WO2018219922A1 - Procédé et dispositif de détection d'une attaque de relais - Google Patents

Procédé et dispositif de détection d'une attaque de relais Download PDF

Info

Publication number
WO2018219922A1
WO2018219922A1 PCT/EP2018/064030 EP2018064030W WO2018219922A1 WO 2018219922 A1 WO2018219922 A1 WO 2018219922A1 EP 2018064030 W EP2018064030 W EP 2018064030W WO 2018219922 A1 WO2018219922 A1 WO 2018219922A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
data carrier
transaction
data
relay attack
Prior art date
Application number
PCT/EP2018/064030
Other languages
German (de)
English (en)
Inventor
Kevin Valdek
Risto Vahtra
Original Assignee
High-Mobility Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by High-Mobility Gmbh filed Critical High-Mobility Gmbh
Publication of WO2018219922A1 publication Critical patent/WO2018219922A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices

Definitions

  • the invention relates to a method for detecting and preventing a relay attack on a contactless data transmission between a data carrier and a terminal feasible transaction, a corresponding data carrier, a corresponding terminal and the volume and the terminal comprehensive system.
  • an attacker in simple terms, can measure the distance between the data carrier and the terminal, in the special case e.g. between a one
  • an attacker terminal is used, which is brought sufficiently close to the attacked disk and the disk appears as an associated terminal.
  • the data communication established between this attacker terminal and the data carrier is then forwarded unchanged by the attacker terminal, for example via a mobile radio network or via the Internet, to an attacker data carrier, which in turn issues itself to the associated terminal as the actual data carrier.
  • an attacker data carrier which in turn issues itself to the associated terminal as the actual data carrier.
  • a data communication between the attacked disk, such as the car key, and an associated terminal, such as the motor vehicle comes about.
  • this type of attack can not be detected or averted, since the communication between the data carrier and the terminal is merely forwarded, ie the communication itself is not disturbed or changed.
  • the object of the present invention is to propose a method and corresponding devices which make it possible to detect and prevent a relay attack.
  • the present invention is based on the idea that a transaction signal, which the data carrier for carrying out the transaction sends to the terminal, a supplemental information is added, which enables the terminal to detect a relay attack.
  • the supplementary information supplements an information which would be sent from the data carrier to the terminal in accordance with a corresponding transaction according to the prior art.
  • the terminal is set up to evaluate the supplementary information. On the basis of the evaluation of the supplementary information, the terminal can detect in more detail below the presence or absence of a relay attack or at least estimate a certain probability of the presence of a relay attack.
  • a part of the data carrier for performing the transaction to the terminal sent transaction signal comprises a supplementary information that enables the terminal, by evaluating the supplementary information to detect a relay attack.
  • the supplementary information includes release or
  • Blocking information caused by an interaction of a legitimate user of the volume be generated with the data carrier, and which reveal an intention of the user to perform or an intention of the user to at least temporarily not perform the transaction.
  • the supplemental information may include, for example, transaction release information indicating that a user of the volume has actively actuated the volume to release the transaction. Such transaction release information may be generated, for example, when the user operates an input device of the data carrier.
  • the supplementary information may also include transaction blocking information.
  • This transaction lock information indicates that the user is temporarily, e.g. while it is engaged in some other activity, but the disk can not or should not be kept completely secured against a relay attack, it is not intended to perform a transaction.
  • the user can e.g. In the case where, for example, a smartphone is provided as a data carrier for unlocking a motor vehicle, such a transaction can no longer be carried out automatically, ie without further interaction with the users, all other functionalities of the system Smartphones can still be used.
  • the terminal is enabled on the basis of the supplementary information to determine a position of the data carrier relative to the terminal.
  • the terminal can by evaluating the supplementary information
  • the terminal can, if the supplementary information comprises a release information described above, exclude a relay attack.
  • the terminal is preferably set up to determine its own instantaneous absolute position or, in the case of a stationary terminal, to store it at least retrievably.
  • the supplementary information may directly or indirectly comprise the data carrier - at the time of transmission of the transaction signal - relevant position data.
  • This position data can indicate an absolute position of the data carrier
  • the position data can indirectly indicate the position of the data carrier by the position data indicating the position of the data carrier relative to a predetermined location or object known to the terminal.
  • the data carrier can store as supplementary information, for example, data indicating that the data carrier is preset in communication range, by means of contactless
  • Data communication of accessible devices is located.
  • Such devices whose identity and absolute position are known to the terminal can be, for example, wireless networks (WLAN), devices in a networked building (so-called “smart home”) or the like
  • the data carrier can autonomously determine the supplementary information , for example by means of a GPS sensor or the like.
  • the data carrier receives the supplementary information from a preferably contactlessly coupled to the disk device, for example via radio, WiFi, Bluetooth, or the like.
  • the device may be, for example, a smartphone, a tablet computer or a so-called "smartwatch" of the user, or a device in a networked building, such as a household appliance or a consumer electronics device.
  • the method comprises, after the transmission of the complementary signal comprising the transaction signal to the terminal, the following steps: the terminal evaluates the supplementary information. In the case that based on the
  • the terminal sends
  • Transaction acknowledgment interval a transaction acknowledgment signal of the volume is received.
  • a transaction confirmation signal it is generally required that the user of the data carrier actively intervenes and actuates the data carrier. If a transaction acknowledgment signal fails, the transaction is not performed.
  • the terminal may actively cancel the transaction in the event that no transaction acknowledgment signal of the volume is received within the predetermined transaction acknowledgment interval, or in the event that a transaction abort signal of the volume is received.
  • the transaction can still be carried out even if the terminal believes it has detected a potential relay attack. However, the transaction is then no longer performed automatically without user interaction, but requires an affirmative user interaction, such as sending the transaction acknowledgment signal described herein. Also, a manual interaction of the user is possible.
  • a token comprising a transponder, in particular a so-called "key fob" for opening and closing a motor vehicle
  • the data carrier can also be in the form of a chip card
  • a data carrier in the method can be a smartphone or a tablet computer or a smartwatch ,
  • the transaction signal which the data carrier for carrying out the transaction sends to the terminal, comprises a further data record, namely the supplementary information.
  • Different terminals may play the role of the terminal in the method, depending on the specific context of use e.g. a set up for contactless data communication motor vehicle, a set up for contactless data communication payment terminal, or set up for contactless data communication locking system of a building.
  • a data carrier according to the invention is set up to carry out a method described above, and can be designed as indicated above.
  • a system according to the invention comprises at least one data carrier according to the invention and at least one terminal according to the invention.
  • Fig. 1 components of a preferred embodiment of an inventive
  • FIG. 1 schematically illustrates components of a preferred embodiment of a system 100 according to the invention.
  • This system 100 comprises a data carrier 10 set up for contactless data communication and a terminal 20 set up for contactless data communication with the data carrier 10. Between the data carrier 10 and the terminal 20 can be provided by means of contactless communication a transaction will be carried out.
  • a data carrier 10 a radio transmitter comprehensive car key and as a terminal 20, a motor vehicle accepted, which can be locked and unlocked without contact by means of this data carrier 10.
  • a first step SO the terminal 20 recognizes that a data carrier 10 has approached the terminal 20.
  • the motor vehicle recognizes that a key suitable for unlocking the motor vehicle is in communication range of the motor vehicle.
  • the motor vehicle can be equipped with appropriate antennas.
  • step S1 the terminal 20, i. the motor vehicle, a communication with the data carrier 10, i. the key, on.
  • the execution of a transaction between terminal 20 and disk 10 is initiated.
  • the transaction corresponds to unlocking the motor vehicle.
  • step S2 the data carrier 10 sends in step S2
  • This transaction signal includes supplemental information which enables the terminal 20 to detect a relay attack on the system.
  • the supplemental information includes absolute
  • Position data e.g. GPS coordinates of the disk 10.
  • the terminal 20 has means for determining its own absolute position.
  • the terminal 20 may evaluate the supplemental information and determine an instantaneous distance between the terminal 20 and the data carrier 10.
  • the motor vehicle may approximately determine at what distance to the motor vehicle the key is currently located.
  • step S4 the terminal 20 recognizes, on the basis of the distance determined in step S3, that the data carrier 10 is in the immediate vicinity of the terminal, a legitimate use of the data carrier 10 is assumed, e.g. by the owner of the motor vehicle, who has nourished himself with the key in his trouser or jacket pocket.
  • the presence of a relay attack is then ruled out.
  • the terminal 20 then executes the transaction with the data carrier 10 in step S5, ie the vehicle 20 is automatically unlocked without interaction with the user.
  • step S4 if the terminal 20 recognizes in step S4 that the determined distance between data carrier 10 and terminal 20 exceeds a predetermined maximum distance, the transaction is not automatically performed. Exceeding the given
  • Data carrier 10 and terminal 20 has been forwarded by means of a relay device over a certain distance, thus a relay attack is present. This meant that
  • Terminal in step SO has not recognized the actual volume 10 in communication range, but an attacker disk.
  • the terminal 20 sends a confirmation request signal to the data carrier 10 in step S6.
  • the data carrier 10 is thus requested to confirm that the transaction which it intends to perform is the data carrier 10 with the transmission of the data
  • step S7 If the terminal 20 receives a transaction acknowledgment signal from the data carrier 10 within a predetermined transaction confirmation interval (compare step S7), the now explicitly confirmed transaction is performed (see step S5).
  • Transaction acknowledgment interval receives no transaction acknowledgment signal from the data carrier 10, or in the event that the data carrier 10 actively signals that a
  • Performing the transaction is not intended, e.g. by sending a
  • Transaction abort signal the transaction is terminated by the terminal 20 in step S8.
  • a potential attacker can forward the communication between the data carrier 10 and the terminal 20 only unchanged, since it is cryptographically secured and the data carrier 10 and the terminal 20 have mutually authenticated each other. In particular, an attacker can not fictitiously transact a transaction confirmation signal.
  • preferred embodiments of the invention (not to be confused with the patent claims) are given again by way of example. 1.
  • the invention relates to a method for detecting and preventing a relay attack on a means of contactless data transmission between a disk and a terminal feasible transaction.
  • a transaction signal sent by the data carrier for carrying out the transaction to the terminal comprises supplementary information which enables the terminal to detect a relay attack.
  • supplemental information comprises information generated by an interaction of a user of the volume with the volume, and which indicates an intention of the user to perform or not to perform the transaction.
  • transaction release information indicating that a user of the volume has actively actuated the volume to release the transaction.
  • Transaction lock information that indicates that the user does not intend to temporarily perform a transaction. 3. The method according to any one of the preceding paragraphs, wherein the terminal is based on the additional information in a position to determine a position of the data carrier relative to the terminal.
  • Transaction signal related position data includes. 5. The method according to paragraph 4, wherein the position data indicate an absolute position of the data carrier, preferably by means of GPS coordinates.
  • dockable device such as a smartphone, a smartwatch, a device in a networked building, or the like.
  • Terminal set up a method according to any one of paragraphs 1 to 12h
  • Data communication configured motor vehicle is formed.
  • Data communication configured locking system of a building is formed.
  • System comprising at least one data carrier according to one of the paragraphs 13 to 13c and at least one terminal according to one of claims 14 to 14c.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Lock And Its Accessories (AREA)

Abstract

L'invention concerne un procédé de détection et de prévention d'une attaque de relais sur une transaction qui peut être réalisée au moyen d'une transmission de données sans contact entre un support de données (10) et un terminal (20). Pour cela, un signal de transaction envoyé par le support de données au terminal pour effectuer la transaction comprend des informations complémentaires permettant au terminal de détecter une attaque de relais. L'opération peut concerner notamment le déverrouillage d'un véhicule automobile.
PCT/EP2018/064030 2017-06-02 2018-05-29 Procédé et dispositif de détection d'une attaque de relais WO2018219922A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102017112233.8A DE102017112233A1 (de) 2017-06-02 2017-06-02 Verfahren und Vorrichtung zum Erkennen eines Relais-Angriffs
DE102017112233.8 2017-06-02

Publications (1)

Publication Number Publication Date
WO2018219922A1 true WO2018219922A1 (fr) 2018-12-06

Family

ID=62684740

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2018/064030 WO2018219922A1 (fr) 2017-06-02 2018-05-29 Procédé et dispositif de détection d'une attaque de relais

Country Status (2)

Country Link
DE (1) DE102017112233A1 (fr)
WO (1) WO2018219922A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111383011A (zh) * 2018-12-29 2020-07-07 华为技术有限公司 一种处理中继攻击的方法以及安全单元

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080109375A1 (en) * 2006-11-08 2008-05-08 Ricci Christopher P Position-enhanced wireless transaction security
DE102013015478A1 (de) * 2013-09-10 2015-03-12 Giesecke & Devrient Gmbh Externe sichere Einheit

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140067161A1 (en) * 2012-09-05 2014-03-06 GM Global Technology Operations LLC System for preventing relay attack for vehicle entry
DE102013209612A1 (de) * 2013-05-23 2014-11-27 Siemens Aktiengesellschaft Verfahren zum Durchführen eines automatischen Öffnens eines Fahrzeugs oder eines Bezahl-Vorgangs sowie zugehörige Vorrichtung

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080109375A1 (en) * 2006-11-08 2008-05-08 Ricci Christopher P Position-enhanced wireless transaction security
DE102013015478A1 (de) * 2013-09-10 2015-03-12 Giesecke & Devrient Gmbh Externe sichere Einheit

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111383011A (zh) * 2018-12-29 2020-07-07 华为技术有限公司 一种处理中继攻击的方法以及安全单元
CN111383011B (zh) * 2018-12-29 2023-09-29 华为技术有限公司 一种处理中继攻击的方法以及安全单元

Also Published As

Publication number Publication date
DE102017112233A1 (de) 2018-12-06

Similar Documents

Publication Publication Date Title
DE102013002281B4 (de) Kraftfahrzeug für ein Carsharing-System
EP2777309B1 (fr) Procédé et système permettant la validation d'un dispositif technique
DE102006042358B4 (de) Verfahren und Servicezentrale zum Aktualisieren von Berechtigungsdaten in einer Zugangsanordnung
EP3418133B1 (fr) Procédé de fonctionnement d'un dispositif de verrouillage radio passif et dispositif de verrouillage radio passif
DE102017117751A1 (de) Annäherungsbestätigung passives Zugangssystem für Fahrzeuge
DE102015016262B4 (de) Verfahren zum Betreiben eines Zugangssystems für ein Kraftfahrzeug
DE102017215594B4 (de) Steuervorrichtung für ein bedienfreies Funkschlüsselsystem eines Kraftfahrzeugs, Kraftfahrzeug mit einer solchen Steuervorrichtung und Verfahren zum Betreiben einer solchen Steuervorrichtung
DE102016120524A1 (de) Verwenden von persönlichen RF-Signaturen für verbesserte Authentifizierungsmetrik
WO2013056783A1 (fr) Terminal mobile, terminal de transactions et procédé de réalisation d'une transaction à partir d'un terminal de transactions en utilisant un terminal mobile
DE102011078018A1 (de) System zum Ausführen von Fernfunktionen eines Kraftfahrzeugs
EP3811648B1 (fr) Prévention du vol d'une automobile par la modélisation contextuelle d'un utilisateur autorisé
WO2019105609A1 (fr) Procédé d'actionnement d'un équipement de fermeture d'un véhicule automobile, équipement d'autorisation, équipement de contrôle d'accès, équipement de commande, et terminal mobile
DE102015107640A1 (de) Zugangs-und Fahrberechtigungssystem mit erhöhter Sicherheit gegen Relaisangriffe auf die Transpondingschnittstelle Teil - II
WO2018219922A1 (fr) Procédé et dispositif de détection d'une attaque de relais
WO2018072930A1 (fr) Système d'authentification sans clé pour véhicule automobile, procédé d'authentification pour pouvoir faire marcher un véhicule automobile et kit de rééquipement
WO2017036714A1 (fr) Procédé de commande d'une unité d'accès au moyen d'un terminal électronique mobile
EP3422301B1 (fr) Système de verrouillage de véhicule mains libres au moyen d'un terminal mobile
EP2996299B1 (fr) Procédé et système d'autorisation d'une action sur un système auto-commandé
EP3345364A1 (fr) Transmission d'autorisation indirecte
EP3504689B1 (fr) Procédé d'authentification et agencement d'authentification d'un véhicule automobile
DE10112573A1 (de) Verfahren zum Initialisieren eines Diebstahlschutzsystems für ein Kraftfahrzeug
WO2019166216A1 (fr) Système d'autorisation de conduite
WO2016001103A1 (fr) Système de déverrouillage et de verrouillage d'un mécanisme de fermeture
WO2017076477A1 (fr) Système d'accès doté d'un dispositif d'autorisation portatif
DE112014003789T5 (de) Verfahren und System zur drahtlosen Verbindung mindestens einer externen Vorrichtung zur Kommunikation mit einem Fahrzeug

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18732671

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 18732671

Country of ref document: EP

Kind code of ref document: A1