Smart Key System
Enhancing vehicle security through a smartphone-based smart key system with advanced encryption and authentication.
Overview
Traditional vehicle entry systems with basic RF chip key fobs are vulnerable to attacks like replay, roll jam, and rollback due to limited encryption and power constraints, making them easy targets for attackers. Current Android key fobs are often designed specifically for each manufacturer, limiting interoperability and flexibility across different vehicle brands.
Our Smart Key System addresses these vulnerabilities by developing an Android application that replaces traditional key fobs. By leveraging smartphones' computational power, we can generate longer and more secure encryption keys, encrypt signals to prevent man-in-the-middle attacks, and incorporate user authentication with Role-Based Access Control (RBAC) and time-based permissions.
Research Problem
- Vulnerability of traditional key fobs to replay attacks
- Limited encryption capabilities due to power constraints
- Lack of user authentication in current systems
- Manufacturer-specific implementations limiting interoperability
- Vulnerability to Rolling-PWN attacks in modern vehicles
Research Objectives
- Develop an Android application to replace traditional key fobs
- Implement enhanced encryption methods for secure communication
- Incorporate user authentication and access control
- Establish secure communication protocols
- Design an offline unlocking mechanism for emergency situations
Methodology
Our approach combines mobile application development, hardware integration, and advanced cryptographic techniques to create a secure and user-friendly smart key system.
System Architecture
The Smart Key System consists of three main components:
- Mobile Application: Android app with user authentication, vehicle management, and secure communication capabilities.
- Vehicle Hardware Module: Raspberry Pi-based system with NFC, BLE, and security modules for vehicle integration.
- Backend Server: Manages user accounts, vehicle registrations, and security policies.
Mobile App
- Flutter framework
- Biometric authentication
- AES-256-GCM encryption
- BLE communication
- NFC capabilities
Security Measures
- Ephemeral key derivation
- One-time key usage
- JWT with 1-hour expiry
- Mutual BLE challenge-response
- Stolen vehicle check
Access Control
- Role-based access control
- Time-based permissions
- Geofencing capabilities
- Multi-factor authentication
- Audit logging
Current Progress
Our research has made significant progress in developing and implementing the Smart Key System:
Completed Tasks
- Developed the mobile application with user authentication and vehicle management features
- Integrated the backend server for communication with the application and hardware
- Set up the Raspberry Pi and other modules and connected with the application
- Implemented strong cryptographic key management in the communication
- Developed role-based user groups for vehicle access management
- Integrated with the PUF solution for enhanced security
Future Steps
- Fine-tune the mobile application and integrate with other components
- Integrate and adjust the previously trained ML model with the backend server to detect time anomalies
- Conduct comprehensive security testing and vulnerability assessment
- Implement user feedback from preliminary testing
Implementation Highlights
Mobile Application UI
Hardware Setup
