250 likes | 362 Views
Wireless and integrated chip security keys in modern vehicles. Authors: Kidus Yared and Larry Gregory Hankins Course: ECE 478/578 Network Security Professor: Dr. Çetin Kaya Koç Winter, 2005. What is Vehicle Security and Why should We Care?.
E N D
Wireless and integrated chip security keys in modern vehicles Authors: Kidus Yared and Larry Gregory Hankins Course: ECE 478/578 Network Security Professor: Dr. Çetin Kaya Koç Winter, 2005
What is Vehicle Security andWhy should We Care? • To be able to know that you are the only person that can access your vehicles operations. • This also leads to the subject of other key operated products that have security features but are not secure enough.
Current Statistics • Number of stolen cars • Every 25 seconds, a motor vehicle is stolen in the United States. The odds of a vehicle being stolen were 1 in 190 in 2003 (latest data available). The odds are highest in urban areas. • 2003 Theft Statistics: U.S. motor vehicle thefts rose 1.1 percent in 2003 from 2002, according to the FBI's Uniform Crime Reports. In 2003, 1,260,471 motor vehicles were reported stolen.
What is the Relationship Between Vehicles and Network Security? • Modern Vehicles are equipped with wireless and security keys. As more people rely on them, they become a source for an attack. • These attacks are done through signal detection, and key duplication. • These devices are becoming a standard of future vehicles. • As we integrate products together, cars are one of the top choices to be integrated into the network stream.
What is the Relationship Between Vehicles and Network Security Other Products
What is the Relationship Between Vehicles and Network Security ctd
Terminologies that exist in vehicle security. • Key Grabbing • Intercepting signal • GSM/GPRS GPS • Global System for Mobile Communication • Satellite controlled vehicle • General Packet Radio Service • Secured Car Keys • Integrated chip security in car keys • Smart Cards • Microprocessor integrated card keys
Key Grabbing • Monitoring the transmission from a valid radio key (RFID) or infra-red key.
Key Grabbing ctd • Monitoring the transmission from a valid radio key (RFID) or infra-red key. • Key Copying (Replay Attack)
GPS Vehicle security – with anti-theft features • The wireless tracking systems based on GSM & GPS offer many advantages. • The GSM/GPRS and GPS technologies are international standards and thanks to international GSM roaming agreements and the worldwide availability of GPS it enables cross-border communication of tracking information. • Wireless communication offers numerous opportunities for creating value-added services for the driver, service stations, operators and also insurers.
GPRS • Radio technology for GSM networks that adds packet-switching protocols. • Shorter set-up time for ISP connections, and offer the possibility to charge by amount of data sent rather than connect time. • Promises to support flexible data transmission rates typically up to 20 or 30 Kbps (with a theoretical maximum of 171.2 Kbps), as well as continuous connection to the network.
Secured Car Keys • Using Radio Frequency Identification (RFID) • Keys sends signals and receivers authenticate signals • U-channel structured keys with integrated chip
Smart Cards • These are microprocessor integrated cards with storage (RAM/ROM) • These contain writeable memory for multiple applications • Two types of communication between smart cards • Contact • Contact-less
Smart Cards ctd • Smart card readers • Provide: power, data, initialization • Provide identity authentication by user possession • Therein lies the problem • Smart card readers initialize based on users possession, no authentication needed (same as car key)
Current Security Features • Wireless Keys • User or owner sends a signal to vehicles through a wireless unsecured medium. • Key is detected by key signal box and verified. • User is now able to operate vehicle. • Security Car Keys • User or owner applies key to enter vehicle. • User uses key to start ignition of vehicle. • User is now able to operate vehicle. • GSM/GPRS and GPS recently adopted product. • User or owner is authenticated via wireless key, Security Chip key, or calling service center (emergency cases).
GPS disadvantages • Open channel of communication • Multiple devices access the same satellite and are able to receive same information • GSM • The vulnerability lies in the control center or server for the security system. • OnStar, DoLock, RhinoCo, etc… • If a user gains access to servers database they are able to access and control information and/or commands. • Attacker can open/close vehicle door.
Vulnerabilities of Modern Security Keys • Weak Wireless Keys • Key is detected via key grabbing, it can be reused without personal knowledge. • Entire key has to be changed (cannot be reprogrammed). • Security Chip Keys • GSM/GPRS and GPS • Currently most secured and reliable. • But all have the vulnerability of being attacked with unsecured network protocol system.
Vulnerabilities of Modern Security Keys ctd • As we keys are made to be more than 64 bit encryption, the time it takes to decrypt may be critical. • People rely on there vehicle for security. • User Needs • Quick key access to their car • Reliability
Market for increase security and Vehicles • Siemens • http://communications.siemens.com/repository/887/88732/Siemens_Security_Brochure.pdf • http://www.deloitte.com/dtt/cda/doc/content/StanfordOnStarCaseStudy.pdf • Black Boxes: • The next step in to determining through data recording. • The Current proposed problem is privacy concerns. • RFID Tags • VeriChip radio frequency ID • A rectangular antenna ultra thin but with a chip holding read/write memory, the tags fit between laminated paper or plastic and are badges. • Our proposal use of this technology: • Useful to determine every element of a cars objects.
Steps to take to make your vehicle more secure • General Concept • Determine the level of security needed for your vehicle. • Find out architecture of your security key product.
Steps to take to make your vehicle more secure ctd • Minimum of 40 bits with lengths greater than 64 bits proffered key. • Use of a unidirectional encryption algorithm to prevent the key being determined form an analysis of a valid key transmission. • Alternation of key after each transmission.
Summary • Do not rely on your current security unless you know how it is designed. • Attributes to look for: • 64 bit secured encryption. • Order of time key takes to operate vehicle? • Cover your RFID integrated chip keys with metal (aluminum foil, key case) • Frequently change your key codes (if applicable)
Sources • IEEE Library Sources • Algorithms to Evade Keygrabbers Dr. A. R. Deas Systems Silicon plc • From J A Howard MA C Eng. MIEE FIIM, Smart Cards J A Howard. • Other Library Sources • http://communications.siemens.com/repository/887/88732/Siemens_Security_Brochure.pdf • http://www.electronicsweekly.com/Article10729.htm • http://0-search.epnet.com.oasis.oregonstate.edu:80/login.aspx?direct=true&db=aph&an=15913135 • http://www.iii.org/media/hottopics/insurance/test4/ • GLOBAL SUPPLY CHAIN MANAGEMENT FORUM CASE: GS-38 GSCMF-003-2004 DATE: 10/13/2004 ONSTAR:CONNECTING TO CUSTOMERS THROUGH TELEMATICS By Peter Koudal, Hau L. Lee, Seungjin Whang, Barchi Peleg, and Paresh Rajwat • IEEE RFID Tags Take hold Page 12, The Institute March 2005 Vol 29 No. 1 • “Black Boxes Get Green light”; Willie D. Jones; pg 14-17; IEEE Spectrum| December 2004