge/response method
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00555Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks comprising means to detect or avoid relay attacks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C2009/00753Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
    • G07C2009/00769Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Abstract

Embodiments of the present disclosure relate to computer-implemented security methods, protocols and apparatus for controlling access to a resource, and for secure user authentication. It is suitable for remote. wireless/keyless access to a controlled resource. A challenge stream (CS) is sent from a primary resource (e.g. vehicle) to a client resource (e.g. fob/token). Upon receipt. the client generates a response stream (RS) such that symbols in the RS stream which match symbols in the corresponding CS are echoed back while the timing of non-matching symbols are stretched or contracted. Upon receipt of the RS, the primary resource adds any matching symbols to a timing set which is then used to calculate a Time of Flight (ToF) calculation. If the ToF falls outside an acceptable range, access to the controlled resource is prohibited, otherwise access is granted.

Description

Computer-Implemented System and Method
Technical Field
This invention relates generally to security protocols, systems and methods for controlling access to and/or operation of a resource, and more particularly to authentication of a user prior to permitting or refusing access/operation. The invention is particularly suited, but not limited to, use in respect of challenge-response authentication and/or token-based authentication. The invention also relates to solutions for improved security and resilience in respect of potential attacks and exploits by unauthorised parties.
Background
Authentication and authorisation are common fundamental principles of any security system. Authentication can be carried out in a plurality of ways, but all share the common goal of verifying beyond doubt the identity of an entity/client, whether that is a human user 15 or a computing-based resource.
Some authentication arrangements use a client resource in conjunction with a primary resource. The primary resource is, comprises or is associated with the controlled resource which the user wishes to access. This might be, for example, as a computer network, some electronic resource such as software, a building or car etc.. Thus, the primary resource may be referred to herein as a "resource controller".
The client resource could be anything from software on a laptop or mobile phone through to a physical token such as a car key fob. Often, the client resource comprises a physical and/or portable device. Both the primary and client resources comprise hardware and/or software for processing, generating and transmitting data, so they are able to communicate with each other. The user uses the client resource to verify their identity and gain access to the primary resource. Figure 1 shows an example of user (which we shall refer to herein as a "client") attempting to authenticate with a primary device (shown in figure 1 as the "access point"). This illustrates a challenge-response scenario in which the party seeking access to the controlled resource requests access, and in return is presented with a challenge eg what is your password/PIN? The controller of the resource knows the correct answer to the challenge. The requester must provide the correct answer/response in order to be authorised for access. In some cases, other criteria may also be applied e.g. password/PIN must be supplied within a specified time period.
In such situations, and with reference to Figure 1, the authentication request is initiated by the primary resource (1), which requests authentication of the client (2). An example of this is "passive entry" or "remote keyless entry". For illustration purposes, herein we will use the example of keyless entry into a vehicle. In this illustrative example, a key fob comprising a transponder is paired with a specific vehicle. When a user with the key fob I() on their person touches the door handle, the vehicle senses the contact and sends an authentication challenge message to the key fob. The key fob responds with a cryptographic response to the challenge and, if correct, the vehicle authorises the unlocking of the car. Some arrangements also permit starting of the engine. This is illustrated in Figure 2 which shows a target vehicle as the primary device I and a legitimate key fob as the client 2.
However, the fundamental problem with this approach is that the distance from the key fob to the car is not measured or taken into consideration during the authentication process. Therefore, as an example, if the key fob is inside a house and the owner's car is in the diiveway, a simple amplifier is all that is required to boost the challenge signal from the car to the key fob. The key fob assumes because it has received a signal that it is within proximity of the car and provides the correct cryptographic response required for authentication. In response, the car authorises the authentication action, and access to or starting of the car is then permitted. In this way, an unauthorised party can steal the car without ever needing physical access to the car's key fob. This is illustrated in figure 3, which shows target vehicle I, legitimate key Ibb 2, and a RKE Amplifier and wand 3.
One technique to determine the distance of the authentication token/client (key fob 2) to the host (target vehicle 1) is to measure the ToF (Time of Flight). This technique uses the speed of light as a constant and measures how long a pulse takes to travel from the host to the authentication token and back again to determine the round trip distance. Figure 4 shows this basic concept, and illustrates the basic flow of a UWB (ultra wide band) pulse usage for ToF determination. Known arrangements involve UWB pulses and path determination to calculate the round trip distance. Figure 5 illustrates how this calculation can be performed, wherein 5 is a sent pulse stream, 6 is a received pulse stream and 7 is an example Time of Fight (ToF) calculation.
We now provide an example of how this might be used in practice. Assume that a ToF calculation needs to be done to detmmine how far away the key fob is from the vehicle 1. The key fob 2 wishes to authenticate with the vehicle. If the ToF is beyond an acceptable threshold, then the vehicle should ignore the authentication response from the key fob as it is too far away.
hi figure 6, however, the attacker 8 impersonates the real key fob's UWB echo and relaying authentication stream. Thus, a problem with this approach is that unless the authentication challenge and response are incorporated in the UWB burst, the UWB component could be spoofed and the authentication message relayed, thus tricking the vehicle into thinking that the key fob is closer than it actually is.
Most data transport protocols lack any actual distance measurement. Moreover, known wireless protocols are either designed for the transfer of information or for ToF (distance ranging) requirements. Thus, there is a need for a single protocol, system and method which simultaneously supports ToF ranging of a client and the transfer of data. It would be advantageous if such a combined technique is also simple to implement using existing Commercial Off The Shelf (COTS) data transceivers.
An improved solution has now been devised which addresses at least these technical 25 challenges.
Summary
Thus, systems, devices and methods are provided as defined in the appended claims and in accordance with the present invention hi accordance with the invention there may be provided a control method and corresponding system. The method/system may be arranged to control access to and/or operation of a resource. The resource may be any type of controlled resource, such as a physical device, a network, an electronic resource etc. Additionally, or alternatively, the method/system may be referred to as an authentication method/system. Herein, the term "access to" is intended to include "operation of'. For example, successful authentication may allow execution of a computer program, or starting of a device etc. It may be a computer-implemented method/system/protocol. It may be arranged to implement secure transmission of data for securing access to a controlled resource and/or for reliable, efficient and accurate performance of an authentication process. Additionally or alternatively, the invention provides a secure, reliable and efficient technique for determination of the distance of a wireless device, such as an authentication token, relative to a controlled resource. This can provide advantages in respect of prevention of exploits such as "relay attacks". The invention also provides an improved data transmission solution.
According to a first aspect, the invention may provide a computer-implemented method 15 comprising the steps: sending a Challenge Stream (CS) comprising a plurality of symbols in a pulse stream from a resource controller to a client resource; generating a Response Stream (RS) comprising a plurality of symbols in a pulse stream by: varying the timing of at least one symbol in the Response Stream if it does not match the symbol in the same position within the Challenge Stream; sending the Response Stream to the resource controller; constructing a set of symbol timings by: adding the timing of at least one symbol in the Response Stream to the set of symbol timings if the at least one symbol matches the symbol in the same position within the Challenge Stream.
Preferably, the method also comprises the step of: using the set of symbol timings to provide a Time of Flight result (ToF).
Preferably, the method also comprises the step of: denying access to, or operation of, a controlled resource if the Time of Flight result does not fall within a pre-determined distance range, or exceeds or falls below a predetelinined threshold.
Preferably. the Challenge Stream comprises a challenge associated with a pre-determined challenge solution.
Preferably, the method also comprises the step of: denying access to, or operation of, a controlled resource if the Response Stream does not comprise the pre-determined challenge solution.
Preferably, varying the timing of the at least one symbol in the Response Stream comprises stretching or varying the timing of the at least one symbol.
Preferably, the step of generating the Response Stream (RS) further comprises: not. varying the timing of at least one symbol in the Response Stream if it. matches the I() symbol in the same position within the Challenge Stream.
According to a second aspect, there may be provided a computer-implemented method comprising the steps: sending a Challenge Stream (CS) comprising a plurality of symbols in a pulse stream from a resource controller to a client resource; receiving, from the client resource, a Response Stream (RS) comprising a plurality of symbols in a pulse stream; constructing a set of symbol timings by: adding the timing of at least one symbol in the Response Stream to the set of symbol timings if the at least one symbol Response Stream matches the symbol in the same position within the Challenge Stream; using the set of symbol timings to provide a Time of Flight result (ToF).
Preferably, the method also comprises the step of: denying access to, or operation of, a 25 controlled resource if the Time of Flight result does not fall within a pre-determined distance range, or exceeds or falls below a predetermined threshold.
Preferably, the Challenge Stream comprises a challenge associated with a pre-determined challenge solution.
Preferably, the method also comprises the step of: denying access to, or operation of, a 30 controlled resource if the Response Stream does not comprise the pre-determined challenge solution.
According to a third aspect, the invention provides a control device arranged to perform die steps of any of method in accordance with the second aspect, and comprising: a processor; a transmitter for sending the Challenge Stream to the client resource; a receiver for receiving the Response Stream from the client resource; and memory including executable instructions that, as a result of execution by the processor, causes the system to perform any embodiment of the computer-implemented method as described in respect of the second aspect.
According to a fourth aspect, there is provided a computer-implemented method comprising the steps: receiving, at a client resource from a resource controller, a Challenge Stream (CS) comprising a plurality of symbols in a pulse stream; generating a Response Stream (RS) comprising a plurality of symbols in a pulse stream by: varying the timing of at least one symbol in the Response Stream if it does not match the symbol in the same position within the Challenge Stream; sending the Response Stream to the resource controller.
Preferably, the Challenge Stream comprises a challenge associated with a pre-determined challenge solution. Preferably, varying the timing of the at least one symbol in the Response Stream comprises stretching or varying the timing of the at least one symbol.
Preferably, the step of generating the Response Stream (RS) further comprises: not varying 25 the timing of at least one symbol in the Response Stream if it matches the symbol in the same position within the Challenge Stream.
According to a fifth aspect, the invention provides an authentication device arranged to perform the steps of any method in accordance with the fourth aspect, and comprising: a processor; a transmitter for sending the Response stream to the resource controller; a receiver for receiving the challenge stream from the resource controller; and memory including executable instructions that, as a result of execution by the processor, causes the system to perform any embodiment of the computer-implemented method as described in respect of the fourth aspect.
According to a sixth aspect, there is provided a computer-implemented system comprising: a control device according to die third aspect; and an authentication device according to the fifth aspect.
The invention also provides at least one non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of being executed by a processor of a computer system, cause the computer system to at least perform an embodiment of the method as described in respect of the first, second, third and/or fourth aspects.
In accordance with one or more aspects and/or embodiments of the invention, a challenge stream (CS) may be sent from a resource controller to a client resource (e.g. fob/token -hereafter simply -client"). The resource controller may be, or may be associated with, in communication with and/or connected to (wirelessly or physically), the controlled resource (e.g. a vehicle). The challenge stream may be generated and/or sent in response to a signal.
This signal may be received from the controlled resource, a client or another resource.
The CS (and/or response stream) may he a pulse stream. It may he a UWB pulse stream. Symbol values may be encoded in the stream between edges.
Preferably: the challenge stream communicates and/or comprises a challenge associated with an authentication process for securing the controlled resource. The challenge is associated with a predetermined challenge solution. The challenge solution is known to the client and/or resource controller. The challenge may be a cryptographic challenge. It may comprise a cryptographic key. The challenge may he encoded. The challenge solution may comprise or be generated using a cryptographic key. The solution may he encoded prior to transmission.
Preferably: upon receipt of the challenge stream, the client generates a response stream (RS). It may decode the challenge upon receipt. The Response Stream may comprise die challenge solution. The stream may be generated such that symbols in the RS stream which match symbols in the same position within the corresponding CS are echoed back to the resource controller, while the timing of non-matching symbols are varied. They may be varied by being stretched or contracted. "Matching" may mean that the challenge/response stream symbols are the same, share the same value or correspond in some pre-determined respect.
Preferably: upon receipt of the RS, the resource controller adds the timing of any matching symbols to a timing set which is then used to provide a Time of Flight (ToF) calculation. Thus, non-matching symbols/edges are ignored. If the Response stream contains the correct, pre-determined challenge solution but the ToF falls outside an acceptable range, or exceeds/falls below an acceptable threshold, then access to the controlled resource is prohibited, otherwise access is granted. In other words, authentication succeeds or fails. hi order to succeed, the response stream must provide the correct solution and an acceptable ToF result.
These and other aspects of the present invention will be apparent from and elucidated with 20 reference to, the embodiment described herein. An embodiment of the present invention will now be described, by way of example only, and with reference to the accompany drawings, in which:
Brief Description of the Drawings
Figure 1 shows an example challenge/response authentication flow.
Figure 2 shows an example Remote Keyless Entry/Passive Entry, Start Flow.
Figure 3 shows an example Remote Keyless Entry Amplification Attack Flow.
Figure 4 shows a basic flow of a UWB pulse usage for ToF determination.
Figure 5 illustrates the calculation of a ToF, including UWB pulses showing delta in time between a transmitted and received pulse as used in the ToF calculation.
Figure 6 shows an example attack on a ToF aspect of authentication system.
Figure 7 shows an example requirement, and showing a Challenge of 1234 and response of ABCD in accordance with an embodiment of the present disclosure.
Figure 8 shows an example of data out and data in, and showing delta in rising edge used to calculate ToF.
Figure 9 shows and example bit stream, both out-bound and in-bound.
Figure 10-Invention symbol encoding example implementation Figure 11 shows and example outbound and inbound stream illustrating different data outbound to inbound.
Figure 12 shows an attempted man-in-the-middle attack on an illustrative embodiment of 10 the present invention.
Figure 13 shows an example of transmitted data with the path extended so that ToF calculation includes a delay and is beyond an acceptable threshold, and therefore fails maximum ToF check.
Figure 14 is a sequence diagram showing an illustrative embodiment of the invention used 15 in respect of starting a vehicle.
Figure 15 is a sequence diagram, similar to that of Figure 14, but wherein the invention is used for locking/unlocking a vehicle.
Figure 16 shows the challenge message and response used by various embodiments of the invention, including those illustrated in Figures 14 and 15.
Figure 17 shows an overview of components which are used for receiving the challenge message (or "stream"), processing it and sending the response message.
Figure 18 is a schematic diagram illustrates a computing environment in which various embodiments can be implemented.
Description of Illustrative Embodiments
Embodiments of the present disclosure provide systems and methods for implementing an underlying protocol which provides simultaneous, tightly coupled ToF distance ranging and the transfer of data. These can be used for securing access to a controlled resource and enabling reliable authentication of a user/client. Advantageously, embodiments of the present invention are agnostic to the physical transport layer being used in a given implementation. This provides a simple and cost-effective solution which is easy to use and put into effect. Embodiments could, for example, be sound, ultrasonic, radio or light based. The skilled person would understand that the ToF calculation used in a given implementation would be reflective of the chosen wave speed used in the given medium.
To counter existing and new relay and amplification attacks the invention supports simultaneous ToF distance ranging and transfer of data. Advantageously, these functions are intrinsically bound together. To counter cryptographic or other more advanced attacks, the protocol is able to support the real time usage of low latency hardware or other security modules. Embodiments of the underlying protocol, arranged in accordance with the invention, are designed in such a way as to: 1. Protect against amplification and relay attacks; this means that the distance resolution must be sufficiently high as to support the range limit threshold as required by the application for which the invention is being used 2. Protect against advanced protocol MITM (man in the middle) attacks in which properties of the protocol are manipulated to support increased range for some components of the protocol; this means the fundamental protocol properties of the invention must be tightly coupled to the distance travelled and also support detection of MITM style protocol manipulation attacks; 3. Support real time usage of cryptographic modules for the management of key material and the performance of cryptographic operations 4. Be low enough power to be feasibly implemented in battery powered authentication devices 5. Be repeatable and reliable 6. Support implementation using existing/low cost physical layer transceivers At least some of the requirements/advantages of the system, method and protocol can be summarised as: 1. Enforces tight coupling between both the transfer of data and the characteristics used for ToF deteimination 2. Supports the hi-directional transfer of data 3. Supports a plurality of data modulation schemes 4. Supports a plurality of physical transport mechanisms/layers 5. Supports being data and physical layer agnostic 6. Supports low power usage -in addition to providing and energy efficient solution, this enables the invention to be deployed in a wide variety of contexts and for many different purposes.
To support ToF distance ranging, embodiments of the present invention use a plurality of timing measurements between known edges in the outgoing message and incoming message, where edges represent known values. Timing deltas between the edges on the corresponding outgoing/incoming paths can be used for ToF measurements. Normally, the delay timing fluctuates due to stochastic factors, so it is difficult to reliably determine the ToF using the timing. However, in accordance with the present invention, the random appearing influences can be removed using statistical analysis to provide accurate time information from which the distance can he calculated.
The authentication token echoes certain edges within the message stream back to the sender without variable processing time, resulting in stochastic propagation delay. To transmit data, the authentication token stretches or contracts symbol timing where corresponding incoming and outgoing symbols vary i.e. where they do not match. Where symbols received as echoes back to the sender match outgoing symbols, accurate timing measurements can be made to determine the ToF. A determination can then he made, by the primary resource (e.g. vehicle) as to whether or not that ToF result falls within an acceptable range, and therefore whether access should be permitted or prohibited.
Thus, to enable accurate and repeatable ToF distance ranging, the system and method supporting the protocol is able to accurately calculate the true ToF by removing stochastic influences due to characteristics such as propagation delay through semi-conductors, temperature and humidity effects, multi path reflection, interference etc. in the physical transport layer that supports the protocol of the invention, as well as variations in the signal processing and demodulation of carrier frequency.
Embodiments of the invention require that the client (i.e. the authentication token) separates leading edges in the pulse stream so they are handled in hardware. Where the value being returned is different to the value the token receives, the trailing edges are stretched or contracted. This enables the invention to overcome problems arising from stochastic influences introduced by processors, electronics, signal strength etc. and thus support accurate ToF measurements.
In other words, the vehicle monitors the incoming response steam to identify leading edges and trailing edges where the same value that was sent for a bit or symbol is received. The vehicle is able to "know" which symbols should be the same in the corresponding streams because it. knows the correct response that it is expecting from the legitimate key fob. By taking timing samples for each of those identified, known edges and rejecting samples outside the median we arrive at a set of samples whose timing is relatively similar. These samples can then be used by the vehicle to calculate the ToF. Timings for non-matching symbols will fall be outside the median and will be ignored from the ToF calculation. Some matching symbols that should be accepted will be heavily influenced by stochastic influences that will result in them also being rejected. This results in a more accurate and reliable set of samples for use in the ToF calculation.
It is desirable to take sufficient samples in order to support the reliable and repeatable ToF calculation through the removal of the stochastic influences as previously discussed. The more samples taken, the greater the accuracy. Consider, for example, a simple binary pattern as typically known in data transport. This would likely be insufficient as a message 1001 on the out bound path may result in a 0101 on the inbound path. Therefore, the only aligning known state with a known edge would be the final 1 resulting in a single timing sample being used for the ToF calculation.
As such, the invention provides a data modulation technique that ensures repeatable and matching temporal rising edges for either binary state, and ensures temporal correlation on the falling edge to ensure that even complex attacks on the protocol are unable to manipulate the ToF distance ranging or the data transport aspect of the protocol to increase the effective operating range. In effect, the invention uses the correct response data, which only the legitimate token and vehicle would know about, and transmits it in such a way that any alteration of the transmission distance (eg by a relay attack) or the response data itself causes the vehicle to reject the authorisation attempt.
Figure 7 illustrates an example requirement showing challenge of 1234, and a response of 5 ABCD. Also shown is the target vehicle 1 and the legitimate key fob 2.
Figure 8 shows an example of data out and data in, and illustrates delta in rising edge used to calculate the ToF. In figure 8, we see an outbound symbol stream 12 from the primary device (car 1), a response stream 13 received from the authenticator device (key fob 2), 10 and a ToF calculation per symbol 15.
In figure 9, we see a symbol stream outbound 12 and a symbol stream inbound 13.
hi Figure 10, we see an illustrative implementation of symbol encoding in accordance with one or more embodiments of the invention. As shown, every symbol starts with a known edge 14. The Time of Flight per symbol is calculated as time delta between known edges in a symbol stream 15. The symbol value is encoded on time between known edges, and symbol timing is stretched or contracted for the transmission of data.
By using the data modulation layer itself to encode data and to calculate ToF, the present invention provides a novel means to utilise existing physical transport layers to fundamentally protect against potential known attacks, as well as new attacks, without the need for specialist timing circuitry or physical layer modifications. Advantageously, the invention is agnostic to, and independent of, the physical layer on which it can be implemented. This provides a versatile and powerful solution to the security problems that prior art technologies are vulnerable to.
hi Figure 11, we see an example of an outbound 12 and inbound 13 stream showing different data outbound to inbound. Figure 11 shows an example outbound symbol stream sent from the vehicle to the key fob, showing 0 0 1 0 being transmitted. Figure 11 also shows an example inbound symbol stream 13 received by the car from the key fob, showing 0 1 0 1 being received. A Time of flight calculation 15 is performed where edges of out and in bound symbols align. Figure 11 also shows (n) number of symbols being transmitted 9.
hi Figure 12, we see an illustration of an attempted man-in-the-middle attack on an embodiment of the present invention. Figure 12 shows a target vehicle 1 a legitimate key fob 2, and an attacker 8. Attacker 8 does not have the cryptographic key stored securely in the Hardware Security Module (HSM) of Key Fob and therefore is unable to spoof the authentication by itself without relaying a response from the legitimate fob.
As per Figure 3 (which shows an example of a remote keyless entry amplification attack) even if an amplification, relay or replay attack is used to bypass the need for the cryptographic key, the known edges used for ToF calculation are tightly bound to the challenge and response cryptographic component i.e. solution and therefore cannot be separated.
This is illustrated in Figure 13, which provides an example of transmitted data with the path extended so that the ToF calculation delay is beyond the acceptable threshold and therefore fails the maximum ToF check. The attack is thus thwarted. Figure 13 shows an example outbound symbol stream 12 transmitted and an example inbound symbol stream 13 received, a Time of flight per symbol calculation 15, and (n) number of symbols 9. Figure 13 also shows the threshold of expected time delta between out and in matching edges 10 and the actual time delta between out and in matching edges 11 as beyond the allowed threshold.
When a relay or amplification attack is launched against a system which implements the present invention, the attack alters the distance between the key fob and the car. The signals need to travel further, which increases the overall Time of Flight. As a result, the system provides a different ToF from that which is expected or acceptable to the car. This causes the car (2) to reject the authentication and prevent the theft or unauthorised access.
Turning to Figures 14 and 15, these show sequence flows for controlling ignition of a vehicle engine and locking/unlocking of the vehicle, respectively. When the driver has pressed the ignition button to start the engine, or touched the door handle to initiate unlocking of the vehicle, an implementation of the invention is activated as shown in figure 16. The challenge message depicted in Figure 16 is sent as a stream of symbols, in accordance with the protocol, from the vehicle's control unit to the key fob 2 for the authentication process to take place. As shown in Figure 17, the challenge message is received by the receiver in the key fob. The fob's cryptographic processor decrypts the message, generates the response message and then uses the transmitter to send to the response to the vehicle As per Figures 14 and 15, the vehicle's control unit for starting the engine or unlocking the door is activated if and only if authentication is successful i.e. the response stream contains the correct pre-determined solution associated with the challenge sent via the Challenge stream and the ToF result falls within an acceptable, pre-determined range.
In summary. using our vehicle (resource controller) and key fob (client) example, the functions of the system components can be described as follows: Key fob: 1. Receive challenge stream (CS) from vehicle 2. Generate response stream (RS) such that for each symbol in the response stream: If (symbol at position x in RS == symbol at position x in CS) then do not vary symbol timing Else stretch or contract the symbol timing 3. Send RS back to vehicle Vehicle: 1. Send challenge stream (CS) to key fob 2. Receive response stream (RS) from key fob 3. For each symbol in RS: If (symbol at position x in RS == symbol at position x in CS) then add symbol timing to timing set 4. Use timing set to calculate ToF Result 5. If (RS contains correct response & ToF Result <= acceptable distance) then Unlock/start vehicle Else Leave vehicle locked/not started Embodiments of the present invention support and/or facilitate any system where a message peer distance from a source needs to be identified and bound to the message. In this way, embodiments of the invention can serve as a technique for non-cryptographic message authentication, bound to a physical location. Multiple sources are able to message a token and tri-angulate its position and have a reliable non-repudiation for the token's actual location without ever transmitting or receiving location data Advantageously, this can be implemented using COTS transceivers, which reduces cost and complexity, and facilitates implementation and installation. By way of example only, consider a scenario wherein sensor nodes or positioning devices for forklifts or robots in factories are required.
The present invention provides a secure, cost effective and efficient solution to such a requirement. Many other use cases and technical scenarios can be envisaged.
In terms of implementations, the skilled person will readily understand that a variety of different technologies can be used to achieve the desired technical effects of the present invention. For example, the use of radio (LF, VHF, UHF, Microwave etc.) as a transmission medium would utilise the speed of light as co-efficient for the ToF calculation. Alternatively, sound or ultrasound could be employed as the medium. In such implementations, the speed of sound would he used as the co-efficient for the ToF calculation. Further still, light or other parts of the spectrum could also be utilised.
Turning now to Figure 18, there is provided an illustrative, simplified block diagram of a computing device 2600 that may he used to practice at least one embodiment of the present disclosure. In various embodiments, the computing device 2600 may be used to implement any of the systems illustrated and described above. For example, the computing device 2600 may be configured for use as an embedded processor, a data server, a web server, a portable computing device, a personal computer, or any electronic computing device. As shown in Figure 18, the computing device 2600 may include one or more processors with one or more levels of cache memory and a memory controller (collectively labelled 2602) that can he configured to communicate with a storage subsystem 2606 that includes main memory 2608 and persistent storage 2610. The main memory 2608 can include dynamic random-access memory (DRAM) 2618 and read-only memory (ROM) 2620 as shown. The storage subsystem 2606 and the cache memory 2602 and may be used for storage of information, such as details associated with transactions and blocks as described in the present disclosure. The processor(s) 2602 may be utilized to provide the steps or functionality of any embodiment as described in the present disclosure.
The processor(s) 2602 can also communicate with one or more user interface input devices 2612, one or more user interface output devices 2614, and a network interface subsystem 2616.
A bus subsystem 2604 may provide a mechanism for enabling the various components and 10 subsystems of computing device 2600 to communicate with each other as intended. Although the bus subsystem 2604 is shown schematically as a single bus, alternative embodiments of the bus subsystem may utilize multiple busses The network interface subsystem 2616 may provide an interface to other computing devices and networks. The network interface subsystem 2616 may serve as an interface for receiving data from, and transmitting data to, other systems from the computing device 2600. For example, the network interface subsystem 2616 may enable a data technician to connect the device to a network such that the data technician may be able to transmit data to the device and receive data from the device while in a remote location, such as a data centre.
The user interface input devices 2612 may include one or more user input devices such as a keyboard; pointing devices such as an integrated mouse, trackball, touchpad, or graphics tablet; a scanner; a barcode scanner; a touch screen incorporated into the display; audio input devices such as voice recognition systems, microphones; and other types of input devices. In general, use of the term input device" is intended to include all possible types of devices and mechanisms for inputting information to the computing device 2600.
The one or more user interface output devices 2614 may include a display subsystem, a 30 printer, or non-visual displays such as audio output devices, etc. The display subsystem may be a cathode ray tube (CRT), a flat-panel device such as a liquid crystal display (LCD), light emitting diode (LED) display, or a projection or other display device. In general, use of the term "output device" is intended to include all possible types of devices and mechanisms for outputting information from die computing device 2600. The one or more user interface output devices 2614 may be used, for example, to present user interfaces to facilitate user interaction with applications performing processes described and variations therein, when such interaction may be appropriate.
The storage subsystem 2606 may provide a computer-readable storage medium for storing the basic programming and data constructs that may provide the functionality of at least. one embodiment of the present disclosure. The applications (programs, code modules, instructions), when executed by one or more processors, may provide the functionality of one or more embodiments of the present disclosure, and may be stored in the storage subsystem 2606. These application modules or instructions may be executed by the one or more processors 2602. The storage subsystem 2606 may additionally provide a repository for storing data used in accordance with the present disclosure. For example, the main memory 2608 and cache memory 2602 can provide volatile storage for program and data. The persistent storage 2610 can provide persistent (non-volatile) storage for program and data and may include flash memory, one or more solid state drives, one or more magnetic hard disk drives, one or more floppy disk drives with associated removable media, one or more optical drives (e.g. CD-ROM or DVD or Blue-Ray) drive with associated removable media, and other like storage media. Such program and data can include programs for carrying out the steps of one or more embodiments as described in the present disclosure as well as data associated with transactions and blocks as described in the present disclosure.
The computing device 2600 may be of various types, including a portable computer device, tablet computer, a workstation, or any other device described below. Additionally, the computing device 2600 may include another device that may be connected to the computing device 2600 through one or more ports (e.g.. USB, a headphone jack, Lightning connector, etc.). The device that may be connected to the computing device 2600 may include a plurality of ports configured to accept fibre-optic connectors. Accordingly, this device may be configured to convert optical signals to electrical signals that may be transmitted through the port connecting the device to the computing device 2600 for processing. Due to the ever-changing nature of computers and networks, the description of the computing device 2600 depicted in FIG. 18 is intended only as a specific example for purposes of illustrating the preferred embodiment of the device. Many other configurations having more or fewer components than the system depicted in FIG. 18 are possible.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be capable of designing many alternative embodiments without departing from the scope of the invention as defined by the appended claims. In the claims any reference signs placed in parentheses shall not be construed as limiting the claims. The word "comprising" and "comprises", and the like, does not exclude the presence of elements or steps other than those listed in any claim or the specification as a whole. In the present. specification, "comprises" means "includes or consists of' and "comprising" means "including or consisting of'. The singular reference of an element does not exclude the plural reference of such elements and vice-versa. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a device claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

Claims (19)

  1. CLAIMS: 1. A computer-implemented method comprising the steps: sending a Challenge Stream (CS) comprising a plurality of symbols in a pulse stream from a resource controller to a client resource; generating a Response Stream (RS) comprising a plurality of symbols in a pulse stream by: varying the timing of at least one symbol in the Response Stream if it does not match the symbol in the same position within the Challenge Stream; sending the Response Stream to the resource controller; constructing a set of symbol timings by: adding the timing of at least one symbol in the Response Stream to the set of symbol timings if the at least one symbol matches the symbol in the same position within the Challenge Stream.
  2. 2. A method according to claim 1 and comprising the step of: using the set of symbol timings to provide a Time of Flight result (ToF).
  3. 3. A method according to claim 1 or 2 and comprising the step of: denying access to, or operation of, a controlled resource if the Time of Flight result does not fall within a pre-determined distance range, or exceeds or falls below a predetermined threshold.
  4. 4. A method according to any preceding claim wherein the Challenge Stream comprises a challenge associated with a pre-determined challenge solution.
  5. A method according to any preceding claim and comprising the step of: denying access to, or operation of, a controlled resource if the Response Stream does not comprise the pre-determined challenge solution.
  6. 6. A method according to any preceding claim wherein: varying the timing of the at least one symbol in the Response Stream comprises stretching or varying the timing of the at least one symbol.
  7. 7 A method according to any preceding claim wherein the step of generating the Response Stream (RS) further comprises: not varying the timing of at least one symbol in the Response Stream if it matches the symbol in the same position within the Challenge Stream.
  8. 8. A computer-implemented method comprising the steps: sending a Challenge Stream (CS) comprising a plurality of symbols in a pulse stream from a resource controller to a client resource; receiving, from the client resource, a Response Stream (RS) comprising a plurality of symbols in a pulse stream; constructing a set of symbol timings by: adding the timing of at least one symbol in the Response Stream to the set of symbol timings if the at least one symbol Response Stream matches the symbol in the same position within the Challenge Stream; using the set of symbol timings to provide a Time of Flight result (ToF).
  9. 9. A method according to claim 8 and comprising the step of: denying access to, or operation of, a controlled resource if the Time of Flight result does not fall within a pre-determined distance range, or exceeds or falls below a predetermined threshold.
  10. 10. A method according to claim 8 or 9 wherein the Challenge Stream comprises a challenge associated with a pre-determined challenge solution.
  11. 11 A method according to claim 10 and comprising the step of: denying access to, or operation of, a controlled resource if the Response Stream does not comprise the pre-determined challenge solution.
  12. 12. A control device arranged to perform the steps of any of claims 8 to 11, and comprising: a processor; a transmitter for sending the Challenge Stream to the client resource; a receiver for receiving the Response Stream from the client resource; and memory including executable instructions that, as a result of execution by the processor, causes the system to perform any embodiment of the computer-implemented method as claimed in any of claims 8 to 11.
  13. 13 A computer-implemented method comprising the steps: receiving, at a client resource from a resource controller, a Challenge Stream (CS) comprising a plurality of symbols in a pulse stream; generating a Response Stream (RS) comprising a plurality of symbols in a pulse stream by: varying the timing of at least one symbol in the Response Stream if it does not match the symbol in the same position within the Challenge Stream; sending the Response Stream to the resource controller.
  14. 14. A method according to claim 13 wherein: the Challenge Stream comprises a challenge associated with a pre-determined challenge solution.
  15. 15. A method according to claim 13 or claim 14 wherein: varying the timing of the at least one symbol in the Response Stream comprises stretching or varying the timing of the at least one symbol.
  16. 16. A method according to any of claims 13 to 15 wherein the step of generating the Response Stream (RS) further comprises: not varying the timing of at least one symbol in the Response Stream if it matches the symbol in the same position within the Challenge Stream.
  17. 17. An authentication device arranged to perform the steps of any of claims 13 to 16, and comprising: a processor; a transmitter for sending the Response stream to the resource controller; a receiver for receiving the challenge stream from the resource controller; and memory including executable instructions that, as a result of execution by the processor, causes the system to perform any embodiment of the computer-implemented method as claimed in any of claims 13 to 16.
  18. 18. A computer-implemented system comprising: a control device according to claim 12; and an authentication device according to claim 17.
  19. 19. A non-transitory computer-readable storage medium having stored thereon executable 15 instructions that, as a result of being executed by a processor of a computer system, cause the computer system to at least perform an embodiment of the method as claimed in any of claims 1 to 11 and/or 13 to 16..
GB1912069.0A 2019-08-22 2019-08-22 Computer-Implemented system and method Pending GB2587323A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1912069.0A GB2587323A (en) 2019-08-22 2019-08-22 Computer-Implemented system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1912069.0A GB2587323A (en) 2019-08-22 2019-08-22 Computer-Implemented system and method

Publications (2)

Publication Number Publication Date
GB201912069D0 GB201912069D0 (en) 2019-10-09
GB2587323A true GB2587323A (en) 2021-03-31

Family

ID=68108840

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1912069.0A Pending GB2587323A (en) 2019-08-22 2019-08-22 Computer-Implemented system and method

Country Status (1)

Country Link
GB (1) GB2587323A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080284564A1 (en) * 2004-07-07 2008-11-20 Koninklijke Philips Electronics, N.V. Time-of-Flight Ranging Systems
WO2016059451A1 (en) * 2014-10-15 2016-04-21 Continental Automotive Gmbh Method and system for detecting relay attack for pase system
EP3089498A1 (en) * 2015-04-28 2016-11-02 Nxp B.V. Signal modulation for secure communication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080284564A1 (en) * 2004-07-07 2008-11-20 Koninklijke Philips Electronics, N.V. Time-of-Flight Ranging Systems
WO2016059451A1 (en) * 2014-10-15 2016-04-21 Continental Automotive Gmbh Method and system for detecting relay attack for pase system
EP3089498A1 (en) * 2015-04-28 2016-11-02 Nxp B.V. Signal modulation for secure communication

Also Published As

Publication number Publication date
GB201912069D0 (en) 2019-10-09

Similar Documents

Publication Publication Date Title
JP7391860B2 (en) Extending secure key storage for transaction confirmation and cryptocurrencies
EP3420677B1 (en) System and method for service assisted mobile pairing of password-less computer login
KR101907958B1 (en) Method and apparatus for controlling incoming or outgoing, user terminal and server for the same
KR101224797B1 (en) Provisioning of wireless connectivity for devices using nfc
JP2021510978A (en) Systems and methods for binding verifiable claims
US20190044951A1 (en) Surveillance-based relay attack prevention
CN114466361A (en) Modifying security states through security scope detection
US10642664B2 (en) System and method for securing an inter-process communication via a named pipe
CN105408910A (en) Systems and methods for authenticating access to operating system by user before the operating system is booted using wireless communication token
US11038684B2 (en) User authentication using a companion device
US8918844B1 (en) Device presence validation
US20200327219A1 (en) Passwordless authentication
US11909734B2 (en) Methods and systems for authenticating identity
US20190327093A1 (en) Cloud-implemented physical token based security
AU2021383919A1 (en) Defending multi-factor authentication against phishing
Kim et al. Puf-based iot device authentication scheme on iot open platform
US11192524B2 (en) Secure proximity key
US20230260347A1 (en) Methods and apparatus for validating wireless access card authenticity and proximity
GB2587323A (en) Computer-Implemented system and method
US8422683B2 (en) Appraising systems with zero knowledge proofs
CN110838911A (en) Quantum secrecy query method and system
KR20210133178A (en) method and apparatus for processing authentication information and user terminal including the same
KR20180132811A (en) A method for secure interaction between a user and a mobile terminal and additional instances
Ji et al. Improved Chameleon: A Lightweight Method for Identity Verification in Near Field Communication
US20230275889A1 (en) Authentication using brain-machine interfaces