Terminology » UWB Digital Keys: Stopping Car Relay Attacks

UWB Digital Keys: Stopping Car Relay Attacks

uwb digital key security

Introduction : Automotive industry is shifting towards use of digital keys which allows drivers to unlock and start cars with their smartphones. Due to its use, security has become the top priority. Early iterations using Bluetooth Low Energy (BLE) suffered from a major vulnerability known as the Relay Attack. In this page, we will understand how relay attack occurs and how to prevent it with the help of latest UWB technology based solution. The UWB is standardized in the Car Connectivity Consortium (CCC) Digital Key 3.0 specification.

The Problem : How Relay Attack Works

As we know, traditional keys rely on signal strength i.e. RSSI to determine the distance. Let us understand system setup with how thieves perform theft.

  • Setup : The car is in the driveway and your phone or keys are inside the house.
  • Attack : Two thieves are performing theft together. Thief-A stands near house with booster device. Thief-B stands next to the car with receiver. The thief-A picks up the weak signal from your keys inside the house, amplifies it and beam it to thief-B. The car receives this amplified signal. As signal is very loud having strong RSSI, teh car is tricked to assume that owner is standing right next to its door. The car gets unlocked and thieves drive away the car.

The Solution : How UWB Stops it

As UWB does not rely on signal strength and relies on time, the problem can be solved. UWB operates like radar and measures exact time it takes for a radio pulse to travel from the car to the phone and back. The radio waves travel at constant speed i.e. 3 x 10^8 m/s.

  • The car sends cryptographic challenge to the phone. The phone processes it and sends a reply. The car measures the round trip time and calculates time of flight (ToF) in nanoseconds. Based on this, exact distance between both car and phone can be evaluated and will help in avoiding relay attack scenario. Let us understand how relay attack will fail when UWB is installed on the car.

  • Physical trap : The thieves amplify the signal but can not change the speed at which signal travels.

  • Delay : The signal travels much longer path i.e. Car -> Thief B ->Thief A ->House ->Phone -> Thief A -> Thief B -> Car.

  • Rejection : The extra distance adds time i.e. latency. The car expects reply in say 10 nanoseconds, but due to relay involvement it arrives in say 100 nanoseconds.

  • Result : The car’s security system sees the timestamp discrepancy. It concludes that “The signal is strong, but it took too long to get here. Actually the key is physically far away.” The car remains locked and the engine immobilized.

UWB Digital Key to prevent Relay Attack for Car theft

Conclusion: Because UWB measures time so precisely, it offers centimeter level accuracy (down to 10cm). This allows the car to create “Geofence Zones” around the vehicle that Bluetooth cannot match. UWB offers precision localization which is beyond anti-theft.