Secure Passive Keyless Entry and Start System Using Machine Learning

  • Usman AhmadEmail author
  • Hong Song
  • Awais Bilal
  • Mamoun Alazab
  • Alireza Jolfaei
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11342)


Despite the benefits of the passive keyless entry and start (PKES) system in improving the locking and starting capabilities, it is vulnerable to relay attacks even though the communication is protected using strong cryptographic techniques. In this paper, we propose a data-intensive solution based on machine learning to mitigate relay attacks on PKES Systems. The main contribution of the paper, beyond the novelty of the solution in using machine learning, is in (1) the use of a set of security features that accurately profiles the PKES system, (2) identifying abnormalities in PKES regular behavior, and (3) proposing a countermeasure that guarantees a desired probability of detection with a fixed false alarm rate by trading off the training time and accuracy. We evaluated our method using the last three months log of a PKES system using the Decision Tree, SVM, KNN and ANN and provide the comparative analysis of the relay attack detection results. Our proposed framework leverages the accuracy of supervised learning on known classes with the adaptability of k-fold cross-validation technique for identifying malicious and suspicious activities. Our test results confirm the effectiveness of the proposed solution in distinguishing relayed messages from legitimate transactions.


Internet of Things Machine learning Passive keyless entry and start Relay attack Vehicle security 


  1. 1.
    Waraksa, T.J., Fraley, K.D., Kiefer, R.E., Douglas, D.G., Gilbert, L.H.: Passive keyless entry system. Google Patents, US Patent 4,942,393 (1990)Google Scholar
  2. 2.
    Francillon, A., Danev, B., Capkun, S.: Relay attacks on passive keyless entry and start systems in modern cars. In: Proceedings of the Network and Distributed System Security Symposium (NDSS) (2011)Google Scholar
  3. 3.
    Fu, K., Xu, W.: Risks of trusting the physics of sensors. Commun. ACM 61(2), 20–23 (2018)CrossRefGoogle Scholar
  4. 4.
    Bacchus, M., Coronado, A., Gutierrez, M.A.: The insights into car hacking (2017)Google Scholar
  5. 5.
    Jolfaei, A., Kant, K.: A lightweight integrity protection scheme for fast communications in smart grid. In: International Conference on Security and Cryptography, pp. 31–42 (2017)Google Scholar
  6. 6.
    Koscher, K., et al.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 447–462 (2010)Google Scholar
  7. 7.
    Checkoway, S., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security Symposium (2011)Google Scholar
  8. 8.
    Choi, W., Seo, M., Lee, D.H.: Sound-proximity: 2-factor authentication against relay attack on passive keyless entry and start system. J. Adv. Transp. (2018)Google Scholar
  9. 9.
    Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Black Hat USA, vol. 2015 (2015)Google Scholar
  10. 10.
    Benadjila, R., Renard, M., Lopes-Esteves, J., Kasmi, C.: One car, two frames: attacks on hitag-2 remote keyless entry systems revisited. In: USENIX Workshop on Offensive Technologies (2017)Google Scholar
  11. 11.
    Garfinkel, S., Rosenberg, B.: RFID: Applications, Security, and Privacy. Pearson Education India, Chennai (2006)Google Scholar
  12. 12.
    Van Herrewege, A., Singelee, D., Verbauwhede, I.: CANAuth - a simple, backward compatible broadcast authentication protocol for CAN Bus. In: ECRYPT Workshop on Lightweight Cryptography, vol. 2011 (2011)Google Scholar
  13. 13.
    Groza, B., Murvay, S., Van Herrewege, A., Verbauwhede, I.: LiBrA-CAN: a lightweight broadcast authentication protocol for controller area networks, pp. 185–200(2012)Google Scholar
  14. 14.
    Schweppe, H., Roudier, Y., Weyl, B., Apvrille, L., Scheuermann, D.: Car2X communication: securing the last meter-a cost-effective approach for ensuring trust in Car2X applications using in-vehicle symmetric cryptography. In: IEEE Vehicular Technology Conference, pp. 1–5 (2011)Google Scholar
  15. 15.
    Guan, L., Lin, J., Luo, B., Jing, J., Wang, J.: Protecting private keys against memory disclosure attacks using hardware transactional memory. In: IEEE Symposium on Security and Privacy, pp. 3–19 (2015)Google Scholar
  16. 16.
    Bruwer, F.: Microchips and remote control devices comprising same. Google Patents, US Patent 6,108,326 (2000)Google Scholar
  17. 17.
    Brainard, J., Juels, A., Rivest, R.L., Szydlo, M., Yung, M.: Fourth-factor authentication: somebody you know. In: ACM Conference on Computer and Communications Security, pp. 168–178 (2006)Google Scholar
  18. 18.
    Ranganathan, A., Capkun, S.: Are we really close? Verifying proximity in wireless systems. IEEE Secur. Priv. (2017)Google Scholar
  19. 19.
    Park, J., et al.: Intelligent vehicle power control based on machine learning of optimal control parameters and prediction of road type and traffic congestion. IEEE Trans. Veh. Technol. 58(9), 4741–4756 (2009)CrossRefGoogle Scholar
  20. 20.
    Sivaraman, S., Trivedi, M.M.: A general active-learning framework for on-road vehicle recognition and tracking. IEEE Trans. Intell. Transp. Syst. 11(2), 267–276 (2010)CrossRefGoogle Scholar
  21. 21.
    Avatefipour, O., Malik, H.: State-of-the-art survey on in-vehicle network communication (CAN-Bus) security and vulnerabilities. arXiv preprint arXiv:1802.01725 (2018)
  22. 22.
    Weber, M., Klug, S., Sax, E., Zimmer, B.: Embedded hybrid anomaly detection for automotive CAN communication. In: 9th European Congress on Embedded Real Time Software and Systems (2018)Google Scholar
  23. 23.
    Alazab, A., Hobbs, M., Abawajy, J., Alazab, M.: Using feature selection for intrusion detection system. In: International Symposium on Communications and Information Technologies (ISCIT), pp. 296–301. IEEE (2012)Google Scholar
  24. 24.
    Tran, K.-N., Alazab, M., Broadhurst, R., et al.: Towards a feature rich model for predicting spam emails containing malicious attachments and URLs. In: 11th Australasian Data Mining Conference, Canberra (2013)Google Scholar
  25. 25.
    Martinelli, F., Mercaldo, F., Nardone, V., Orlando, A., Santone, A.: Who’s driving my car? A machine learning based approach to driver identification (2018)Google Scholar
  26. 26.
    Kuwahara, T., et al.: Supervised and unsupervised intrusion detection based on CAN message frequencies for in-vehicle network. J. Inf. Process. 26, 306–313 (2018)Google Scholar
  27. 27.
    Kang, M.-J., Kang, J.-W.: Intrusion detection system using deep neural network for in-vehicle network security. PloS ONE 11(6), e0155781 (2016)CrossRefGoogle Scholar
  28. 28.
    Breiman, L.: Bagging predictors. Mach. Learn. 24(2), 123–140 (1996)zbMATHGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Usman Ahmad
    • 1
    Email author
  • Hong Song
    • 1
  • Awais Bilal
    • 2
  • Mamoun Alazab
    • 3
  • Alireza Jolfaei
    • 4
  1. 1.School of Software, Beijing Institute of TechnologyBeijingChina
  2. 2.National University of Sciences and TechnologyIslamabadPakistan
  3. 3.Charles Darwin UniversityDarwinAustralia
  4. 4.Federation University AustraliaMt HelenAustralia

Personalised recommendations