NDSS

Abstract

Background. The traditional way to unlock car doors has been replaced with a keyless entry system which proves more convenient for automobile owners. When a driver with a key fob is in the vicinity of the vehicle, doors automatically unlock on user command. However, unfortunately, it has been shown that these keyless entry systems are vulnerable to signal-relaying attacks. Relayed signals result in valid packets that are verified as legitimate, and this makes it is difficult to distinguish a legitimate door unlock request from a malicious signal.

Aim. We present an RF-fingerprinting method (coined “HOld the DOoR”, HODOR) to detect attacks on keyless entry systems – the first attempt to exploit the RF-fingerprint technique in the automotive domain.

Method. We performed a series of experiments on actual vehicles, a 2014 Kia Soul and 2016 Volkswagen Tiguan. For the evaluation of HODOR, two types of software-defined radio (SDR) devices were used for the transmission and acquisition of the UHF band RF signals. In our evaluation, a one-class support vector machine (SVM) and k-nearest neighbors (k-NN) algorithms were used. The SVM and k-NN algorithms were performed with the default parameters provided by MatLab 2017a.

Results. Through a series of experiments, the results demonstrate that HODOR competently and reliably detects attacks on keyless entry systems. HODOR achieves both an average false positive rate (FPR) of 0.27% with a false negative rate (FNR) of 0% for the detection of simulated attacks, corresponding to current research on keyless entry car theft. Furthermore, HODOR was also observed under environmental factors: temperature variation, non-line-of-sight (NLoS) conditions, and battery aging. HODOR yields a false positive rate of 1.32% for the identification of a legitimated key fob even under NLoS conditions.

Conclusions. HODOR is a sub-authentication system that supports manufacturer-installed support systems to prevent keyless entry system car theft. Specifically, HODOR is an RF fingerprinting method that distinguishes a legitimate door unlock request from a malicious attempt. Through our evaluation, we showed that HODOR is able to effectively detect simulated attacks that are defined in our attack model, while reducing the number of erroneous detection occurrences (i.e., false alarms). Finally, one especially noteworthy merit of HODOR is its design. It is designed such that it can be applied into an existing system without any hardware modifications. The only requirement for successful implementation is to add a device to sample UHF band RF signals and analyze them

Speaker’s Biography

Kyungho Joo received the B.S. degree from the College of Information and Communication, Korea University, Seoul, South Korea, in 2016. He also received the M.S. degree in information security from Korea University, Seoul, in 2018, where he is currently pursuing the Ph.D. degree in information security with the Graduate School of Information Security. His research interests include Vehicular-IT security, Wireless security.