An Authentication Mechanism for Remote Keyless Entry Systems in Cars to Prevent Replay and RollJam Attacks

Modern cars come with Keyless Entry Systems that can be either Remote Keyless Entry (RKE) systems or Passive Keyless Entry and Start (PKES) systems. In the initial versions of RKE implementation, fixed code was used by the key fob to unlock the car door. However, this method is vulnerable to replay attacks as an adversary may capture and replay the same code later to unlock the car. A rolling code system was introduced to protect RKE systems from such replay attacks. Studies have shown that even the rolling code system is vulnerable to certain attacks. In this work, we investigate the attacks possible on RKE systems and propose an efficient and effective authentication mechanism to defend RKE systems against such attacks with minimal changes to the existing RKE system. The proposed mechanism makes use of hashing and asymmetric cryptographic techniques for the secure transmission of signals from the key fob to the car that cannot be replayed. The security of the proposed mechanism is shown using informal security proof and simulation of the proposed solution is also provided.