Attacking Automotive RKE Security: How Smart are your ‘Smart’ Keys?

Ritul Satish; Alfred Daimari; Argha Chakrabarty; Kahaan Shah; Debayan Gupta

Paper 2024/1816

Attacking Automotive RKE Security: How Smart are your ‘Smart’ Keys?

Ritul Satish, Ashoka University

Alfred Daimari

Argha Chakrabarty, Ashoka University

Kahaan Shah, Ashoka University

Debayan Gupta

, Ashoka University

Abstract

Remote Keyless Entry (RKE) systems are ubiqui- tous in modern day automobiles, providing convenience for vehicle owners - occasionally at the cost of security. Most automobile companies have proprietary implementations of RKE; these are sometimes built on insecure algorithms and authentication mechanisms. This paper presents a compre- hensive study conducted on the RKE systems of multiple cars from four automobile manufacturers not previously explored. Specifically, we analyze the design, implementation, and security levels of 7 different cars manufactured by Honda, Maruti-Suzuki, Toyota, and Mahindra. We also do a deep dive into the RKE system of a particular Honda model. We evaluate the susceptibility of these systems to known vulnerabilities (such as RollJam and RollBack at- tacks). This is accomplished using a novel tool – ‘Puck- py’, that helps analyze RKE protocols. Our tool automates several aspects of the protocol analysis process, reducing time and logistical constraints in RKE research; we provide standardized protocols to execute various attacks using our Puck-Py tool. We find that, despite having a long period of time to fix security issues, several popular automobiles remain susceptible to attacks, including the basic RollJam attack.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Preprint.
Keywords: Automotive Security RKE Security SDR RF Artifact
Contact author(s): ritulsatish @ gmail com
alfred daimari @ alumni ashoka edu in
argha chakrabarty @ alumni ashoka edu in
kahaan shah @ alumni ashoka edu in
debayan gupta @ ashoka edu in
History: 2024-11-10: revised; 2024-11-06: received; See all versions
Short URL: https://ia.cr/2024/1816
License: CC BY

BibTeX

@misc{cryptoeprint:2024/1816,
      author = {Ritul Satish and Alfred Daimari and Argha Chakrabarty and Kahaan Shah and Debayan Gupta},
      title = {Attacking Automotive {RKE} Security: How Smart are your ‘Smart’ Keys?},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1816},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1816}
}