阅读说明：本技术 用于防护系统免于中继攻击的蓝牙低功耗（ble）被动车辆访问控制系统及其方法 (Bluetooth Low Energy (BLE) passive vehicle access control system and method for protecting system from relay attack ) 是由 M.博卡 V.贾因 C.朗 H.李 于 2018-05-04 设计创作，主要内容包括：提供了集成到车辆中的蓝牙低功耗(BLE)被动车辆访问控制系统和外部设备,以防护系统免于中继攻击。该系统包括位置接收器,其被配置成确定系统的当前位置。系统的位置可以是以纬度和经度、高度、或其组合的形式。该系统还包括车辆和外部设备。位置接收器可以集成到车辆、外部设备或两者中。处理器可通信耦合至位置接收器,至任何数量的无线收发器。被配置成比较车辆和外部设备二者的当前位置的比较器可以可选地耦合至位置接收器和处理器。可以在车辆中安装任何数量的用于产生磁场的电磁体,并且所述电磁体位于邻近收发器。外部设备的磁力计测量磁场强度,用磁性密钥加密磁场,并且将经加密的磁场返回给车辆。(a Bluetooth Low Energy (BLE) passive vehicle access control system and external devices integrated into a vehicle are provided to protect the system from relay attacks. The system includes a position receiver configured to determine a current position of the system. The location of the system may be in the form of latitude and longitude, altitude, or a combination thereof. The system also includes a vehicle and an external device. The position receiver may be integrated into the vehicle, the external device, or both. The processor may be communicatively coupled to the position receiver to any number of wireless transceivers. A comparator configured to compare the current locations of both the vehicle and the external device may optionally be coupled to the location receiver and the processor. Any number of electromagnets for generating a magnetic field may be installed in the vehicle and located adjacent to the transceiver. The magnetometer of the external device measures the magnetic field strength, encrypts the magnetic field with the magnetic key, and returns the encrypted magnetic field to the vehicle.)

1. A BLE passive vehicle access control system comprising:

A vehicle;

an external device communicatively coupled to the vehicle;

A position receiver assembly configured to determine coordinates of at least one of the vehicle and the external device; and

A processor communicably coupled to the position receiver assembly, the processor disabling communication between a vehicle and the external device if the coordinates of the vehicle and the external device do not match.

2. The BLE passive vehicle access control system of claim 1, wherein the location receiver assembly comprises a first location receiver and a second location receiver;

Wherein a first location receiver determines coordinates of the vehicle and a second location receiver determines coordinates of the external device.

3. the BLE passive vehicle access control system of claim 2, wherein the coordinates comprise at least one of latitude and longitude, and altitude of the vehicle and the external device.

4. The BLE passive vehicle access control system of claim 3, further comprising a comparator configured to compare the coordinates of the vehicle and the external device.

5. the BLE passive vehicle access control system of claim 2, wherein the location receiver component is a Global Positioning System (GPS).

6. the BLE passive vehicle access control system of claim 2, further comprising a magnetometer configured to measure the strength of a magnetic field produced by the vehicle, encrypt the measured magnetic field with a magnetic key, and return the measured magnetic field to the vehicle with the encrypted magnetic key.

7. The BLE passive vehicle access control system of claim 6, wherein the magnetometer is disposed in the external device.

8. The BLE passive vehicle access control system of claim 6, wherein the external device is at least one of a key/card device and a client device.

9. The BLE passive vehicle access control system of claim 8, wherein the key/card device is a key fob, a key card, an access key, an access card, a smart card, and a smart key.

10. The BLE passive vehicle access control system of claim 8, wherein the client device is a smartphone, a Personal Digital Assistant (PDA), a tablet, a laptop, a portable personal computer, a tablet, a wearable device, a thin device, a thick device, an entertainment device, and an infotainment device.

11. an access control system for a vehicle, comprising:

A sensor for measuring at least one of coordinates or magnetic field strength of the vehicle; and

A processor in communication with the sensor configured to disable a connection between an external device and the vehicle.

12. The access control system of claim 11, wherein the sensor is a location receiver disposed in the vehicle communicably coupled to an external device to measure coordinates of the vehicle.

13. The access control system of claim 12, wherein the coordinates are at least one of latitude and longitude, and altitude of the vehicle.

14. The access control system of claim 11, wherein the sensor is a magnetometer configured to measure a strength of a magnetic field generated by the vehicle, the magnetometer being disposed in an external device communicatively couplable to the vehicle.

15. The access control system of claim 14, wherein the magnetometer is further configured to encrypt the measured magnetic field strength with a magnetic key and return the measured magnetic field strength to the vehicle with the magnetic key.

16. A method, comprising:

measuring at least one of coordinates of one of the vehicle and the external device; and

Disabling a connection between an external device and the vehicle;

Wherein the coordinates of the vehicle and the external device do not match very closely to each other.

17. The method of claim 15, further comprising:

measuring the strength of a magnetic field generated by the vehicle;

Encrypting the measured magnetic field strength with a magnetic key; and

returning the measured magnetic field strength to the vehicle with the magnetic key.

Technical Field

The present disclosure relates generally to access control systems (access control systems) that are protected from relay attacks, and more particularly to BLE passive vehicle access control systems and methods thereof for protecting the systems from relay attacks.

background

Unless otherwise indicated herein, the materials described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.

The key fob (key fob) of a standard Passive Entry System (PES) typically operates on two Radio Frequencies (RF). For example, Low Frequency (LF) communication is used for proximity detection and localization required for Comfort Entry Go (CEG) functionality. Another frequency, such as Ultra High Frequency (UHF), is used to extend the communication range to enable Remote Keyless Entry (RKE) functionality. Passive Entry Systems (PES) have strict proximity/positioning requirements. For example, with the PES system providing RKE and CEG, a vehicle will unlock doors only when the driver or a person authorized for access is within a boundary of about 2m from the vehicle. The PES/CEG system will also allow the user or driver to start the engine only when the key fob is inside the vehicle. These positioning requirements are difficult to meet for any wireless technology. Therefore, current systems require LF (e.g., 125 kHz) antennas both inside and outside the vehicle, along with optimal power control, to meet the proximity/location requirements. On the other hand, to meet both the range requirement (about 50 m) and the antenna size requirement (i.e., the antenna needs to fit in a smaller key fob), the communication link from the key fob to the vehicle for the RKE (i.e., when the user explicitly presses the lock/unlock button on the key fob) is UHF-based.

These systems are susceptible to relay attacks. In a relay attack, the attacker uses a relay device (such as an analog amplifier) to amplify the signal received from the PES or key fob on the vehicle and retransmit the received signal back to the system or key fob. This attack causes the key fob to believe that the driver is near the vehicle, so the key fob sends an access control command to the vehicle at UHF, which in turn unlocks the vehicle. In more advanced attacks, an attacker may also employ advanced relay devices that are able to measure the power of the received signal and replicate the signal by adjusting the transmit power accordingly.

electronic and wearable devices that integrate keyless passive entry systems are becoming more widely used due to several advantages. For example, the user need not rely on a key fob to access the vehicle, and further, the user need not actively interact with the PES-integrated device or key fob to access the vehicle. However, these devices that integrate PES are also susceptible to relay attacks.

Accordingly, there is a long felt need to provide improved passive vehicle access control systems to protect the systems from relay attacks.

Disclosure of Invention

The following sets forth a summary of certain embodiments disclosed herein. It should be understood that these aspects are presented merely to provide the reader with a brief summary of these certain embodiments and that these aspects are not intended to limit the scope of this disclosure. Indeed, this disclosure may encompass a variety of aspects that may not be set forth below.

embodiments of the present disclosure related to a BLE passive vehicle access control system include a vehicle, an external device communicably coupled to the vehicle, a location receiver component configured to determine coordinates of at least one of the vehicle and the external device, and a processor communicably coupled to the location receiver component, the processor disabling communication between the vehicle and the external device if the coordinates of the vehicle and the external device do not match. The position receiver assembly includes a first position receiver and a second position receiver, wherein the first position receiver determines coordinates of the vehicle and the second position receiver determines coordinates of the external device. The coordinates include at least one of latitude and longitude, and altitude of the vehicle and the external device. The BLE passive vehicle access control system further includes a comparator configured to compare the coordinates of the vehicle and the external device. The location receiver component is a Global Positioning System (GPS). The BLE passive vehicle access control system also includes a magnetometer configured to measure a strength of a magnetic field generated by the vehicle, encrypt the measured magnetic field with a magnetic key (secret magnetic key), and return the measured magnetic field to the vehicle with the encrypted magnetic key. The magnetometer is disposed in the external device.

According to another exemplary embodiment of the present disclosure, an access control system includes a sensor for measuring at least one of a coordinate or a magnetic field strength of a vehicle and a processor in communication with the sensor, the processor configured to disable a connection between an external device and the vehicle. The sensor is a position receiver disposed in the vehicle communicably coupled to an external device to measure coordinates of the vehicle. The coordinates are at least one of latitude and longitude, and altitude of the vehicle. The sensor is a magnetometer configured to measure a strength of a magnetic field generated by the vehicle, the magnetometer being disposed in an external device communicatively couplable to the vehicle. The magnetometer is further configured to encrypt the measured magnetic field strength with a magnetic key and return the measured magnetic field strength to the vehicle with the magnetic key. According to another exemplary embodiment of the present disclosure, a method comprises: measuring at least one of the coordinates of one of a vehicle and an external device, and disabling a connection between the external device and the vehicle, wherein the coordinates of the vehicle and the external device do not match very closely to each other. The method further comprises the following steps: the method includes measuring a strength of a magnetic field generated by the vehicle, encrypting the measured magnetic field strength with a magnetic key, and returning the measured magnetic field strength to the vehicle with the magnetic key.

Drawings

These and other features, aspects, and advantages of the present disclosure will become better understood when the following detailed description of certain exemplary embodiments is read with reference to the accompanying drawings in which like characters represent like items (arts) in the drawings, wherein:

FIG. 1 is a block diagram of a system according to described embodiments of the present disclosure;

FIG. 2 is a chart showing RSS profile data according to the disclosure;

FIG. 3 is a block diagram of a system according to another described embodiment of the present disclosure;

FIG. 4 is a block diagram of a system according to yet another described embodiment of the present disclosure; and

fig. 5 is a block diagram of a system according to another described embodiment of the present disclosure.

Detailed Description

the following description is presented to enable any person skilled in the art to make and use the described embodiments, and is provided in the context of a particular application and its requirements. Various modifications to the described embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be applied to other embodiments and applications without departing from the spirit and scope of the described embodiments. Thus, the described embodiments are not limited to the embodiments shown, but are to be accorded the widest scope consistent with the principles and features described herein.

FIG. 1 illustrates a system 10 according to the disclosure. The system 10 is a passive vehicle access control system that includes a vehicle 12 and an external device 14 communicatively coupled to the vehicle 12 via a communication link. As illustrated, the communication link is a Bluetooth (BT) communication protocol and standard, including a Bluetooth Low Energy (BLE) communication protocol. The external device 14 may be any BLE-enabled device, such as a key/card device or any other client device. The external device 14 also includes passive vehicle access control functionality commonly known in the art. The key/card device may be a key fob, key card, client device, access key, access card, smart key, or any suitable BLE-enabled device. The client device may be a smartphone, Personal Digital Assistant (PDA), tablet, laptop, portable personal computer, tablet handset, wearable device, thin device (thinview), thick device (thick device), entertainment device, infotainment device, or any suitable portable/wearable device including bluetooth low energy protocol or any suitable BT communication protocol. As illustrated, the key/card device is a fob 18 and the client device is a tablet phone 16, both having BLE passive vehicle access control. A plurality of wireless transceivers 20, 22, 24, 26, including integrated antennas, are mounted at various locations in and around the vehicle 12. In one embodiment, the antenna is a directional antenna. Other suitable antennas may be integrated into or coupled to the transceiver depending on the application. For example, the wireless transceivers 20 and 24 are mounted near the front door handle. The wireless transceiver 22 is mounted near the rear end of the vehicle, while the wireless transceiver 26 is mounted at the front end of the vehicle. For example, the wireless transceiver 26 is located at a position near the dashboard. As can be seen, the remaining wireless transceivers 20, 22, 24 are all externally facing, except for the wireless transceiver 26 that faces the interior of the vehicle. Any number of transceivers 20, 22, 24, 26 periodically transmit a signal, such as an advertising beacon, to announce the presence of the vehicle 12 to at least one of the fob 18 or the tablet 16 carried by the driver or authorized person of the vehicle 12. When one of the fob 18 or the tablet 16 receives these advertising beacons, one of the fob 18 or the tablet 16 initiates or initiates a connection and authentication process with the vehicle 12 via, for example, the transceivers 20, 22, 24, 26. During this process, the vehicle 12 continuously exchanges data packets with one of the fob 18 or the tablet phone 16. Upon completion of this process, one of the fob 18 or the tablet phone 16 periodically transmits beacons while any number of the transceivers 20, 22, 24, 26 or BLE-enabled passive vehicle access control devices coupled with the transceivers 20, 22, 24, 26 measure the Received Signal Strength (RSS) of the beacons to estimate the location of one of the fob 18 or the tablet phone 16. A BLE-enabled passive vehicle access control device is also located on the vehicle 12. In some embodiments, more than one BLE-enabled passive vehicle access control device may be installed in the vehicle 12 and then coupled to any on-board device via any number of communication links. In some embodiments, the BLE-enabled passive vehicle access control device is remotely located outside of the vehicle 12 and may be communicatively coupled to the vehicle 12 via any suitable communication interface. In another embodiment, a BLE-enabled passive vehicle access control device is located in a network. The network may be, for example, a Local Area Network (LAN), a Metropolitan Area Network (MAN), a Wide Area Network (WAN), a main network including a plurality of subnets between the vehicle 12 and the external device 14, a cloud network, and the like. In yet another embodiment, the BLE-enabled passive vehicle access control device is located on a server. The cloud network may be, for example, a public cloud network, a private cloud network.

To increase the level of security in controlling access to the vehicle and to protect the system 10 from relay attacks performed during communications established between the vehicle 12 and the external device 14, a motion detector 28 disposed in the external device 14 is provided. In one embodiment, motion detector 28 includes an accelerometer and is configured to detect and distinguish between various types of motion and vibration. In some embodiments, motion detector 28 includes a motion sensor, gyroscope, magnetometer, vibration sensor, or any other suitable sensor. Desired program code in the form of a set of computer-executable instructions or data structures may be stored in motion detector 28 and the instructions allow motion detector 28 to detect and distinguish between various types of motion and vibration. A processor coupled to the accelerometer 28 receives the measured information including acceleration data, compares the acceleration data to a set of predetermined criteria as described in detail below, and distinguishes the acceleration data associated with the motion or vibration of the external device 14. In addition, the processor analyzes the acceleration data to determine whether the sequence of motions and vibrations matches a set of predetermined criteria (i.e., an expected sequence of motions and vibrations). A set of predetermined criteria includes significant or maximum movement, such as going to or departing from the vehicle; minimal motion, such as single step detection; no motion, e.g., no change in position; vibration modes, and the like. If the sequence of motions and vibrations does not match the set of predetermined criteria, then bi-directional communication between the vehicle 12 and the external device 14 is disabled, which in turn destroys any relay attacks.

The motion detector 28 of the external device 14 or a processor located in the vehicle 12 may be configured to distinguish between real motion events and spurious motion events. For example, a processor located in the vehicle 12 receives measured information including acceleration data from the motion detector 28, compares the acceleration data to a set of predetermined criteria, and distinguishes the acceleration data between true motion events and false motion events. If the event is determined to be a spurious motion event, i.e., the external device 14 is not moving, then the two-way communication between the vehicle 12 and the external device 14 is disabled to protect the vehicle 12 and the external device 14 from any relay attack. In one example, the processor and accelerometer may be integrated into the motion detector 28. In another example, the processor is located somewhere within the external device 14 and is a separate component from the motion detector 28. In yet another example, a processor is located in the vehicle 12 and the motion detector 28 may be communicatively coupled to the processor.

to provide another level of security in controlling access to the vehicle and to protect the system 10 from relay attacks during communications established between the vehicle 12 and the external device 14, a microprocessor 30 is provided having a set of computer-executable instructions, including a TX power profile. During the connection and authentication phase, the external device 14 and the vehicle 12 transmit several packets to each other. For example, a transmitting device (such as the external device 14) modulates the continuously transmitted Transmit (TX) power level according to a particular and secret pattern, creating an identical RX power (RSS) level profile at the receiving end of the communication link (such as the vehicle 12) that is used as an authentication before establishing a connection between the external device 14 and the vehicle 12. The receiving end of the communication link in the vehicle 12 measures the RX power (RSS) level of the continuous incoming signal, which is compared to a predefined security pattern stored in a machine-readable medium. The machine-readable medium may be located in the vehicle 12, the external device 14, a network, or a server. If the RSS of the incoming signal is constant, then communication between the vehicle 12 and the external device 14 is disabled, which in turn destroys any relay attacks. Fig. 2A shows a chart 40 of a constant RSS profile generated by an attacker. Referring now to fig. 2B, the secret TX power profile results in a specific and secret RSS profile pattern, as illustrated by graph 48. As can be seen, both the vehicle 12 and the external device 14 are able to detect the presence of a relay attack by measuring the power of the received signal and then comparing the resulting RSS profile to a predefined and secure TX power profile. In one embodiment, the same packet (message) is transmitted multiple times during the connection and authentication phases in a manner that changes the transmit power level. In another embodiment, each packet (message) is transmitted during the connection and authentication phase in a manner that changes the transmit power level. In yet another embodiment, the transmit power level used to transmit the packet (message) may be added to the payload of the encrypted transmitted packet. The receiving end of the communication link in the vehicle 12 measures the RSS of the received packet and adds this value to the payload of the encrypted response packet. In turn, the transmitting device 14 further uses this information to adjust its own transmit power level to the same level.

Fig. 3 illustrates another system 60 according to the disclosure. The system 60 is the same as the system 10 illustrated in fig. 1, except that the system 60 includes a barometric pressure sensor 64 configured to measure barometric pressure, which is ultimately converted to a height value. If the height value of the vehicle 12 does not match the height value of the external device 14, then the two-way communication between the vehicle 12 and the external device 14 is disabled, which in turn destroys any relay attack. This altitude or barometric pressure reading process provides a level of security in controlling access to the vehicle 12 and in order to protect the system 60 from relay attacks during communications established between the vehicle 12 and the external device 14. In one embodiment, the barometric pressure sensor 64 is integrated into the motion detector 28. In another embodiment, barometric pressure sensor 64 may be a separate component that may be communicatively coupled to motion detector 28. Suitable program code in the form of a set of computer-executable instructions or data structures may be stored in the barometric pressure sensor 64, and the instructions cause the barometric pressure sensor 64 to measure the barometric pressure level and compare the resulting altitude of the vehicle 12 and the external device 14. In some embodiments, the processor previously described in fig. 1 is not only capable of comparing the acceleration data collected by accelerometer 28 to a set of predetermined criteria and distinguishing between acceleration data associated with movement or vibration of external device 14, but the processor is also capable of comparing the altitude of vehicle 12 and external device 14.

Fig. 4 illustrates another system 80 according to the disclosure. The system 80 is the same as the system 10 illustrated in fig. 1, except that the system 80 includes a position receiver 82 for determining the current position of the system. In one embodiment, the location receiver 82 is a Global Positioning System (GPS) configured to determine the current coordinates of the system, such as latitude and longitude. In another embodiment, the location receiver 82 may determine the altitude of the system 80 other than latitude and longitude. Each of the external device 14 and the vehicle 12 includes a location receiver 82. The location receiver 82 of the external device 14 transmits the current location details of the external device 14 to the vehicle 12 via a suitable communication protocol. The location receiver 82 of the vehicle 12 receives the current location details of the external device 14 and compares the received current location details of the external device 14 with the current location details of the vehicle 12. If the two location details of the vehicle 12 and the external device 14 do not match, then the two-way communication between the vehicle 12 and the external device 14 is disabled and the authentication process is terminated. In some embodiments, an optional comparator may be provided to compare the current location details of both the vehicle 12 and the external device 14. If the current location details of the vehicle 12 and the external device 14 do not match each other, then the two-way communication between the vehicle 12 and the external device 14 is disabled and the authentication process is terminated. In one embodiment, the comparator may be integrated into the position receiver 82. In other embodiments, the comparator may be coupled to the position receiver 82.

Fig. 5 illustrates another system 100 according to the disclosure. The system 100 is the same as the system 10 illustrated in fig. 1, except that the system 100 is configured to measure the strength of the magnetic field generated by the vehicle 12. As depicted, the vehicle 12 includes at least one electromagnet E that is located at the same location as the transceivers 20, 22, 24, 26. In some embodiments, the electromagnet E may be positioned within the transceiver 20, 22, 24, 26. In another embodiment, the electromagnet E may be positioned adjacent to the transceivers 20, 22, 24, 26. Three electromagnets E are depicted, however, any number of electromagnets may be suggested without departing from the scope of the present disclosure. The external device 14 (such as the fob 18, the thin client 28, or any suitable device) includes at least a sensor 92, such as a magnetometer. When the vehicle 12 receives a packet from the relay attacker that replicates the external device 14, the vehicle 12 generates a magnetic field that includes a change in strength based on the randomly generated key. Any of the external devices 14 uses the magnetometer 92 to measure the strength of the magnetic field generated by the vehicle 12. The magnetometer 92 encrypts the measured magnetic field with a magnetic key and transmits the measured magnetic field back to the vehicle 12 along with the encrypted magnetic key. This process confirms that the external device 14 is indeed present near the vehicle 12. If the magnetic fingerprint cannot be identified or measured by at least one of the external devices 14, the external device 14 receives a packet that includes the magnetic fingerprint and determines that the received packet was not transmitted by the vehicle 12 but was transmitted from another unauthorized device, such as an attacker. The external device 14 continues to detect any ongoing attacks and stops communicating with the vehicle 12.

The embodiments described above have been shown by way of example, and it should be understood that they may be susceptible to various modifications and alternative forms. It should be further understood that the claims are not intended to be limited to the particular forms disclosed, but rather to cover all modifications, equivalents, and alternatives falling within the spirit and scope of this disclosure.

Embodiments within the scope of the present disclosure may also include non-transitory computer-readable storage media or machine-readable media for carrying or having computer-executable instructions or data structures stored thereon. Such non-transitory computer-readable storage media or machine-readable media can be any available media that can be accessed by a general purpose or special purpose computer. By way of example, and not limitation, such non-transitory computer-readable storage media or machine-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code means in the form of computer-executable instructions or data structures. Combinations of the above should also be included within the scope of non-transitory computer-readable storage media or machine-readable media.