JUNE 13, 2020 BY CHRISTOPH ZORN AND RIAS AL-KADI, NXP SEMICONDUCTORS
Passive keyless entry (PKE) is an increasingly common way of unlocking and starting a car. Unfortunately, car thieves armed with readily available and inexpensive hacking tools have become adept at breaking into and stealing PKE-enabled cars. Ultra-wideband (UWB) technology can provide enhanced security for PKE applications.
PKE for unlocking and starting a car offers many advantages. Not only does it provide a more convenient method of unlocking and starting a car than a traditional key, it is also safer. PKE replaces both the mechanical key and the bulky mechanical steering column lock arrangement which, during an accident or collision, can injure a driver’s knee as it impacts the barrel lock. For the vehicle manufacturer, switching to PKE also simplifies mechanical controls and removes the weight of the heavy steering locking mechanism.
For the driver, a PKE key fob can be kept inside a pocket or purse, and there is no need to retrieve it in order to open the car. The car continually broadcasts an encrypted query to which the matching key responds when close by, enabling the driver to open the car door. Once the driver is inside, the car detects that the key fob is now inside the vehicle, allowing the ignition’s start button to be operated.
But the security of PKE is coming into question. Car thieves have become adept at defeating PKE using readily-available and inexpensive hacking tools without actually taking possession of the key. A relay attack, for instance, is a method used to compromise the key fob by waking the fob up and making it invoke an unauthorized opening command to the vehicle. The twist, and the reason for the attack’s name, is that two thieves collaborate across some distance. One thief stands close enough to you to activate your key fob, say, in the queue at a coffee shop, while the other is close to your car in a parking lot. The second thief relays the car’s query to the first thief, who rebroadcasts it to your key. The first thief can then capture the key fob’s ‘open’ response signal and relays it to the other thief, who uses it to signal the car to open. As far as the vehicle is concerned, the unlock and start commands have originated from a valid, nearby key fob.
Most PKE systems today only use the signal strength of the connected key fob to determine if the vehicle’s driver is within range. The thief’s hacking device, since it is within the range, exhibits a strong signal strength, making the car believe it has emanated from the actual key fob.
Ultra-wideband steps in
In the search for an alternative approach to unlocking and starting a vehicle, the combination of using a smartphone equipped with UWB communications is fast gathering momentum. UWB enables the use of time-of-flight (ToF) calculations, where the initiating unlock instruction is timestamped, enabling the receiving device to determine the distance the instruction has travelled. This determination can reveal whether the requester is actually in the vehicle’s vicinity, or something else is going on.
UWB has had a chequered career. It was initially developed for radar applications, and then became a candidate for high bandwidth data communications until Wi-Fi became dominant. Today, the IEEE 802.15.4z standard that governs UWB has been ratified for the measurement of ToF and angle of arrival (AoA) metrics, and UWB is recognized as an extremely capable and precise ranging and sensing wireless protocol.
Unlike wireless methods such as Wi-Fi and Bluetooth, UWB operates in an impulse mode, sending 2-nanosecond (ns) pulses across a very wide radio frequency spectrum. Also, UWB can coexist with all of the popular wireless communication methods because it operates in a frequency range of 6.5 GHz to 8 GHz, far away from the congested spectrum occupied by Wi-Fi, Bluetooth, and similar methods. UWB’s impulse method is also more able to differentiate multipath signals caused by signal reflections from nearby objects and buildings.
For ranging and ToF applications, UWB has a range of about 10 meters using modest power levels. The very short 2 ns pulses are sent at high rates of repetition, with typical pulse repetition frequencies of 64 MHz and 128 MHz. UWB modulation techniques include pulse position and binary phase-shift keying.
Implementing ToF calculations
ToF is a form of ranging, not dissimilar to the passive techniques used in radar, that uses accurate measurements of the time that a signal takes to travel from a source object to a target object and back again to determine the distance between the two objects. As illustrated in Figure 1, device 1,the initiator, sends a request to device 2. Device 2, once it has received the request and processed it, sends a response back to device 1. The time taken for device 2 to generate the reply, Treply, is subtracted from the total round-trip duration Trdtrip to obtain ToF.
Figure 1 ToF calculation for UWB between two devices must remove the responder’s response time from its measurements. Source: NXP
In the above scenario, if the ToF is calculated to be 5 ns, then the distance between the two, using the speed of light approximated as 3 × 108 m/s, is roughly 1.5 meters.
With pulse widths in the order of nano seconds, UWB offers a high precision approach to ranging, with accuracy to within +/- 10 cm. By comparison, WiFi and BLE are unable to provide such accuracy, limited to between +/- 1 m to +/- 5 m.
Using the angle of arrival
Another aspect of UWB is that, thanks to its highly accurate ToF abilities, it can also determine the direction from which the signal has arrived, the AoA. This determination requires additional antenna to acquire not only the ToF as indicated by Figure 1, but the phase difference between signals received from two or more antennas. Without AoA calculations, as shown in Figure 2a, ToF is only able to indicate the radial distance between device 1 and device 2. So, a car equipped with ToF might be able to determine only that the vehicle owner is, say, 3 meters away, but not in which direction. With the additional information that AoA can provide, however, the system can narrow the source’s location to a relatively small area (Figure 2b).
Figure 2 ToF ranging with AoA generates a high accuracy fix on the key’s location. Source: NXP
Not all automotive applications warrant determining exactly where the UWB device owner might be relative to the car. It might be, however, that in the future this information could be incorporated in automobiles, but it is more likely that smartphone manufacturers will incorporate such technology to serve a number of different use cases.
AoA works because, at each antenna, there is a small but measurable difference in the arrival time and the phase of each signal received. The system can note the arrival time and phase of each signal and then use them in a geometric calculation, similar to triangulation, that determines where the signal came from (Figure 3). We are using the same example as Figure 1, with device 1 the initiator, and device 2 the responder.
Figure 3 Triangulation (left) with two AoA antennas on device 1, Rx1 and Rx2, provides information on the direction of device 2. The AoA calculation (right) uses the arrival times and the antenna spacing to determine the specific angle of each incoming signal. Source: NXP
The geometric chart on the left of Figure 3 illustrates the calculation of the angle of arrival using two antennas at device 1, labelled Rx1 and Rx2. The signal traveling from device 2 to device 1 takes longer to reach Rx1 than Rx2. The AoA calculation, shown on the right of the diagram, uses the arrival times and the antenna spacing to determine the angle of each incoming signal and draw the triangle formed by Rx1, Rx2, and device 2. In this instance, the triangle has a longer leg on Rx1 and points to the right, indicating that device 2 is to the right of device 1.
UWB security protects ToF calculations
The latest specification of UWB, IEEE 802.15.4z, added an important feature in the physical layer (PHY), the scrambled timestamp sequence (STS). Using a technique developed by NXP, STS employs both cryptographic and random number generation techniques to protect the timestamp data. Since the timestamp data is used to determine the precise distance that two objects are from one another, any tampering or manipulation of the timestamp means you could make that distance appear to be more or less. STS makes it extremely hard for an adversary to intercept and change the vital timestamp data sent by UWB.
Coming back to our key fob example, for instance, accurate timestamp data would immediately reveal a relay attack. The ToF would be much larger than the key fob’s transmitting range. The 802.15.4z standard amendments introduce techniques that protect the timestamp and the ToF calculations. By keeping the timestamp information protected through the use of cryptographic elements, the critical timestamp data is neither accessible nor predictable.
Automotive PKE systems have proven to be extremely popular with both consumers and manufacturers. Unfortunately, the security limitations of PKE have led to a rise in vehicle theft due to an extremely simple method for detecting a vehicle’s owner and remotely linking their car to the associated key fob. UWB introduces the ability to determine the precise location of the key fob using a ToF calculation, preventing this remote attack. The timestamp data used in this calculation is also protected within the UWB packets by using cryptographic features. By incorporating the UWB transceiver within a smartphone, developers can open up the potential to use a person’s phone in place of the traditional key fob. Also, a smartphone-based approach provides a platform for a host of other ranging and location services to be used in the future.