CN110352360A - 防止中继攻击 - Google Patents
防止中继攻击 Download PDFInfo
- Publication number
- CN110352360A CN110352360A CN201880010382.2A CN201880010382A CN110352360A CN 110352360 A CN110352360 A CN 110352360A CN 201880010382 A CN201880010382 A CN 201880010382A CN 110352360 A CN110352360 A CN 110352360A
- Authority
- CN
- China
- Prior art keywords
- communication equipment
- signal
- frequency
- motor vehicle
- frequency spectrum
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004891 communication Methods 0.000 claims abstract description 69
- 238000001228 spectrum Methods 0.000 claims abstract description 65
- 230000005540 biological transmission Effects 0.000 claims abstract description 17
- 238000000034 method Methods 0.000 claims abstract description 16
- 230000004913 activation Effects 0.000 description 4
- 238000005259 measurement Methods 0.000 description 4
- 238000013461 design Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000011514 reflex Effects 0.000 description 2
- 238000000060 site-specific infrared dichroism spectroscopy Methods 0.000 description 2
- 230000003321 amplification Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002045 lasting effect Effects 0.000 description 1
- 238000003199 nucleic acid amplification method Methods 0.000 description 1
- 230000010287 polarization Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000005096 rolling process Methods 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01S—RADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
- G01S11/00—Systems for determining distance or velocity not using reflection or reradiation
- G01S11/02—Systems for determining distance or velocity not using reflection or reradiation using radio waves
- G01S11/06—Systems for determining distance or velocity not using reflection or reradiation using radio waves using intensity measurements
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01S—RADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
- G01S3/00—Direction-finders for determining the direction from which infrasonic, sonic, ultrasonic, or electromagnetic waves, or particle emission, not having a directional significance, are being received
- G01S3/02—Direction-finders for determining the direction from which infrasonic, sonic, ultrasonic, or electromagnetic waves, or particle emission, not having a directional significance, are being received using radio waves
- G01S3/14—Systems for determining direction or deviation from predetermined direction
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01S—RADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
- G01S5/00—Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
- G01S5/0009—Transmission of position information to remote stations
- G01S5/0018—Transmission from mobile station to base station
- G01S5/0027—Transmission from mobile station to base station of actual mobile position, i.e. position determined on mobile
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01S—RADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
- G01S5/00—Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
- G01S5/02—Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
- G01S5/0252—Radio frequency fingerprinting
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01S—RADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
- G01S5/00—Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
- G01S5/02—Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
- G01S5/0284—Relative positioning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
- G07C2009/00412—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal being encrypted
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
- G07C2009/00555—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks comprising means to detect or avoid relay attacks
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C2009/00753—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
- G07C2009/00769—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
- G07C2009/00793—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means by Hertzian waves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/63—Location-dependent; Proximity-dependent
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
- H04W4/023—Services making use of location information using mutual or relative location information between multiple location based services [LBS] targets or of distance thresholds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
Landscapes
- Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Radar, Positioning & Navigation (AREA)
- Remote Sensing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Bioethics (AREA)
- Lock And Its Accessories (AREA)
- Mechanical Engineering (AREA)
- Position Fixing By Use Of Radio Waves (AREA)
Abstract
本发明涉及一种用于防止对由至少一个第一2和第二通信设备4构成的***的中继攻击的方法,其中在第一2和第二通信设备4之间无线传输数据。第一通信设备2在频带内确定所有在第一通信设备2的地点处待接收的无线传输的信号的第一频谱。第二通信设备4同样在该频带内确定所有在第二通信设备4的地点处待接收的无线传输的信号的第二频谱。频带本身通过最小的和最大的频率来限定。第二通信设备4将第二频谱传输至第一通信设备2。第一通信设备2比较第一频谱和第二频谱,以便确定第二通信设备4是否位于第一通信设备2的地点处。
Description
技术领域
本发明涉及一种用于防止对由至少一个第一和第二通信设备构成的***的中继攻击的方法,其中在第一和第二通信设备之间对数据进行无线传输。
背景技术
由现有技术已知所谓的“响片(Clicker)”和无钥匙启动***作为机动车的进入***。在“响片”中,在操纵按键之后,通常产生滚动码,并且将其在UHF频带中的433.975MHz或867MHz的频率下传输至机动车。在无钥匙启动***中,附加地,RFID读取设备位于机动车中,以及标签位于车辆钥匙中,从而在接近机动车时可以打开车门。在该方法中,此外可以探测到车辆钥匙是位于机动车之内还是位于机动车之外,以便例如可以相应地禁止或释放机动车的点火。
通常,在无钥匙启动***中使用由在125kHz中的RFID信号和UHF发送器构成的组合,RFID信号由机动车产生并且用作所谓的唤醒信号,UHF发送器位于车辆钥匙中并且在接收唤醒信号之后将答复发送至机动车。
此外,由现有技术还已知所谓的宽带RF监控接收器,利用宽带RF监控接收器可以在频谱上监控大的带宽。此外,根据现有技术已知的是,这种监控接收器用于远程定位移动接收器、例如卡车。如果例如确定待接收的无线电和DVB-T发送器以及待接收的GSM小区的信号的幅度和频率,则可以精确地确定接收器是否位于例如大慕尼黑地区、纽伦堡或例如法兰克福。此外,当接收器改变其地点时,发送器的信号发生改变。当为了定位特定的接收器附加地也考虑具有短的有效距离的、例如针对WLAN的发送器时,该效果更加明显。为了使接收器可以确定其位置是否改变,接收器时间错开地实施多个测量。
关于“响片”和无钥匙启动***的问题是,在该***中通过中继攻击可以未授权地远程地读取在机动车与车辆钥匙之间传输的数据,并且因此可以未授权地打开并启动相应的机动车。
发明内容
因此,本发明所要解决的技术问题是,提供一种针对上面描述的问题的解决方案。
该技术问题通过根据权利要求1的特征的用于防止中继攻击的方法来解决。在从属权利要求中描述了另外的有利的设计方案。
为了解决该问题,本发明公开了一种用于防止对由至少一个第一和第二通信设备构成的***的中继攻击的方法,其中,在第一和第二通信设备之间无线传输数据。根据本发明,第一通信设备在频带内确定所有在第一通信设备的地点处待接收的无线传输的信号的第一频谱。第二通信设备同样在该频带内确定所有在第二通信设备的地点处待接收的无线传输的信号的第二频谱。频带本身通过最小的和最大的频率来限定,其中最小的和最大的频率依据应用适当地规定,其中也可以使用多个频带。在确定第二频谱之后,第二通信设备将第二频谱传输至第一通信设备。第一通信设备比较第一频谱和第二频谱,以便确定第二通信设备是否位于第一通信设备的地点处。当在比较第一和第二频谱时确定了两个频谱一致,则假定第一和第二通信设备位于共同的地点处,并且因此不存在中继攻击。
根据本发明的有利的实施例,同时或在不同的时间确定第一和第二频谱。在相同的时间确定两个频谱具有如下优点:可以直接比较两个频谱。在不同的时间点的确定具有如下优点:攻击者不知道他应当何时从外部仿造频谱的时间点,并且因此该措施提高了保护以防止攻击。第一通信设备优选向第二通信设备通知第二通信设备应当何时开始或结束对待接收的频谱的确定。
根据本发明的另一有利的实施例,持续或仅在特定的时间确定第一和第二频谱。对频谱的持续的采集具有如下优点:采集非常多的数据,并且因此实现关于确定地点的更高的精确度。仅在特定的时间点确定频谱的优点具有如下优点:数据处理的开销可以保持为很小,并且潜在的攻击者不知道何时确定频谱,从而得到防止攻击者的更高的保护,攻击者尝试仿造在第一或第二通信设备的地点处待接收的频谱。此外,仅在特定的时间点快速地实施对频谱的确定。
根据本发明的另一有利的实施例,除了在第一和第二通信设备的地点处待接收的频谱以外,第一通信设备本身发送由第一通信设备本身以及也由第二通信设备接收的信号。优点是,该信号仅由第一通信设备发送,并且这因此是第一和第二通信设备的分别待确定的频谱中的明确的且容易识别的特征。该信号位于上面提到的适当规定的频带内。在该频带内可以在一个频率或在不同的频率下发送信号。第一通信设备优选发送至少一个信号,而第一和第二通信设备分别确定待接收的信号的频谱。
根据本发明的另一有利的实施例,第一通信设备告知第二通信设备针对哪些频率分别确定信号幅度。这具有如下优点:待确定的频谱可以限于特定的频率,并且因此减小用于评估和比较频谱的开销,但也提高了防止攻击者的保护,因为攻击者不知道待确定的频率。
根据本发明的另一有利的实施例,对第一和第二通信设备之间的数据传输进行加密。这具有如下优点:即使攻击者可能接收到了数据传输,攻击者也不能对内容进行解密,并且因此对于他来说是无用的。
根据本发明的另一有利的实施例,第一和第二通信设备分别具有三个天线,其中这三个天线分别相互以一个角度、例如以直角布置。这具有如下优点:通过在所有三个空间方向上测量所接收的信号的幅度和必要时所接收的信号的相位,可以与第一和第二通信设备的取向无关地确定信号的幅度的绝对值。因此能够实现由第一和第二通信设备测量的信号的更好的可比较性。
根据本发明的另一有利的实施例,确定各个待接收的信号之间的空间角度。这具有如下优点:除了每个在频谱中确定的信号的频率和幅度以外,附加地还借助上述的分别例如相互以直角布置的三个天线确定各个信号之间的空间角度,这进一步提高了防止攻击者的保护。
根据另一有利的实施例,第一通信设备是机动车,第二通信设备是车辆钥匙。替换地,第一通信设备是车辆钥匙,第二通信设备是机动车。这具有如下优点:本发明可以在机动车领域中使用,用以防止中继攻击。然而,本发明并不局限于机动车领域,而是例如也可以在终端领域中使用,其中第一通信设备是终端、例如银行终端,并且第二通信设备是便携式数据载体、例如芯片卡或可穿戴设备。
附图说明
根据附图详细阐述另外的有利的设计方案。附图中:
图1示出了本发明的第一实施例,在该第一实施例中机动车和车辆钥匙在其相应的地点处确定来自三个不同的发送器的待接收的信号的频谱,并且频谱随后由机动车进行比较,以便确定车辆钥匙是否位于机动车的地点处;
图2示出了本发明的第二实施例,在该第二实施例中机动车和车辆钥匙分别具有三个天线,这三个天线例如分别错开了90度地布置,以便确定来自两个发送器的所接收的信号之间的空间角度。
具体实施方式
图1示出了本发明的第一实施例,在该第一实施例中,机动车2作为第一通信设备,并且车辆钥匙4作为第二通信设备在其相应的地点处确定发送器1、发送器2和发送器3的待接收的信号的频谱。机动车2发送触发信号“触发”至车辆钥匙4,以便通知车辆钥匙4应当确定频谱。一旦车辆钥匙4确定频谱,则频谱借助答复“频谱”被传输至机动车2。机动车2比较两个频谱,以便确定车辆钥匙4是否位于机动车2的地点处。
机动车2和车辆钥匙4分别具有为清楚起见未示出的发送器和接收器,以便无线地交换数据。对于本发明来说重要的是,机动车2和车辆钥匙4附加地具有为清楚起见未示出的接收器,以便在其相应的地点处在发送器(在图1中通过发送器1至3示出)的待规定的频带内接收无线传输的信号,并且相应由此建立频谱。机动车2例如要求在车辆钥匙4中借助所示的触发信号建立频谱,并且随后接收由车辆钥匙4建立的频谱,以便将该频谱与自身确定的频谱比较。当两个频谱一致时,则得到的是,不存在中继攻击,从而例如机动车2的车门可以解锁,或者发动机可以启动。机动车2中和车辆钥匙4中的附加的接收器例如具有100MHz至2.3GHz的频带作为接收范围。适当地规定对频带进行限定的最小的和最大的频率。
为了保护机动车2与车辆钥匙4之间的数据交换免受未授权的访问,借助适当的加密方法来加密该数据交换。
在比较机动车2和车辆钥匙4的频谱时使用一种算法,其能够比较这些频谱,并且根据频谱中的差异识别出车辆钥匙4是否足够接近机动车2的地点。根据应用,适当地规定差异直到达到哪个界限仍然可以接受车辆钥匙4还被视为位于车辆2的地点处,或者相反地,从哪个差异开始假定有中继攻击。
在机动车2和车辆钥匙4的地点处,三个所示的发送器(即发送器1、发送器2和发送器3)的信号以相应的幅度被接收,发送器例如发送移动无线电信号、WLAN信号和无线电广播信号。所接收的信号的幅度在此尤其是取决于发送功率、关于自由空间衰减的发送频率、发送器与机动车2和车辆钥匙4的邻近的环境、例如地下停车场的距离。此外,到发送器与机动车2或车辆钥匙4之间的路径的信号反射对所接收的信号产生影响,信号反射可以局部和小规模地导致相消或放大。各个所接收的信号的幅度此外可以随着时间而改变。
为了确定车辆钥匙4是否位于机动车2附近,机动车2和车辆钥匙4同时或在不同的时间通过相同的、适当规定的频带来测量待接收的信号的幅度,以便由此相应建立频谱。在建立频谱之后,车辆钥匙4立即将频谱传输至机动车2,在那里,由机动车2和车辆钥匙4测量的两个频谱相互比较。如果车辆2和车辆钥匙4位于彼此附近,则针对相同频率的信号的两个频谱具有类似的幅度。根据本发明设置的是,适当的算法确定两个频谱的一致性,并且在一致性足够的情况下例如释放进入车辆。此外可能的是,适当地预设频率和幅度中的可容忍的偏差。
由于信号的幅度可以随着时间而改变,机动车2和车辆钥匙4确保的是,优选在相同的时间点实施信号测量。为了进一步防止未允许的攻击,替换地也可以在不同的时间进行测量。
此外可能的是,附加地在机动车2上还存在为清楚起见未示出的传感器,传感器在机动车2和车辆钥匙4的待接收的适当规定的频带内的任意的频率下发送信号。也可以由发送器在不同的频率下发送多个信号。理想地,随机选择多个频率,并且将发送限制到确定频谱的时间段。因此,除了来自环境的发送器1、2和3的信号以外,机动车2和车辆钥匙4也还接收由机动车2的发送器发送的信号。在车辆钥匙4的频谱中,于是可以简单地搜索机动车2的发送器的频率,以便可以容易地确定车辆钥匙是否可以完全接收信号,并且如果是的话,具有哪个幅度。
在比较由机动车2接收的信号的幅度和由车辆钥匙4接收的信号的幅度时考虑到的是,由于发送器与接收器之间的间距很小,由机动车2发送的信号与被车辆钥匙4接收相比被机动车2本身更强地接收。
在本发明的另一实施例中,机动车2决定应当针对哪些频率来测量信号幅度,并且将这一点告知车辆钥匙4。为了准备该决定,机动车2提前搜索待接收的完整频谱的信号。机动车2随后选择具有高于特定幅度的信号和低于特定幅度的频率的频率。根据选择,于是机动车2和车辆钥匙4仅测量由机动车2选择的频率处的幅度,这一方面快速进行,另一方面也是防止攻击者的高的保护,因为攻击者不知道所选择的频率。
在本发明的另一实施例中设置的是,车辆钥匙4和机动车2在其相应的地点处接收信号,对该信号进行解调和/或解码,以便确定相应的所接收的发送器的身份。这种身份例如可以是WLAN网络的SSID、UKW无线电广播发送器的RDS发送器标志或GSM无线电小区的标志。在比较由机动车2和车辆钥匙4确定的频谱时,因此可以检验信号是否已经被自身的发送器接收。WLAN的SSID尤其是在此允许在短的距离上的划界。
接收器通常确定的信号幅度取决于信号的定向,即,传播方向和极化,并且取决于接收天线关于信号的定向。因为不同信号的定向以及在机动车2和车辆钥匙4中的接收器的定向是不确定的,并且通常是彼此不同的,所以在本发明的扩展方案中建议,在机动车2和在车辆钥匙4中的用于接收待规定的频带的接收器具有三个天线,这三个天线分别相互以一个角度、例如直角布置。通过在所有三个空间方向上测量信号幅度和必要时信号的相位,可以与机动车2或车辆钥匙4的取向无关地确定信号幅度的绝对值。因此得到由机动车2和由车辆钥匙4测量的信号幅度的更好的可比较性。
作为本发明的附加的扩展方案,在这种天线布置中,可以针对机动车2和车辆钥匙4的待规定的频带由接收器确定所接收的信号之间的角度。扩展的比较算法随后附加地将由机动车2和由车辆钥匙4确定的角度相互比较。在图2中示出该实施例。为清楚起见,在此仅示出发送器1和发送器2,其信号分别被机动车2和车辆钥匙4接收。在信号之间可以确定角度α和角度β。实施中继攻击的攻击者不仅必须在更大的距离上转发机动车2与车辆钥匙4之间的通信,而且也必须在机动车2或车辆钥匙4附近测量待接收的信号,并且相应地在另外的地点处对这些信号进行模仿。在此,与仅对信号的幅度进行模仿相比,附加地对信号的空间定向进行正确模仿对于攻击者来说明显更难,因为攻击者为此必须将多个天线正确定位在机动车2和车辆钥匙4附近。
Claims (9)
1.一种用于防止对由至少一个第一(2)和第二通信设备(4)构成的***的中继攻击的方法,其中在第一(2)和第二通信设备(4)之间对数据进行无线传输,其特征在于,
第一通信设备(2)在频带内确定所有在第一通信设备(2)的地点处待接收的无线传输的信号的第一频谱,和
第二通信设备(4)在所述频带内确定所有在第二通信设备(4)的地点处待接收的无线传输的信号的第二频谱,
其中,所述频带通过最小的和最大的频率来限定,
其中,第二通信设备(4)将第二频谱传输至第一通信设备(2),
其中,借助第一通信设备(2)比较第一频谱和第二频谱,
以便确定第二通信设备(4)是否位于第一通信设备(2)的地点处。
2.根据权利要求1所述的方法,其特征在于,同时或在分别不同的时间确定第一和第二频谱。
3.根据前述权利要求中任一项所述的方法,其特征在于,持续或仅在特定的时间确定第一和第二频谱。
4.根据前述权利要求中任一项所述的方法,其特征在于,第一通信设备(2)发送无线传输的信号,所述信号的频率位于由第一(2)以及由第二通信设备(4)接收的频带内。
5.根据前述权利要求中任一项所述的方法,其特征在于,第一通信设备(2)告知第二通信设备(4)针对哪个频率确定信号幅度。
6.根据前述权利要求中任一项所述的方法,其特征在于,对第一(2)和第二通信设备(4)之间的数据传输进行加密。
7.根据前述权利要求中任一项所述的方法,其特征在于,第一(2)和第二通信设备(4)分别具有三个天线,其中,所述三个天线分别相互以一个角度布置。
8.根据前述权利要求中任一项所述的方法,其特征在于,确定各个待接收的信号之间的空间角度。
9.根据前述权利要求中任一项所述的方法,其特征在于,第一通信设备(2)是机动车,第二通信设备(4)是车辆钥匙。
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| DE102017001092.7A DE102017001092A1 (de) | 2017-02-07 | 2017-02-07 | Schutz gegen einen Relayangriff |
| DE102017001092.7 | 2017-02-07 | ||
| PCT/EP2018/000047 WO2018145808A1 (de) | 2017-02-07 | 2018-02-05 | Schutz gegen einen relayangriff |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110352360A true CN110352360A (zh) | 2019-10-18 |
| CN110352360B CN110352360B (zh) | 2023-04-28 |
Family
ID=61226527
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201880010382.2A Active CN110352360B (zh) | 2017-02-07 | 2018-02-05 | 用于防止对***的中继攻击的方法 |
Country Status (7)
| Country | Link |
|---|---|
| US (1) | US11023600B2 (zh) |
| EP (1) | EP3580578B1 (zh) |
| JP (1) | JP6768161B2 (zh) |
| KR (1) | KR102246430B1 (zh) |
| CN (1) | CN110352360B (zh) |
| DE (1) | DE102017001092A1 (zh) |
| WO (1) | WO2018145808A1 (zh) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11882454B2 (en) | 2019-05-13 | 2024-01-23 | Lambda:4 Entwicklungen Gmbh | Detection of attacks on radio authorization systems |
| US20210094509A1 (en) * | 2019-09-30 | 2021-04-01 | Nxp B.V. | Systems and methods for access control using field strength |
| EP3813402A1 (en) * | 2019-10-21 | 2021-04-28 | Nxp B.V. | Wireless communicaton device and method for spying counter measures |
| WO2023105918A1 (ja) * | 2021-12-07 | 2023-06-15 | アルプスアルパイン株式会社 | 測距装置、及び、送信条件の設定方法 |
| WO2023160828A1 (de) | 2022-02-28 | 2023-08-31 | Lambda:4 Entwicklungen Gmbh | Erkennung von angriffen auf funkautorisierungssysteme |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6269246B1 (en) * | 1998-09-22 | 2001-07-31 | Ppm, Inc. | Location determination using RF fingerprinting |
| CN103532640A (zh) * | 2012-07-06 | 2014-01-22 | 株式会社东海理化电机制作所 | 信号传播时间测量装置 |
| DE102013015478A1 (de) * | 2013-09-10 | 2015-03-12 | Giesecke & Devrient Gmbh | Externe sichere Einheit |
| US20150222658A1 (en) * | 2014-02-04 | 2015-08-06 | Texas Instruments Incorporated | Relay attack countermeasure system |
| US20160148450A1 (en) * | 2014-11-26 | 2016-05-26 | Denso Corporation | Vehicle remote control system and vehicle-mounted apparatus incorporated in the same |
Family Cites Families (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1216172A2 (en) * | 1999-10-01 | 2002-06-26 | Siemens Automotive Corporation | Relay attack detection of a secure vehicle command communication |
| GB0211644D0 (en) * | 2002-05-21 | 2002-07-03 | Wesby Philip B | System and method for remote asset management |
| US7295831B2 (en) * | 2003-08-12 | 2007-11-13 | 3E Technologies International, Inc. | Method and system for wireless intrusion detection prevention and security management |
| JP4358175B2 (ja) * | 2005-09-16 | 2009-11-04 | シャープ株式会社 | 携帯端末 |
| US7971251B2 (en) * | 2006-03-17 | 2011-06-28 | Airdefense, Inc. | Systems and methods for wireless security using distributed collaboration of wireless clients |
| DE102012007286A1 (de) | 2012-04-12 | 2013-10-17 | Giesecke & Devrient Gmbh | Kontaktlose Transaktion |
| JP2014086993A (ja) * | 2012-10-26 | 2014-05-12 | Tokai Rika Co Ltd | 通信エリア形成装置 |
| JP2014108751A (ja) * | 2012-12-04 | 2014-06-12 | Toyota Infotechnology Center Co Ltd | 搭乗予定者識別システム、搭乗予定者識別方法 |
| US9218700B2 (en) * | 2012-12-14 | 2015-12-22 | GM Global Technology Operations LLC | Method and system for secure and authorized communication between a vehicle and wireless communication devices or key fobs |
| US8930045B2 (en) * | 2013-05-01 | 2015-01-06 | Delphi Technologies, Inc. | Relay attack prevention for passive entry passive start (PEPS) vehicle security systems |
| JP2016183489A (ja) * | 2015-03-26 | 2016-10-20 | アルプス電気株式会社 | キーレスエントリー装置 |
| JP6540616B2 (ja) * | 2016-07-01 | 2019-07-10 | 株式会社デンソー | 車両用認証システム |
| EP3287331B1 (en) * | 2016-08-25 | 2020-10-07 | Nxp B.V. | Automotive security apparatus and associated methods |
-
2017
- 2017-02-07 DE DE102017001092.7A patent/DE102017001092A1/de not_active Withdrawn
-
2018
- 2018-02-05 JP JP2019537299A patent/JP6768161B2/ja active Active
- 2018-02-05 KR KR1020197021290A patent/KR102246430B1/ko active IP Right Grant
- 2018-02-05 EP EP18705314.5A patent/EP3580578B1/de active Active
- 2018-02-05 WO PCT/EP2018/000047 patent/WO2018145808A1/de unknown
- 2018-02-05 CN CN201880010382.2A patent/CN110352360B/zh active Active
- 2018-02-05 US US16/483,505 patent/US11023600B2/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6269246B1 (en) * | 1998-09-22 | 2001-07-31 | Ppm, Inc. | Location determination using RF fingerprinting |
| CN103532640A (zh) * | 2012-07-06 | 2014-01-22 | 株式会社东海理化电机制作所 | 信号传播时间测量装置 |
| DE102013015478A1 (de) * | 2013-09-10 | 2015-03-12 | Giesecke & Devrient Gmbh | Externe sichere Einheit |
| US20150222658A1 (en) * | 2014-02-04 | 2015-08-06 | Texas Instruments Incorporated | Relay attack countermeasure system |
| US20160148450A1 (en) * | 2014-11-26 | 2016-05-26 | Denso Corporation | Vehicle remote control system and vehicle-mounted apparatus incorporated in the same |
Also Published As
| Publication number | Publication date |
|---|---|
| DE102017001092A1 (de) | 2018-08-09 |
| WO2018145808A1 (de) | 2018-08-16 |
| JP6768161B2 (ja) | 2020-10-14 |
| JP2020509261A (ja) | 2020-03-26 |
| US20210019433A1 (en) | 2021-01-21 |
| KR20190100948A (ko) | 2019-08-29 |
| US11023600B2 (en) | 2021-06-01 |
| EP3580578A1 (de) | 2019-12-18 |
| EP3580578B1 (de) | 2021-12-08 |
| CN110352360B (zh) | 2023-04-28 |
| KR102246430B1 (ko) | 2021-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110352360A (zh) | 防止中继攻击 | |
| US10427643B1 (en) | Defense against relay attack in passive keyless entry systems | |
| US11351962B2 (en) | Electronic key system | |
| US10266148B2 (en) | Method, computer program and apparatus for verifying authorization of a mobile communication device | |
| CN107415893B (zh) | 用于被动访问控制的方法 | |
| US10308221B2 (en) | Method for preventing relay attack on vehicle smart key system | |
| CN101931474B (zh) | 确定和防止对被动进入***的中继攻击的方法和*** | |
| US20180326946A1 (en) | Bluetooth low energy (ble) passive vehicle access control system for defending the system against relay attacks and method thereof | |
| Joo et al. | Hold the door! fingerprinting your car key to prevent keyless entry car theft | |
| CN108778844A (zh) | 激活车辆安全***的至少一项安全功能的方法 | |
| CA2495357A1 (en) | Rf volumetric intrusion detection device, system and method | |
| CN102972055A (zh) | 安全无线通信方法、接收设备及实施该方法的通信*** | |
| US11611876B2 (en) | Authentication system and authentication method | |
| Yao et al. | Aegis: An interference-negligible RF sensing shield | |
| US10363902B2 (en) | Anti-theft remote keyless entry system using frequency hopping with amplitude level control | |
| CN109863419B (zh) | 雷达装置以及电波干扰的回避方法 | |
| CN109348477B (zh) | 基于服务网络的无线物联网物理层认证方法 | |
| CN112020013B (zh) | 用于配网的方法及***、装置、设备 | |
| van de Beek et al. | Robustness of remote keyless entry systems to intentional electromagnetic interference | |
| Staat et al. | Analog Physical-Layer Relay Attacks with Application to Bluetooth and Phase-Based Ranging | |
| Chai et al. | How to develop clairaudience-active eavesdropping in passive RFID systems | |
| WO2003060835A2 (en) | Method of operating an access control system | |
| Ashworth et al. | Radio frequency identification and tracking of vehicles and drivers by exploiting keyless entry systems | |
| US11518343B2 (en) | Vehicle access based on RF digests/backgrounds | |
| RU2554090C1 (ru) | Способ защиты командно-измерительной системы космического аппарата |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |