JP2020117945A - On-vehicle device and key-less entry system - Google Patents

Abstract

To suppress erroneous detection of relay attack in an RKE (Remote Key-less Entry) system.SOLUTION: An on-vehicle device according to an embodiment of the present invention includes: an on-vehicle transmitting unit which executes a transmission process of transmitting a request signal from each of a plurality of transmission antennas to a portable unit a plurality of times; an on-vehicle receiving unit for receiving an answer signal including a value corresponding to the received signal strength for each axis of the request signal transmitted by the multiple transmission processes; and an on-vehicle device control unit configured such that based on the value contained in the answer signal, an amount of change in the value indicating the intensity ratio, which is the ratio of the received signal strength for each axis of the request signal transmitted by the multiple transmission processes, is calculated for each axis, and based on the amount of change for each axis, determines whether a relay attack has been made.SELECTED DRAWING: Figure 10

Description

The present invention relates to a vehicle-mounted device and a remote keyless entry system.

Conventionally, as a system for wirelessly controlling unlocking and locking of a vehicle, a remote keyless entry system (hereinafter referred to as “RKE system”) including an on-vehicle device installed in the vehicle and a portable device carried by a user. It's being used. In the RKE system, the vehicle-mounted device periodically transmits a request signal wirelessly, the portable device of the user approaching the vehicle returns an answer signal in response to the request signal, and the vehicle-mounted device transmits the portable device based on the answer signal. Is authenticated and the unlocking and locking of the vehicle is controlled according to the authentication result. After the user gets on the vehicle, the vehicle-mounted device authenticates the portable device based on the answer signal from the portable device, and controls whether or not the engine can be started according to the authentication result.

A relay attack is known as a method for stealing a vehicle that employs the RKE system. The relay attack is a method in which a relay device relays a request signal to a user's portable device that is distant from the vehicle, thereby causing the portable device to transmit an answer signal and illegally unlocking the vehicle. As a countermeasure against this relay attack, a request signal is transmitted from a plurality of transmitting antennas installed at different positions of the vehicle, and the portable device receives each request signal with a three-axis antenna and calculates the received signal strength for each axis, There has been proposed a method of determining whether or not a relay attack has been performed by comparing an intensity ratio, which is a ratio of received signal intensity for each axis, between a plurality of request signals.

When a relay attack is performed, the portable device receives a plurality of request signals transmitted from a plurality of transmitting antennas via a repeater, so that the intensity ratios of the plurality of request signals are almost the same. .. On the other hand, when the relay attack is not performed, the portable device receives request signals from a plurality of transmitting antennas installed at different positions, and thus the intensity ratio of the plurality of request signals becomes different. Therefore, by comparing the strength ratios of a plurality of request signals, it is possible to determine whether or not a relay attack has been performed.

JP, 2006-342545, A

However, in the above conventional measures, when the authorized user gets in the vehicle and the portable device is located at the midpoint of the plurality of transmission antennas, the strength ratios of the plurality of request signals are almost the same, and the relay attack is performed. Despite that, there was a risk that it was determined that a relay attack had been performed (a relay attack was erroneously detected).

The present invention has been made in view of the above problems, and an object thereof is to suppress erroneous detection of relay attack in an RKE system.

The vehicle-mounted device according to one embodiment includes an on-vehicle device transmission unit that executes a transmission process of transmitting request signals to a portable device from a plurality of transmission antennas a plurality of times, and a request signal transmitted by the transmission process of a plurality of times. An on-vehicle device receiving unit that receives an answer signal including a value corresponding to the received signal strength for each axis, and the axis of the request signal transmitted by the transmission process a plurality of times based on the value included in the answer signal An in-vehicle device control unit that calculates the amount of change in the value indicating the intensity ratio, which is the ratio of the received signal intensity for each axis, for each axis and determines whether a relay attack has been performed based on the amount of change in each axis. ..

According to each embodiment of the present invention, it is possible to suppress erroneous detection of relay attack in the RKE system.

The figure which shows an example of an RKE system. The figure which shows an example of an answer signal and a request signal. The figure explaining the intensity ratio of a request signal when a regular user approaches a vehicle. The figure explaining the intensity ratio of a request signal when a relay attack is performed. The figure explaining the intensity ratio of a request signal when a user gets into a vehicle. The figure which shows an example of a function structure of a portable device control part. The figure which shows an example of a function structure of an onboard equipment control part. The flowchart which shows an example of the process which a portable device performs. The table which shows an example of the value of the request signal preserve|saved at the portable device memory|storage part. The flowchart which shows an example of the change amount determination which an onboard equipment performs. The flowchart which shows an example of the transmission process of the request signal R by an onboard equipment. The flowchart which shows an example of change amount determination. The table which shows an example of the value saved in the onboard equipment storage part. The table which shows the relationship of the presence or absence of a relay attack, the intensity ratio of a request signal, and the amount of change.

Hereinafter, each embodiment of the present invention will be described with reference to the accompanying drawings. Regarding the description of the specification and the drawings according to each embodiment, components having substantially the same functional configuration are denoted by the same reference numerals and overlapping description will be omitted.

An RKE system 100 according to an embodiment will be described with reference to FIGS. 1 to 14. The RKE system 100 according to the present embodiment is a system for controlling locking and unlocking of a vehicle and whether or not an engine can be started by a wireless signal.

First, the hardware configuration of the RKE system 100 will be described. FIG. 1 is a diagram showing an example of the RKE system 100. The RKE system 100 of FIG. 1 includes a portable device 1 and an in-vehicle device 2.

The portable device 1 is a device that the user U of the RKE system 100 possesses, such as a vehicle driver. The mobile device 1 of FIG. 1 includes a mobile device reception unit 11, a mobile device transmission unit 12, a mobile device control unit 13, and a battery 14.

The portable device receiver 11 is hardware that receives the request signal R wirelessly transmitted by the vehicle-mounted device 2. The request signal R is, for example, a 125 kHz LF (Low Frequency) signal, but is not limited to this. The communicable distance of the request signal R is, for example, 1 m or less, but is not limited to this. The portable device reception unit 11 includes a reception antenna A11 that converts the request signal R (radio signal) into an electric signal, and a reception circuit that performs a predetermined signal processing such as demodulation on the request signal R (electric signal). In the present embodiment, the receiving antenna A11 is a triaxial antenna having three antennas arranged so as to be orthogonal to each other, but is not limited to this. The receiving antenna A11 may be a biaxial antenna or more. Hereinafter, the axes of the receiving antenna A11 will be referred to as the X axis, the Y axis, and the Z axis, respectively. The reception circuit includes a low noise amplifier, a filter, a mixer, a demodulation circuit, and the like. The portable device receiver 11 inputs the request signal R, which has been subjected to predetermined signal processing, to the portable device controller 13. The receiving circuit may be an independent IC (Integrated Circuit) or may be incorporated in the portable device control unit 13.

The portable device transmitter 12 is hardware that wirelessly transmits the answer signal A to the vehicle-mounted device 2. The answer signal A is, for example, a 315 MHz UHF (Ultra High Frequency) signal, but is not limited to this. Also, the communicable distance of the answer signal A is, for example, 20 m or less, but is not limited to this. The portable device transmission unit 12 includes a transmission circuit that performs predetermined processing such as modulation on the answer signal A (electrical signal) generated by the portable device control unit 13 and a transmission antenna that converts the answer signal A (electrical signal) into a wireless signal. A12 and. The transmission circuit includes a modulation circuit, a mixer, a filter, a power amplifier and the like. The transmission circuit may be an independent IC, or may be incorporated in the portable device control unit 13. Further, the receiving circuit of the portable device receiving unit 11 and the transmitting circuit of the portable device transmitting unit 12 may be incorporated in one IC.

The mobile device control unit 13 is hardware that controls the overall operation of the mobile device 1 including the mobile device reception unit 11 and the mobile device transmission unit 12, and includes a CPU (Central Processing Unit), a ROM (Read Only Memory), and It has a RAM (Random Access Memory). The CPU controls each component of the portable device 1 by executing a program and realizes the functions of the portable device 1. The program executed by the CPU can be recorded in any computer-readable recording medium such as a CD (Compact Disk), a DVD, or a flash memory. The ROM stores programs executed by the CPU and various data. In the ROM, a portable device ID that is identification information of the portable device 1 and an in-vehicle device ID that is identification information of the in-vehicle device 2 corresponding to the portable device 1 are stored in advance. The RAM provides a work area for the CPU. The portable device controller 13 is, for example, a microcomputer, but is not limited to this.

The battery 14 supplies electric power to the portable device receiver 11, the portable device transmitter 12, and the portable device controller 13.

The configuration of the portable device 1 is not limited to the example of FIG. For example, the portable device 1 may include an unlock button and a lock button for the user U to manually operate unlocking and locking of the vehicle.

The vehicle-mounted device 2 is a device that controls locking/unlocking of the vehicle and whether or not the engine can be started according to the answer signal A received from the portable device 1, and is mounted on the vehicle. The vehicle-mounted device 2 is supplied with electric power from a battery mounted on the vehicle. The on-vehicle device 2 of FIG. 1 includes an on-vehicle device receiving unit 21, an on-vehicle device transmitting unit 22, and an on-vehicle device control unit 23.

The vehicle-mounted device receiving unit 21 is hardware that receives the answer signal A wirelessly transmitted by the portable device 1. The vehicle-mounted device reception unit 21 includes a reception antenna A21 that converts the answer signal A (radio signal) into an electric signal, and a reception circuit that performs predetermined signal processing such as demodulation on the answer signal A (electric signal). The reception circuit includes a low noise amplifier, a filter, a mixer, a demodulation circuit, and the like. The vehicle-mounted device reception unit 21 inputs the answer signal A, which has been subjected to predetermined signal processing, to the vehicle-mounted device control unit 23. The receiving circuit may be an independent IC or may be incorporated in the vehicle-mounted device control unit 23.

The vehicle-mounted device transmitter 22 is hardware that wirelessly transmits the request signal R to the portable device 1. The vehicle-mounted device transmission unit 22 includes a transmission circuit that performs a predetermined process such as modulation on the request signal R (electrical signal) generated by the vehicle-mounted device control unit 23, and a plurality of transmission circuits that convert the request signal R (electrical signal) into a wireless signal. And a transmission antenna A22. The transmission circuit includes a modulation circuit, a mixer, a filter, a power amplifier and the like. The plurality of transmitting antennas A22 are connected to the transmitting circuit via antenna lines and are installed at different positions in the vehicle. The transmission circuit may be an independent IC or may be incorporated in the vehicle-mounted device control unit 23. Further, the reception circuit of the vehicle-mounted device reception unit 21 and the transmission circuit of the vehicle-mounted device transmission unit 22 may be incorporated in one IC.

The vehicle-mounted device control unit 23 is a circuit that controls the overall operation of the vehicle-mounted device 2 including the vehicle-mounted device reception unit 21 and the vehicle-mounted device transmission unit 22, and includes a CPU, a ROM, a RAM, and a communication interface. The CPU controls each component of the vehicle-mounted device 2 by executing the program and realizes the function of the vehicle-mounted device 2. The program executed by the CPU can be recorded in any computer-readable recording medium such as a CD, a DVD, or a flash memory. The ROM stores programs executed by the CPU and various data. The ROM has a vehicle-mounted device ID that is identification information of the vehicle-mounted device 2, a portable device ID that is identification information of the portable device 1 corresponding to the vehicle-mounted device 2, and a predetermined range for determining whether a relay attack has been performed. The upper limit value VH and the lower limit value VL are stored in advance. The predetermined range will be described later. The RAM provides a work area for the CPU. The communication interface connects the vehicle-mounted device control unit 23 to a vehicle-mounted network such as a CAN (Controller Area Network). The vehicle-mounted device control unit 23 communicates with the door control unit 3 connected to the vehicle-mounted network via the communication interface, and transmits an unlock request and a lock request for the vehicle to the door control unit 3. Further, the vehicle-mounted device control unit 23 communicates with the engine control unit 4 connected to the vehicle-mounted network via the communication interface, and transmits the engine start permission to the engine control unit 4. The vehicle-mounted device control unit 23 is, for example, a microcomputer, but is not limited to this.

The configuration of the vehicle-mounted device 2 is not limited to the example of FIG. For example, the vehicle-mounted device 2 may include a battery that supplies electric power to the vehicle-mounted device reception unit 21, the vehicle-mounted device transmission unit 22, and the vehicle-mounted device control unit 23.

Next, the answer signal A and the request signal R will be described. FIG. 2 is a diagram illustrating an example of the answer signal A and the request signal R.

The answer signal A is a signal including the preamble signal Ap and the control signal Ac. The preamble signal Ap is a signal indicating that the signal is the answer signal A. The control signal Ac is a control command such as an unlock request for requesting unlocking of the vehicle, various data such as a value corresponding to the received signal strength Ix, Iy, Iz for each axis of the portable device ID and the request signal R, Is a signal including. The answer signal A may not include the control command.

The request signal R is a signal including a preamble signal Rp, a control signal Rc, and a measurement signal Rr. The preamble signal Rp is a signal indicating that the signal is the request signal R. The control signal Rc is a signal including a control command such as a response request for requesting the transmission of the answer signal A, and various data such as the vehicle-mounted device ID and the antenna ID. The antenna ID is identification information of the transmission antenna A22 of the vehicle-mounted device 2 that has transmitted the request signal R. The request signal R may not include the control command.

The measurement signal Rr is a signal which is transmitted with a predetermined transmission signal strength and whose reception signal strength (RSSI) I is measured by the portable device 1. The received signal strength of the request signal R corresponds to the received signal strength I of the measurement signal Rr included in the request signal R. In the example of FIG. 2, the request signal R includes one measurement signal Rr, but may include a plurality of measurement signals Rr having different transmission signal strengths.

When the portable device receiving unit 11 receives the request signal R, the portable device control unit 13 of the portable device 1 measures the received signal strength Ix, Iy, Iz of each axis of the received request signal R. The reception signal strengths Ix, Iy, Iz are the reception signal strengths of the request signal R received by the X, Y, Z axes of the reception antenna A11, respectively.

In the present embodiment, the portable device controller 13 of the portable device 1 measures the received signal intensities Ix, Iy, Iz of the request signal R, and then outputs the answer signal A including values according to the received signal intensities Ix, Iy, Iz. To generate. The value corresponding to the received signal strengths Ix, Iy, Iz may be any value that can calculate the ratio of the received signal strengths Ix, Iy, Iz (that is, the strength ratio of the request signal R). The values corresponding to the reception signal intensities Ix, Iy, Iz may be the reception signal intensities Ix, Iy, Iz or the values Vx, Vy, Vz indicating the intensity ratio of the request signal R.

The values Vx, Vy, Vz correspond to Ix/Imin, Iy/Imin, Iz/Imin obtained by dividing the received signal strengths Ix, Iy, Iz by the minimum value Imin of the received signal strengths Ix, Iy, Iz. For example, when the received signal strength Ix is smaller than the received signal strengths Iy and Iz, the values Vx, Vy and Vz are 1 (=Ix/Ix), Iy/Ix and Iz/Ix, respectively. The ratio of the values Vx, Vy, Vz directly becomes the intensity ratio of the request signal R.

Since the data amounts of the values Vx, Vy, Vz are smaller than the received signal strengths Ix, Iy, Iz, the answer signals A include the values Vx, Vy, Vz in place of the received signal strengths Ix, Iy, Iz. The data amount of the signal A can be reduced. Hereinafter, the values corresponding to the received signal strengths Ix, Iy, Iz are assumed to be the values Vx, Vy, Vz. When the values Vx, Vy, and Vz are not distinguished, they may be referred to as the value V.

Next, a method of detecting a relay attack by the RKE system 100 will be described. FIG. 3 is a diagram for explaining the intensity ratio of the request signal R when the authorized user U approaches the vehicle. In the example of FIG. 3, the portable device 1 is carried by the user U, and the vehicle-mounted device 2 is mounted in the vehicle. Further, the transmission antennas A22a to A22e of the vehicle-mounted device transmission unit 22 are installed at different positions of the vehicle.

The vehicle-mounted device 2 mounted on the vehicle periodically executes a transmission process of sequentially transmitting request signals Ra to Re from the transmission antennas A22a to A22e, respectively. The transmission interval T2 of the request signals Ra to Re in the transmission process is, for example, 2 msec, but is not limited to this. The execution interval T1 of the transmission process is, for example, 500 msec, but is not limited to this. Hereinafter, when the request signals Ra to Re are not distinguished, they may be referred to as request signals R.

When the user U approaches the vehicle, the portable device 1 sequentially receives the request signals Ra to Re, calculates the values Vx, Vy, and Vz of the received request signals Ra to Re, respectively, and calculates the calculated values Vx, Vy, and Vz. The answer signal A including the reply is returned. It is preferable that the portable device 1 returns the answer signal A including the values Vx, Vy, and Vz of the request signals Ra to Re after receiving all the request signals Ra to Re. That is, it is preferable that the portable device 1 returns the answer signal A once for each transmission process. Thereby, the power consumption of the portable device 1 can be reduced. Note that the portable device 1 can also return the answer signal A including the values Vx, Vy, and Vz of the received request signal R each time the request signal R is received.

As can be seen from FIG. 3, when the relay attack is not performed, the request signals Ra to Re arrive at the portable device 1 from different directions. Therefore, the request signal Ra has the maximum value Vx, the request signal Rb has the maximum value Vz, and the strength ratio of the request signals Ra to Re is different for each request signal Ra to Re. ..

On the other hand, FIG. 4 is a diagram illustrating the intensity ratio of the request signal R when the relay attack is performed. As shown in FIG. 4, the relay attack is performed by using the two relays 5A and 5B that relay the request signal R. The repeater 5A receives the request signal R near the vehicle-mounted device 2, amplifies and frequency-converts the request signal R, and transmits the request signal R. As a result, the request signal R is transmitted farther than the original communicable distance. The repeater 5B receives the request signal R transmitted by the repeater 5A near the user U, restores the frequency of the request signal R, and transmits the request signal R. Upon receiving the request signal R transmitted by the repeater 5B, the portable device 1 returns the answer signal A.

As can be seen from FIG. 4, when the relay attack is performed, all the request signals Ra to Re arrive at the portable device 1 from the relay device 5B. Therefore, unlike the case where no relay attack is performed, the intensity ratios of the request signals Ra to Re are almost the same.

In this way, when the relay attack is not performed, the strength ratios of the plurality of request signals R are different, and when the relay attack is performed, the strength ratios of the plurality of request signals R are substantially the same. Therefore, the vehicle-mounted device 2 can determine whether the relay attack has been performed (detect the relay attack) by comparing the intensity ratios of the plurality of request signals R. Hereinafter, determining whether or not a relay attack has been performed by comparing the intensity ratios of a plurality of request signals R is referred to as intensity ratio determination.

The vehicle-mounted device 2 executes the strength ratio determination each time the answer signal A is received, and unlocks the vehicle door or permits the engine to start when it is determined that the relay attack is not performed. do it. This can prevent the vehicle from being stolen due to the relay attack.

By the way, depending on the position of the portable device 1 with respect to the plurality of transmitting antennas A22, the intensity ratios of the plurality of request signals R may happen to be substantially the same. Such a situation may occur when the user gets into the vehicle and the portable device 1 carried by the user is located at the midpoint of the plurality of transmitting antennas A22.

Here, FIG. 5 is a diagram illustrating the intensity ratio of the request signal R when the user U gets in the vehicle. In the example of FIG. 5, the portable device 1 carried by the user U is located at the midpoint between the transmitting antennas A22a and A22d. In FIG. 5, the linear direction connecting the transmitting antennas A22a and A22d corresponds to the X axis.

As shown in FIG. 5, when the portable device 1 is located at the midpoint between the transmitting antennas A22a and A22d, the request signals Ra and Rd have the values Vx as large and the values Vy and Vz as small as the same. That is, the intensity ratios of the request signals Ra and Rd are substantially the same.

When such a situation occurs, in the strength ratio determination, it is determined that the relay attack has been performed although the relay attack has not been performed (the relay attack is erroneously detected), and the vehicle-mounted device 2 starts the engine. May be rejected.

Therefore, the RKE system 100 according to the present embodiment uses at least one of the variation amounts vx, vy, and vz for each axis of the values Vx, Vy, and Vz indicating the intensity ratio of the request signal R transmitted in a plurality of transmission processes. Based on the above, it is determined whether a relay attack has been performed. As a result, the RKE system 100 can suppress the erroneous detection of the relay attack due to the strength ratio determination as described above. Hereinafter, determining whether the relay attack is performed based on the change amounts vx, vy, and vz is referred to as change amount determination. Details of the change amount determination will be described later. In addition, when the change amounts vx, vy, and vz are not distinguished, they may be referred to as the change amount v.

Next, the functional configuration of the mobile device control unit 13 of the mobile device 1 according to the present embodiment will be described. FIG. 6 is a diagram illustrating an example of a functional configuration of the portable device control unit 13. The mobile device control unit 13 of FIG. 6 includes a received signal strength measurement unit 131, a strength ratio calculation unit 132, a mobile device storage unit 133, a request signal authentication unit 134, and an answer signal generation unit 135. Each functional configuration is realized by the CPU executing a program and cooperating with other hardware. The portable device storage unit 133 is realized by at least one of ROM and RAM.

The reception signal strength measurement unit 131 measures the reception signal strengths Ix, Iy, Iz of the request signal R received by the portable device reception unit 11 via the reception antenna A11. The method of measuring the received signal strengths Ix, Iy, Iz is arbitrary.

The intensity ratio calculating unit 132 calculates the values Vx, Vy, Vz indicating the intensity ratio of the request signal R based on the received signal intensities Ix, Iy, Iz measured by the received signal intensity measuring unit 131. The calculation method is as described above. When the answer signal A includes the received signal intensities Ix, Iy, Iz as values according to the received signal intensities Ix, Iy, Iz, the portable device controller 13 does not need to include the intensity ratio calculator 132. Good. In this case, the intensity ratio calculation unit 132 is provided in the vehicle-mounted device control unit 23 of the vehicle-mounted device 2.

The portable device storage unit 133 stores various information used by the portable device control unit 13. The information stored in the mobile device storage unit 133 includes, but is not limited to, the mobile device ID and the vehicle-mounted device ID. In addition, the portable device storage unit 133 temporarily stores the values Vx, Vy, and Vz of the request signal R calculated by the intensity ratio calculation unit 132 in association with the antenna ID of the transmission antenna A22 that transmitted the request signal R. To do.

The request signal authentication unit 134 authenticates the request signal R. Specifically, the request signal authentication unit 134 compares the vehicle-mounted device ID included in the request signal R with the vehicle-mounted device ID stored in the portable device storage unit 133, so that the request signal R is transmitted to the portable device 1. It is determined whether it is transmitted from the vehicle-mounted device 2 corresponding to. When the vehicle-mounted device IDs match, the request signal authentication unit 134 determines that the request signal R is transmitted from the vehicle-mounted device 2 corresponding to the portable device 1 (authentication succeeded), and when the vehicle-mounted device IDs do not match. It is determined that the request signal R is not transmitted from the vehicle-mounted device 2 corresponding to the portable device 1 (authentication failure).

When the portable device receiving unit 11 receives the request signal R and the request signal authenticating unit 134 succeeds in authenticating the request signal R, the answer signal generating unit 135 receives the answer signal including the portable device ID and the values Vx, Vy, Vz. Generate A. The answer signal A generated by the answer signal generator 135 is input to the portable device transmitter 12 and wirelessly transmitted to the vehicle-mounted device 2 by the portable device transmitter 12.

The functional configuration of the portable device controller 13 is not limited to the example of FIG. For example, the portable device controller 13 may include a distance measuring unit that measures the distance L from the portable device 1 to the vehicle-mounted device 2 based on the received signal strengths Ix, Iy, and Iz, or the received signal strength Ix. , Iy, Iz or the values Vx, Vy, Vz to determine whether or not a relay attack has been performed (perform an intensity ratio determination).

Next, the functional configuration of the vehicle-mounted device control unit 23 of the vehicle-mounted device 2 according to the present embodiment will be described. FIG. 7 is a diagram illustrating an example of a functional configuration of the vehicle-mounted device control unit 23. The on-vehicle device control unit 23 of FIG. 7 includes a request signal generation unit 231, an on-vehicle device storage unit 232, an answer signal authentication unit 233, a relay attack determination unit 234, and a control signal generation unit 235. Each functional configuration is realized by the CPU executing a program and cooperating with other hardware. The vehicle-mounted device storage unit 232 is realized by at least one of ROM and RAM.

The request signal generation unit 231 generates the request signal R including the vehicle-mounted device ID and the antenna ID each time the vehicle-mounted device 2 executes the transmission process. The request signal R generated by the request signal generation unit 231 is input to the vehicle-mounted device transmission unit 22 and wirelessly transmitted to the portable device 1 by the vehicle-mounted device transmission unit 22. The request signal R is transmitted from the transmitting antenna A22 having the corresponding antenna ID.

The vehicle-mounted device storage unit 232 stores various information used by the vehicle-mounted device 2. The information stored in the vehicle-mounted device storage section 232 includes, but is not limited to, the portable device ID, the vehicle-mounted device ID, and the determination thresholds TL and TH. The determination thresholds TL and TH will be described later. In addition, the vehicle-mounted device storage unit 232 temporarily stores the values Vx, Vy, and Vz included in the answer signal A received by the vehicle-mounted device reception unit 21 in association with the antenna ID.

The answer signal authentication unit 233 authenticates the answer signal A. Specifically, the answer signal authentication unit 233 compares the portable device ID included in the answer signal A with the portable device ID stored in the vehicle-mounted device storage unit 232, so that the answer signal A is transmitted to the vehicle-mounted device 2 It is determined whether it is transmitted from the portable device 1 corresponding to. When the portable device IDs match, the answer signal authentication unit 233 determines that the answer signal A is transmitted from the portable device 1 corresponding to the vehicle-mounted device 2 (authentication successful), and when the portable device IDs do not match. , It is determined that the answer signal A is not transmitted from the portable device 1 corresponding to the vehicle-mounted device 2 (authentication failure).

The relay attack determination unit 234 determines whether a relay attack has been performed (executes a change amount determination) based on the values Vx, Vy, Vz stored in the vehicle-mounted device storage unit 232. The relay attack determination unit 234 may use intensity ratio determination together with change amount determination. Specifically, it is preferable that the relay attack determination unit 234 perform the strength ratio determination while the user is outside the vehicle and the change amount determination while the user is inside the vehicle. This can prevent erroneous detection of relay attack that occurs while the user is in the vehicle.

The control signal generation unit 235 generates a control signal (unlock request and lock request) to be transmitted to the door control unit 3 according to the determination result of the relay attack determination unit 234. The unlock request and the lock request generated by the control signal generation unit 235 are input to the door control unit 3. The control signal generation unit 235 also generates a control signal (engine start permission) to be transmitted to the engine control unit 4 according to the determination result of the relay attack determination unit 234. The start permission generated by the control signal generation unit 235 is input to the engine control unit 4.

Next, the processing executed by the portable device 1 will be described. FIG. 8 is a flowchart showing an example of processing executed by the mobile device 1. Before the start of FIG. 8, in the portable device 1, the portable device transmitting unit 12 and the portable device control unit 13 are in the sleep state (low power consumption state), and the portable device receiving unit 11 receives the wake-up signal. When the portable device receiver 11 receives the wake-up signal from the vehicle-mounted device 2, the portable device transmitter 12 and the portable device controller 13 wake up, and the portable device controller 13 starts the process of receiving the request signal R (step S101). ..

After starting the reception process, the portable device control unit 13 periodically determines whether to end the reception process (step S102). The mobile device control unit 13 may end the reception process when all the request signals Ra to Re are received from the vehicle-mounted device 2, or may end the reception process when a predetermined time has elapsed from the start of the reception process. Good. The predetermined time here is a time preset so that all the request signals Ra to Re can be received from the vehicle-mounted device 2.

When the portable device receiver 11 receives the request signal R during the reception process (step S103: YES), the request signal authenticator 134 authenticates the request signal R (step S104). Specifically, the request signal authentication unit 134 acquires the vehicle-mounted device ID included in the request signal R, reads the vehicle-mounted device ID from the portable device storage unit 133, and compares these vehicle-mounted device IDs.

If the vehicle-mounted device IDs do not match, the authentication fails (step S104: NO), and the process returns to step S102. On the other hand, if the vehicle-mounted device IDs match, the authentication is successful (step S104: YES), and the received signal strength measurement unit 131 measures the received signal strengths Ix, Iy, Iz of the request signal R (step S105). The reception signal strength measuring unit 131 inputs the measured reception signal strengths Ix, Iy, Iz to the strength ratio calculating unit 132.

Upon receiving the received signal intensities Ix, Iy, Iz, the intensity ratio calculator 132 calculates the values Vx, Vy, Vz of the request signal R based on the received signal intensities Ix, Iy, Iz (steps). S106). The intensity ratio calculation unit 132 stores the calculated values Vx, Vy, and Vz in the portable device storage unit 133 in association with the antenna ID included in the request signal R. Then, the process returns to step S102.

The portable device controller 13 repeatedly executes the processes of steps S102 to S106 until the reception process is completed. As a result, the request signals Ra to Re transmitted from the vehicle-mounted device 2 are sequentially received by the portable device 1, and the values Vx, Vy, Vz of the request signals Ra to Re are stored in the portable device storage unit 133 in association with the antenna ID. To be done.

Here, FIG. 9 is a table showing an example of the values Vx, Vy, and Vz of the request signals Ra to Re stored in the portable device storage unit 133. In FIG. 9, the antenna ID “a” corresponds to the antenna ID of the transmitting antenna A22a. The same applies to the antenna IDs “b” to “e”. For example, the values Vx, Vy, Vz of the request signal Ra transmitted from the transmission antenna A22a of the vehicle-mounted device 2 are 1, 10, 100, respectively. In this way, the portable device storage unit 133 stores the values Vx, Vy, Vz of each request signal R and the antenna ID in association with each other.

After that, when the portable device control unit 13 ends the reception process (step S102: YES), the answer signal generation unit 135 outputs the portable device ID and the values Vx, Vy, Vz of the request signals Ra to Re from the portable device storage unit 133. Readout is performed and an answer signal including these is generated (step S107). The answer signal generation unit 135 inputs the generated answer signal A to the portable device transmission unit 12.

When the answer signal A is input, the portable device transmitter 12 wirelessly transmits the input answer signal A from the transmission antenna A12 (step S108).

When the portable device transmitter 12 transmits the answer signal A, the portable device transmitter 12 and the portable device controller 13 sleep (step S109). Thereby, the power consumption of the portable device 1 can be reduced.

Through the above processing, every time the vehicle-mounted device 2 executes the transmission processing, the portable device 1 receives the request signals Ra to Re, and wirelessly receives the answer signal A including the values Vx, Vy, and Vz of the request signals Ra to Re. Send. Therefore, the vehicle-mounted device 2 can receive the answer signal A including the values Vx, Vy, Vz of the request signals Ra to Re from the portable device 1 every time the transmission process is executed.

Note that the portable device 1 may transmit the answer signal A including the values Vx, Vy, and Vz of the received request signal R each time the request signal R is received. In addition, when some of the request signals Ra to Re cannot be received, the portable device 1 may transmit the answer signal A that does not include the values Vx, Vy, and Vz of the request signal R that could not be received. In addition, the portable device transmitter 12 and the portable device controller 13 of the portable device 1 do not have to sleep.

Next, the change amount determination executed by the vehicle-mounted device 2 will be described. FIG. 10 is a flowchart showing an example of the change amount determination executed by the vehicle-mounted device 2. When the vehicle-mounted device 2 detects that the user gets in the vehicle while the engine is stopped, the vehicle-mounted device 2 starts the process of FIG. 10. The user mentioned here is a legitimate user U or a person who has illegally boarded by a relay attack. The vehicle-mounted device 2 may detect the user's entry when the vehicle door is unlocked or opened, or the distance L from the portable device 1 to the vehicle-mounted device 2 is received from the portable device 1 and received. The boarding of the user may be detected when the distance L becomes equal to or less than the threshold value. Further, the vehicle-mounted device 2 may detect the user's entry by using the door unlocked or opened and the distance L in combination.

When the vehicle-mounted device 2 detects that the user gets in the vehicle, the vehicle-mounted device 2 executes the process of transmitting the request signal R (step S201).

Here, FIG. 11 is a flowchart showing an example of a transmission process of the request signal R by the vehicle-mounted device 2. The transmission process of FIG. 11 corresponds to the internal process of step S201 of FIG.

First, the vehicle-mounted device transmitter 22 wirelessly transmits a wake-up signal to the portable device 1 (step S301). The wake-up signal is a signal set in advance to wake up the portable device 1, and can be transmitted from any transmission antenna A22.

Next, the request signal generation unit 231 of the vehicle-mounted device 2 selects the transmission antenna A22 that transmits the request signal R (step S302).

Subsequently, the request signal generation unit 231 reads the vehicle-mounted device ID and the antenna ID of the transmitting antenna A22 selected in step S302 from the vehicle-mounted device storage unit 232, and the request signal including the read vehicle-mounted device ID and antenna ID R is generated (step S303). The request signal generator 231 inputs the generated request signal R to the vehicle-mounted device transmitter 22.

When the request signal R is input, the vehicle-mounted device transmission unit 22 wirelessly transmits the input request signal R from the transmission antenna A22 selected in step S302 (step S304).

When the vehicle-mounted device transmission unit 22 has not transmitted any of the request signals Ra to Re (step S305: NO), the request signal generation unit 231 waits for a predetermined time T2 (for example, 2 msec) (step S306).

The vehicle-mounted device 2 repeats the processing of steps S302 to S306 until the vehicle-mounted device transmission unit 22 transmits all the request signals Ra to Re. When the vehicle-mounted device transmitter 22 transmits the request signals Ra to Re (step 305: YES), the vehicle-mounted device 2 ends the transmission process.

Through the above transmission processing, the vehicle-mounted device 2 can sequentially transmit the request signals Ra to Re wirelessly from the transmission antennas A22a to A22e at predetermined time intervals T2 in one transmission processing.

In addition, in the example of FIG. 11, the request signal generation unit 231 generates the request signals Ra to Re one by one, but the request signals Ra to Re are collectively generated and input to the vehicle-mounted device transmission unit 22. Good. In this case, the vehicle-mounted device transmission part 22 should just transmit request signal Ra-Re for every predetermined time T2.

Further, the vehicle-mounted device transmission unit 22 may select the transmission antenna A22 that transmits the request signal R. In this case, the vehicle-mounted device transmission unit 22 may add the antenna ID to the request signal R. The order of transmitting the request signals Ra to Re can be set arbitrarily.

Here, returning to FIG. When the vehicle-mounted device 2 executes the transmission process, the portable device 1 receives the request signals Ra to Re and returns the answer signal A including the values Vx, Vy, and Vz of the request signals Ra to Re, as described above. Then, the vehicle-mounted device receiving unit 21 of the vehicle-mounted device 2 receives the answer signal A (step S202).

When the vehicle-mounted device reception unit 21 receives the answer signal A, the answer signal authentication unit 233 authenticates the answer signal A (step S203). Specifically, the answer signal authentication unit 233 acquires the portable device ID included in the answer signal A, reads the portable device ID from the vehicle-mounted device storage unit 232, and compares these portable device IDs.

If the mobile device IDs do not match, the authentication fails (step S203: NO), and the process proceeds to step S205. On the other hand, when the mobile device IDs match, the authentication is successful (step S203: YES), and the values Vx, Vy, Vz of the request signals Ra to Re included in the answer signal A are associated with the antenna IDs and the vehicle-mounted device storage unit is obtained. It is stored in 232 (step S204).

Then, the vehicle-mounted device 2 confirms whether the transmission process has been executed a predetermined number of times (step S205). The predetermined number of times can be any number of times of 2 or more. Further, the vehicle-mounted device 2 may check whether the transmission process has been executed for a predetermined time instead of the predetermined number of times.

When the transmission process has not been executed the predetermined number of times (step S205: NO), the request signal generation unit 231 waits for a predetermined time T1 (for example, 500 msec) (step S206).

The vehicle-mounted device 2 repeats the processing of steps S202 to S206 until the transmission processing is executed a predetermined number of times. When the vehicle-mounted device 2 executes the process of transmitting the request signal R a predetermined number of times (step S205: YES), the relay attack determination unit 234 executes the change amount determination (step S207).

Here, FIG. 12 is a flowchart showing an example of change amount determination by the vehicle-mounted device 2. The process of FIG. 12 corresponds to the internal process of step S207 of FIG.

First, the relay attack determination unit 234 reads from the vehicle-mounted device storage unit 232 the values Vx, Vy, and Vz of the request signal R transmitted by the transmission processing of a plurality of times, and detects abnormal values from the read values Vx, Vy, and Vz. The value is removed (step S401). The abnormal value may be a value V that is outside the preset range of normal values, or may be one or more values V that are farthest from the weighted average of the values Vx, Vy, Vz. The abnormal value can be set arbitrarily.

FIG. 13 is a table showing an example of the values Vx, Vy, Vz stored in the vehicle-mounted device storage 232. In the example of FIG. 13, the respective values Vx, Vy, and Vz of the 15 request signals Ra to Re transmitted in the three transmission processes are shown. As shown in FIG. 13, the values Vx, Vy, and Vz of the request signal R are stored in association with the transmission process number and the antenna ID at which the request signal is transmitted.

For example, when the range of normal values is set to 1000 or less, in the example of FIG. 13, the Z-axis value Vz (=10000) of the request signal Ra transmitted in the third transmission process is removed as an abnormal value. It Note that step S401 may be omitted.

Next, the relay attack determination unit 234 calculates change amounts vx, vy, and vz based on the values Vx, Vy, and Vz from which the abnormal value has been removed (step S402). The change amount v is a value indicating the degree of change of the value (that is, the value V) indicating the ratio of the received signal strength I for each axis of the request signals Ra to Re transmitted by the transmission processing of a plurality of times, and for each axis. Is calculated.

The change amount vx is a value indicating the degree of change in the value Vx, and is calculated based on the value Vx of the request signals Ra to Re transmitted in the multiple transmission processes. In the present embodiment, the change amount vx is the ratio (Vxmin/Vxmax or Vxmax/Vxmin) of the maximum value Vxmax and the minimum value Vxmin in the plurality of values Vx, but is not limited to this.

In the example of FIG. 13, the change amount vx is calculated based on the values Vx of the 15 request signals R transmitted in the three transmission processes. When the change amount vx is Vxmin/Vxmax, the change amount vx is 0.01 because Vxmin is 1 and Vxmax is 100.

Similarly, the amount of change vy is a value indicating the degree of change in the value Vy, and is calculated based on the values Vy of the request signals Ra to Re transmitted in the multiple transmission processes. In the present embodiment, the variation amount vy is the ratio (Vymin/Vymax or Vymax/Vymin) of the maximum value Vymax and the minimum value Vymin in the plurality of values Vy, but is not limited to this.

In the example of FIG. 13, the variation amount vy is calculated based on the values Vy of the 15 request signals R transmitted in the three transmission processes. When the change amount vy is Vymin/Vymax, the change amount vy is 0.005 because Vymin is 1 and Vxmax is 200.

Similarly, the amount of change vz is a value indicating the degree of change in the value Vz, and is calculated based on the values Vz of the request signals Ra to Re transmitted in a plurality of transmission processes. In the present embodiment, the change amount vz is a ratio (Vzmin/Vzmax or Vzmax/Vzmin) of the maximum value Vzmax and the minimum value Vzmin in the plurality of values Vz, but is not limited to this.

In the example of FIG. 13, the variation amount vz is calculated based on 14 values Vz obtained by removing an abnormal value from the 15 values Vz of the request signal R transmitted in the three transmission processes. When the change amount vz is Vzmin/Vzmax, Vzmin is 1, and Vxmax after the abnormal value is removed is 400, so the change amount vz is 0.0025.

When the answer signal A includes the received signal strengths Ix, Iy, and Iz as the values according to the received signal strengths Ix, Iy, and Iz, the relay attack determination unit 234 determines that the received signal strengths Ix, Iy, and Iz. Then, the values Vx, Vy, Vz indicating the intensity ratio of the received signal intensities Ix, Iy, Iz are calculated, and the change amounts vx, vy, vz may be calculated based on the calculated values Vx, Vy, Vz.

Subsequently, the relay attack determination unit 234 reads the determination thresholds TL and TH from the vehicle-mounted device storage unit 232 and determines whether the relay attack has been performed based on the determination thresholds TL and TH and the change amount v. Specifically, the relay attack determination unit 234 determines whether the variation amount v is included in the predetermined range. The predetermined range is a range of a preset change amount v in which it is determined that a relay attack has been performed. The determination threshold TL corresponds to the lower limit value of the predetermined range, and the determination threshold TH corresponds to the upper limit value of the predetermined range. That is, the relay attack determination unit 234 determines that the relay attack is performed when the change amount v is TL or more and TH or more, and determines that the relay attack is not performed when the change amount v is less than TL or greater than TH. judge.

Here, FIG. 14 is a table showing the relationship between the presence/absence of a relay attack, the intensity ratio of the request signal R, and the variation amount v.

As shown in FIG. 14, when the relay attack is performed, the intensity ratios of the request signals Ra to Re transmitted in one transmission process are substantially the same. Therefore, it is possible to correctly determine that the relay attack has been performed by the intensity ratio determination.

On the other hand, when the relay attack is not performed, normally, the intensity ratios of the request signals Ra to Re transmitted in one transmission process are different. In this case, it is possible to correctly determine that the relay attack is not performed by the intensity ratio determination.

However, when the relay attack is not performed, the intensity ratios of the request signals Ra to Re transmitted in one transmission process may happen to be substantially the same. In this case, in the strength ratio determination, it is erroneously determined that the relay attack has been performed.

On the other hand, when the relay attack is performed, since the legitimate user U is away from the vehicle, changes in the received signal strengths Ix, Iy, and Iz measured for each transmission process are small. As a result, the change in the intensity ratio for each reception process becomes small. When the change amount v is the ratio of the maximum value Vzmax and the minimum value Vzmin, the change amount v becomes a value close to 1.

On the other hand, when the relay attack is not performed, since the legitimate user U is inside the vehicle, a slight change in the posture of the user U regardless of the position of the user U causes a reception signal measured for each transmission process. The changes in the intensities Ix, Iy, Iz become large. As a result, the change in the intensity ratio for each transmission process becomes large. When the change amount v is the ratio of Vmax and Vmin, the change amount v becomes a value (not1) apart from 1. For example, in the example of FIG. 13, the change amounts vx, vy, and vz are 0.01, 0.005, and 0.0025, respectively.

Therefore, the relay attack determination unit 234 can correctly determine whether the relay attack has been performed by checking whether the change amount v is within a predetermined range (for example, a range close to 1). When the variation amount v is within the predetermined range (step S403: YES), the relay attack determination unit 234 determines that the relay attack is performed (step S404), and when the variation amount v is outside the predetermined range (step S403). : NO), it may be determined that the relay attack is not performed (step S405).

The predetermined range (determination thresholds TL, TH) can be set by experiments or simulations according to the calculation method of the variation amount v. For example, when the change amount v is Vmin/Vmax, it is possible to set the determination threshold TL to 0.8 and the determination threshold TH to 1.0. Further, when the change amount v is Vmax/Vmin, it is possible to set the determination threshold TL to 1.0 and the determination threshold TH to 1.2. As a result, the relay attack determination unit 234 correctly determines that the relay attack has been performed when the change amount v is in a predetermined range close to 1 (0.8 or more and 1.0 or less or 1.0 or more and 1.2 or less). can do.

Note that the relay attack determination unit 234 may determine that the relay attack has been performed when all the change amounts vx, vy, vz are within the predetermined range, or one of the change amounts vx, vy, vz. It may be determined that the relay attack has been performed when one or two of them are within a predetermined range. Further, the relay attack determination unit 234 may perform the change amount determination using all of the change amounts vx, vy, vz, or may use any one or two of the change amounts vx, vy, vz. The amount of change may be determined by the above.

Here, returning to FIG. When the relay attack determination unit 234 determines that the relay attack has been performed (step S208: YES), the vehicle-mounted device control unit 23 ends the process without permitting the engine start of the vehicle (step S209). As a result, the engine does not start even if a person illegally boarded due to the relay attack presses the engine start button, so that the vehicle can be prevented from being stolen.

On the other hand, when the relay attack determination unit 234 determines that the relay attack is not performed (step S208: NO), the control signal generation unit 235 of the vehicle-mounted device control unit 23 causes the engine control unit 4 to start the engine. Permit (step S210) and terminate the process. Specifically, the control signal generation unit 235 transmits engine start permission to the engine control unit 4, and ends the process. As a result, the engine start is permitted, and the user U can start the engine by pressing the engine start button.

As described above, the RKE system 100 according to the present embodiment determines whether the relay attack has been performed by the change amount determination using the change amount v. As a result, even if the relay attack is not performed, if the intensity ratios of the plurality of request signals R transmitted in one transmission process happen to be approximately the same, a relay that may occur in the intensity ratio determination may occur. False detection of attack can be suppressed. As a result, it is possible to improve the determination accuracy (detection accuracy) of the relay attack, suppress the vehicle theft, and improve the convenience of the user U.

It should be noted that the present invention is not limited to the configurations shown here, such as the combination of the configurations described in the above embodiments with other elements. These points can be changed without departing from the spirit of the present invention, and can be appropriately determined according to the application form.

1: portable device 2: vehicle-mounted device 3: door control unit 4: engine control unit 11: portable device reception unit 12: portable device transmission unit 13: portable device control unit 21: vehicle-mounted device reception unit 22: vehicle-mounted device transmission unit 23: Onboard equipment control unit 100: RKE system 131: Received signal strength measurement unit 132: Strength ratio calculation unit 133: Portable device storage unit 134: Request signal authentication unit 135: Answer signal generation unit 231: Request signal generation unit 232: Onboard device storage Unit 233: Answer signal authentication unit 234: Relay attack determination unit 235: Control signal generation unit

Claims (8)

An in-vehicle device transmission unit that executes a transmission process for transmitting request signals to a portable device from a plurality of transmission antennas multiple times,
An on-vehicle device receiving unit that receives an answer signal including a value according to a received signal strength for each axis of the request signal transmitted by the transmission processing a plurality of times,
Based on the value included in the answer signal, the amount of change in the value indicating the intensity ratio, which is the ratio of the received signal intensity of each axis of the request signal transmitted by the transmission processing a plurality of times, is calculated for each axis. , An on-vehicle device control unit that determines whether a relay attack is performed based on the amount of change for each axis,
On-board device. The vehicle-mounted device according to claim 1, wherein the vehicle-mounted device control unit determines that the relay attack has been performed when at least one of the change amounts for each axis is included in a predetermined range. The vehicle-mounted device according to claim 2, wherein the amount of change for each axis is a ratio between a minimum value and a maximum value of the value indicating the intensity ratio for each axis. The vehicle-mounted device according to claim 2, wherein the vehicle-mounted device control unit calculates the amount of change after removing an abnormal value from a value of the request signal according to the received signal strength of each axis. The vehicle-mounted device according to any one of claims 1 to 4, wherein the value corresponding to the received signal strength for each axis of the request signal is a value indicating the strength ratio for each axis of the request signal. The vehicle-mounted device according to claim 2, wherein the predetermined range is 0.8 or more and 1.2 or less. The on-vehicle device according to any one of claims 1 to 6, wherein the on-vehicle device transmission unit executes the transmission process for a predetermined time or a predetermined number of times when a vehicle door is unlocked or opened. A remote keyless entry system equipped with a portable device and a vehicle-mounted device,
The portable device is
A portable device receiving unit that receives a request signal from the vehicle-mounted device by a two-axis or more receiving antenna;
A portable device controller that calculates a value according to the received signal strength for each axis of the request signal received by the portable device receiver;
A portable device transmitter that transmits an answer signal including a value corresponding to the received signal strength of the request signal for each axis to the vehicle-mounted device,
Equipped with
The vehicle-mounted device,
An on-vehicle device transmitting unit that executes a transmitting process for transmitting the request signal to the portable device from a plurality of transmitting antennas a plurality of times,
An in-vehicle device receiving unit that receives the answer signal from the portable device,
Based on the value included in the answer signal, the amount of change in the value indicating the intensity ratio, which is the ratio of the received signal intensity of each axis of the request signal transmitted by the transmission processing a plurality of times, is calculated for each axis. , An on-vehicle device control unit that determines whether a relay attack is performed based on the amount of change for each axis,
Remote keyless entry system.

Images