Table of Contents Author Guidelines Submit a Manuscript
Journal of Advanced Transportation
Volume 2018, Article ID 1935974, 13 pages
https://doi.org/10.1155/2018/1935974
Research Article

Sound-Proximity: 2-Factor Authentication against Relay Attack on Passive Keyless Entry and Start System

Graduate School of Information Security, Korea University, Seoul, Republic of Korea

Correspondence should be addressed to Dong Hoon Lee; rk.ca.aerok@eelhgnod

Received 28 June 2017; Accepted 7 December 2017; Published 31 January 2018

Academic Editor: Emanuele Crisostomi

Copyright © 2018 Wonsuk Choi et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

Passive keyless entry and start system has been widely used in modern cars. Car owners can open the door or start the engine merely by having the key in their pocket. PKES was originally designed to establish a communication channel between the car and its key within approximately one meter. However, the channel is vulnerable to relay attacks by which attackers unlock the door even if the key is out of range. Even though relay attacks have been recognized as a potential threat for over ten years, such attacks were thought to be impractical due to highly expensive equipment; however, the required cost is gradually practical. Recently, a relay attack has been demonstrated with equipment being sold only under $100. In this paper, we propose a sound-based proximity-detection method to prevent relay attacks on PKES systems. The sound is eligible to be applied to PKES because audio systems are commonly available in cars. We evaluate our method, considering environments where cars are commonly parked, and present the recording time satisfying both usability and security. In addition, we newly define an advanced attack, called the record-and-playback attack, for sound-based proximity detection, demonstrating that our method is robust to such an attack.