A PUF-based Lightweight and Secure Mutual Mechanism for Remote Keyless Systems

# A PUF-based Lightweight and Secure Mutual Mechanism for Remote Keyless Systems 概要： * INTORODUCTION 1. There are mainly two types of keyless entery systems:Remote Keyless Entry (RKE) systems and Passive Keyless Entry and Srart (PKES) system. 2. In this paper,we focus on the RKE systems. 3. In the RKE systems, when the user presses a button on the key fob, radio frequency (RF) signals are generated from the key fob and sent to a receiver in the car. 4. An adversary may carry out replay attacks by capturing and replaying such signals to gain access to the car. 5. To prevent replay attacks, insted of using static codes, rolling codes were introduced. 6. Each time the unlock button on the key fob is pressed, a new rolling code is produced. The generated rolling code can be used to unlock the car only once. 7. * SYSTEM MODEL AND ADVERSAR MODEL **A. System Model** A PUF is included with each key fob. **B. Adversary Model** We assume that the adversary has the capability to eavesdop, capture ,or jam the signals trasnmitted from the key fob to the car. Then, the adversary may replay the previously captured messages. If the adversary captures the signals exchanged in the RKE systems that emply static code, he/she can replay it later to unlock the car. The RKE systems based on rolling codes are protected from such replay attacks. However, the RollJam attack can be excuted to pmpromise the RKE systems based on rolling codes. *In the RollJam attack, the adversary captures an unlock signal sent from the key fob to the car. At the same time, the adversary jams the same signal sotaht it will not reach the car. As the first attempt to unlock the car failed, the user presses the key fob button again. The adversary caputures the second signal, jams it, and sends the first captured singanl to the car. As the replayed signal sent from the adversar's sdevice unlocks the car, the user does not notice this attack easily. However, the adversary has captured a vaild signal (the secondd signal) that he/she can use later. ## 這情況可以分成5個種類 1. CaptureK(key fob, car, m) 2. CaptureC(car, key fob, m) 3. SendK(car, m) 4. SendK(key fob, m) 5. Jam(key fob, car, m) * PROPROSED MECHANISM The propsed mechanis consists of two phases:registration and authentication. *Registration pahse![](https://i.imgur.com/JEVwjKS.png) *Authentication![](https://i.imgur.com/mHnLgr3.png) * SECURITY ANALYSIS 1. Lemma 1. Proposed mechanism is resilient against cloning attacks. Proof. PUFs cannot be cloned. Hence, and adversary cannot clone them to generate the resposes requeired during authentication. 2. Computation Cost. Next, we consider the computation cost. The we evaluate the computation cost during the authentication phase. ##### The key fob requires 6 XOR, 2 PUR, 4 concatenatioon, and 1 hash operations. The car receiver requires 6 XOR, 3 concatenatioon, and 1 hash operations for one iteration of the authentication process. `We use a Raspberry Pi 3B to simulate the RKE system and to run operations such as has(SHA-1), XOR, and concatenation. The operationos have been simulated in the Python programming language.~~` ##### `重點：we can conclude that the proposed mechanism provides more security features than other existing schems while having a lower computation cost.` * CONCLUSION In this paper, `we explored the attacks on RKE systems. Then, we proposed a mutual authentication mechanism based on PUFs for RKE systems. We also showed that the proposed mechanism is lightweight while still providing all the necessary security features. ` The security and performance analysis of the proposed mechanism shows that PUFs can be used to achieve an efficient authentication mechanism for RKE systems.