Remote Keyless Using Pre-Trained Deep Neural Network: History
Please note this is an old version of this entry, which may differ significantly from the current revision.

Keyless systems have replaced the old-fashioned methods of inserting physical keys into keyholes to unlock the door, which are inconvenient and easily exploited by threat actors. Keyless systems use the technology of radio frequency (RF) as an interface to transmit signals from the key fob to the vehicle.

  • artificial intelligence
  • cybersecurity
  • remote control

1. Introduction

Rapid technological advancement allows the usage of computers and wireless devices with modern vehicles to increase customer security and convenience [1]. Keyless systems are considered a vital component of modern vehicles because they perform several functions, such as locking and unlocking the doors, opening and closing the trunk, and starting the engine [2]. The first remote keyless system used with a vehicle was introduced in 1982 [3]. Keyless systems have replaced the old fashion methods of inserting physical keys into the keyhole to unlock the door, which are inconvenient and easily exploited by threat actors [4]. Generally, there are two types of keyless systems, remote keyless entry (RKE) and passive keyless entry (PKE) [5]. Both keyless systems use the technology of radio frequency (RF) as an interface to transmit signals from the key fob to the vehicle. In the RKE system, the driver needs to press the fob button to send the intended command to the vehicle, i.e., unlock the door. Then, the authenticated protocol is used to validate the vehicle’s owner [6]. However, the PKE system does not require drivers to press any button. Still, once the fob becomes close to the proximity distance of the vehicle, an authentication protocol establishes before the automated command is sent to the vehicle [7].
The early keyless system was developed based on static code sent from the key fob to the receiver, which is easily compromised by a thread actor who intercepts the transmitted signal and performs a replay attack [6]. A replay attack is also called a playback attack, when authorized legitimated data are captured and copied during transmission by a threat actor to be repeated for fraudulent purposes, as illustrated in Figure 1 [8]. Rolling codes attempted to overcome this issue by producing a changed code based on a counter. Therefore, a new code is generated every time the keyless system is used; however, a rolling code is also suspectable to different types of replay attacks [9]. Due to the vulnerability of the keyless systems, threat actors can exploit them to steal vehicles or owner belongings. For example, United Kingdom police broadcasted a video illustrating how a threat actor can steal a vehicle within 1 min using relay devices [10]. Furthermore, increasing the number of installed communication technologies, such as keyless, WiFi, and Bluetooth systems in a vehicle, leverages drivers’ and passengers’ convenience and enables fast transformation into automation. However, this opens the gate to more opportunities for establishing cyberattacks [11].
Figure 1. Replay Attack Targeting keyless system.
The theory of the CIA triad model, which is the conditionality, integrity, and availability, can be used to measure the security level of a system [11]. Conditionality assures that data will not be accessed by unauthorized users, programs, or procedures. To guarantee that only authorized users can access the data, sufficient control mechanisms are used. Integrity has much to do with reliability; thus, unauthorized users must not modify the data. Finally, availability ensures that data must be available and not prevented when users need it [12].
Recently, researchers used different authentication techniques to mitigate and prevent threats on keyless systems, such as authentication using smartphones [13], authentication using bioinformatics [14], and authentication using blockchain [15,16]. However, this field still needs more research to investigate how to resist malicious activities on keyless systems.

2. Remote Keyless Controlled Vehicles Using Pre-Trained Deep Neural Network

Modern vehicles are designed to rely on the keyless system when starting the engine and unlocking and locking doors instead of using traditional keys for the convenience of vehicle owners. However, there is a cost to using such technology because keyless systems are susceptible to various attacks, such as replay, relay, and man-in-the-middle (MITM) attacks [18].
Cryptography could be used to eliminate replay attacks, as the authors of [6] developed an encryption algorithm to prevent replay attacks on remote keyless vehicles. Their model was built based on asymmetrical and hashing methods to allow authentication between the vehicle and the owner. The authors of [19] also used cryptography methods to mitigate replay attacks in remote keyless systems by enhancing the performance of the KeeLoq algorithm. However, the authors of [4] illustrated that encryption techniques are insufficient for authentication, and there is a need for more security layers; therefore, they proposed the HODOR technique to detect attacks targeting keyless systems using a classifier algorithm they implemented. The vehicle owner needs to hold the door handle, and radio frequency fingerprinting is used to detect unauthorized commands based on collected features.
To enhance the authentication mechanism of the remote keyless system, [20] introduced an authentication protocol based on challenge-response pairs integrated with the RKE system. Therefore, the command sent from the key fob to the vehicle is first verified then a challenge is computed. Next, the computed challenge is sent from the vehicle to the key fob. Finally, the key fob computes the challenge and sends the response to the vehicle that verifies the response and executes the command.
Smart vehicles that use a controlled area network (CAN) for communication purposes are vulnerable to cyberattacks since CAN protocol has limited security mechanisms to provide comprehensive, secure communication [21]. There are several reasons for CAN vulnerabilities of cyberattacks, such as that the exchanged messages between the physical components are not encrypted, and all components are connected with the same CAN bus; therefore, the same message can be broadcasted to all components [21]. Aldhyani et al. [22] implemented a deep learning model that integrates a convolution neural network (CNN) with long short-term memory (LSTM) to defend the self-driving car network from various cyberattacks, such as packets, replaying, and spoofing attacks. The authors evaluated their model using a collected dataset from real network traffic of CAN that was injected with the cyberattacks above. They achieved 97.30% using the classification accuracy metric.
The authors of [23] proposed a biometric method to enhance the security of the keyless system. Their model integrates two security levels: face recognition and fingerprint. In the face recognition phase, the driver’s face is captured using a camera attached to the vehicle door, and a spoofing algorithm is used to perform anomaly detection to identify the legitimacy of the driver. In the fingerprint phase, the driver’s fingerprint is scanned using another spoofing algorithm; therefore, if the fingerprint is confirmed, the driver can access the vehicle. However, this model has a challenge in finding the perfect position of the camera used for face recognition.
Blockchain is a recent technology that can also be used to enhance the security of the keyless system. It is an advanced technology built to increase the security of pair-to-pair networks. Blockchain is considered a decentralized distributed system. It is a well-known technology used to secure transactions in the cryptocurrency market, such as Bitcoin [24]. The authors of [8] proposed an authentication model based on a Blockchain system. Basically, the transmitted data between the key fob and the vehicle is encrypted using hash algorithms. The authors compared secure hash algorithms: SHA-1, SHA-256, SHA-512, and message digest (Md5).
Machine learning (ml) techniques can be used to mitigate the impacts of attacks targeting keyless systems. The authors of [25] implemented a data-intensive model using ml to prevent relay attacks on the PKE system. The authors developed their models based on artificial neural networks (ANN), K-nearest neighbors (KNN), support vector machines (SVM), and decision trees. They trained their ml algorithms using the following features: date, time, elapsed time, location, type of day, key fob signal strength, and key fob acceleration. According to the authors, the decision tree outperformed the other ml algorithms and reached 99% accuracy based on the classification accuracy metric.
Most keyless systems use radio-frequency identification (RFID) technology as an interface to transmit a command from the key fob to the vehicle. However, RFID could be vulnerable to various malicious attacks, such as relay attacks. Therefore, the authors of [26] used several security features to proximity identify the location of the vehicle based on contextual information, such as global positioning system (GPS) coordinates, receiving signal strength indicator (RSSI), and WiFi access points. Therefore, their technique helps to overcome the vulnerability of RFDI, which can be compromised using a variety of attacks, such as relay attacks. Moreover, the authors of [10] proposed a context detection method to detect relay attacks on passive keyless entry systems using a smartphone. Therefore, a secure connection between the vehicle owner’s smartphone and the vehicle is established using Bluetooth low energy (BLE) technology to track the location of the vehicle’s owner and determine their proximity to the vehicle, then evaluate the legality of the owner.
The authors of [27] proposed a timestamp-based method to defend remote keyless systems from replay attacks. The authors enhanced the rolling-code algorithm by adding a timestamp factor (time in seconds) to the generated code. Therefore, each time the rolling-code algorithm generates code, the time in seconds is added as a parameter with the generated code. Even though a threat actor captures the generated code, they still need to know when the code was generated. However, this method requires the clock to be synchronized between the sender and receiver. Table 1. lists a summary of the most recent proposed solutions to leverage the security of the keyless system.
Table 1. Summary of recently proposed solutions for the security of the keyless system.
Research Proposed Solution
[6] Poolat et al. Asymmetrical and hashing methods
[19] Madhumitha et al. Enhanced KeeLoq algorithm
[4] Kyungho et al. HODOR
[20] Jinita et al. Challenge-response pairs
[22] Aldhyani et al. CNN and LSTM
[23] Béatrix-May et al. Biometric
[8] Husain et al. Blockchain
[25] Usman et al. ML
[26] Juan et al. Contextual information
[10] Jing et al. Contextual information
[27] Greene et al. Timestamp-based

This entry is adapted from the peer-reviewed paper 10.3390/electronics11203376

This entry is offline, you can click here to edit this entry!
Video Production Service