JP2019203329A - Portable machine, on-vehicle unit, and remote keyless entry system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve safety of a remote keyless system. A portable device according to one embodiment includes a portable device receiving unit including a three-axis antenna that receives a request signal including a measurement signal transmitted from a plurality of transmitting antennas by the on-vehicle device, and the on-vehicle device. A portable device transmitter that transmits an answer signal, and a portable device controller that controls the portable device receiver and the portable device transmitter, and the portable device controller receives the measurement signal for each axis. A reception signal strength calculation unit that calculates a signal strength, a similarity calculation unit that calculates a similarity between the reception signal strengths of the measurement signals transmitted from different transmission antennas, and a plurality of the similarity degrees And a relay attack determination unit that determines whether or not a relay attack has been performed. [Selection diagram]

Description

  The present invention relates to a portable device, a vehicle-mounted device, and a remote keyless entry system.

  Conventionally, as a system for wirelessly controlling unlocking and locking of a vehicle, there is a remote keyless entry system (hereinafter referred to as “RKE system”) including an in-vehicle device installed in a vehicle and a portable device possessed by a user. It's being used. In the RKE system, the vehicle-mounted device periodically transmits a request signal by radio, the portable device of the user approaching the vehicle returns an answer signal in response to the request signal, and the vehicle-mounted device is a portable device based on the answer signal. And unlock and lock the vehicle according to the authentication result.

  As a vehicle theft method employing the RKE system, a relay attack is known. Relay attack is a method in which a relay device relays a request signal to a user's portable device away from the vehicle, thereby causing the portable device to transmit an answer signal and illegally unlocking the vehicle. As a countermeasure against this relay attack, the portable device receives a request signal by a three-axis antenna, calculates an intensity ratio for each axis, and a relay attack is performed depending on whether or not the intensity ratio matches for a plurality of request signals. A method of determining whether or not has been proposed has been proposed. According to this method, when the intensity ratios of a plurality of request signals match, it is determined that a relay attack has been performed.

JP 2006-342545 A

  However, the above-described conventional countermeasure has a problem that it is erroneously determined that the relay attack has not been performed when the intensity ratio of the plurality of request signals is accidentally changed even though the relay attack is performed.

  The present invention has been made in view of the above problems, and an object of the present invention is to improve the safety of the RKE system.

  A portable device according to an embodiment transmits a response signal to a portable device receiving unit including a three-axis antenna that receives a request signal including a measurement signal transmitted from a plurality of transmission antennas by the on-vehicle device. A portable device transmitter, and a portable device controller that controls the portable device receiver and the portable device transmitter. The portable device controller calculates a received signal strength for each axis of the measurement signal. A received signal strength calculating unit, a similarity calculating unit for calculating a similarity between the received signal strengths of the measurement signals transmitted from different transmitting antennas, and a relay attack based on the plurality of similarities A relay attack determination unit that determines whether or not

  According to each embodiment of the present invention, the safety of the RKE system can be improved.

The figure which shows an example of a RKE system. The figure which shows an example of an answer signal and a request signal. The figure explaining the outline | summary of operation | movement of a RKE system. The figure which shows a relay attack. The figure which shows an example of a function structure of a portable device control part. The figure which shows an example of the ratio of the received signal strength Ix, Iy, Iz of the signal for measurement. The figure which shows an example of the ratio of the received signal strength Ix, Iy, Iz of the signal for measurement. The figure which shows an example of the determination method of a relay attack. The figure which shows an example of a function structure of an onboard equipment control part. The flowchart which shows an example of the transmission process of the request signal by onboard equipment. The flowchart which shows an example of the reception process of the answer signal by an onboard equipment. The flowchart which shows an example of the process by a portable machine. The figure which shows the other example of a function structure of a portable device control part. The figure which shows the other example of a function structure of an onboard equipment control part.

  Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. In addition, regarding the description of the specification and the drawings according to each embodiment, constituent elements having substantially the same functional configuration are denoted by the same reference numerals and overlapping description is omitted.

  An RKE system 100 according to an embodiment will be described with reference to FIGS. The RKE system 100 according to the present embodiment is a system for locking and unlocking a vehicle by radio signals.

  First, the hardware configuration of the RKE system 100 will be described. FIG. 1 is a diagram illustrating an example of the RKE system 100. The RKE system 100 in FIG. 1 includes a portable device 1 and an in-vehicle device 2.

  The portable device 1 is a device possessed by the user U of the RKE system 100 such as a vehicle driver. The portable device 1 in FIG. 1 includes a portable device receiver 11, a portable device transmitter 12, a portable device controller 13, and a battery 14.

  The portable device receiver 11 is hardware that receives the request signal R transmitted by the vehicle-mounted device 2 wirelessly. The request signal R is, for example, a 125 kHz LF (Low Frequency) signal, but is not limited thereto. Further, the communicable distance of the request signal R is, for example, 1 m or less, but is not limited thereto. The portable device reception unit 11 includes a reception antenna A11 that converts a request signal R (wireless signal) into an electrical signal, and a reception circuit that performs predetermined signal processing such as demodulation on the request signal R (electric signal). The reception antenna A11 is a three-axis antenna including three antennas arranged so as to be orthogonal to each other. Hereinafter, each axis of the reception antenna A11 is referred to as an X axis, a Y axis, and a Z axis, respectively. The reception circuit includes a low noise amplifier, a filter, a mixer, a demodulation circuit, and the like. The portable device receiver 11 inputs a request signal R subjected to predetermined signal processing to the portable device controller 13. The receiving circuit may be an independent IC (Integrated Circuit), or may be incorporated in the portable device control unit 13.

  The portable device transmission unit 12 is hardware that transmits the answer signal A wirelessly. The answer signal A is, for example, a 315 MHz UHF (Ultra High Frequency) signal, but is not limited thereto. Further, the communicable distance of the answer signal A is, for example, 20 m or less, but is not limited thereto. The portable device transmission unit 12 includes a transmission circuit that performs predetermined processing such as modulation on the answer signal A (electric signal) generated by the portable device control unit 13, and a transmission antenna that converts the answer signal A (electric signal) into a radio signal. A12. The transmission circuit includes a modulation circuit, a mixer, a filter, a power amplifier, and the like. Note that the transmission circuit may be an independent IC or may be incorporated in the portable device control unit 13. Further, the receiving circuit of the portable device receiving unit 11 and the transmitting circuit of the portable device transmitting unit 12 may be incorporated into one IC.

  The portable device control unit 13 is hardware that controls the overall operation of the portable device 1 including the portable device reception unit 11 and the portable device transmission unit 12, and includes a CPU (Central Processing Unit), a ROM (Read Only Memory), and RAM (Random Access Memory) is included. The CPU controls each component of the portable device 1 by executing a program, and realizes the function of the portable device 1. The program executed by the CPU can be recorded on any computer-readable recording medium such as a CD (Compact Disk), a DVD, or a flash memory. The ROM stores programs executed by the CPU and various data. In the ROM, the portable device ID that is identification information of the portable device 1, the onboard device ID that is identification information of the onboard device 2 corresponding to the portable device 1, the similarity threshold value Sth, and the received signal strength I of the measurement signal Rr. A distance table indicating the correspondence between the distance L and the distance L is stored in advance. The similarity threshold Sth, the measurement signal Rr, and the distance L will be described later. The RAM provides a work area for the CPU. The portable device control unit 13 is, for example, a microcomputer, but is not limited thereto.

  The battery 14 supplies power to the portable device receiver 11, the portable device transmitter 12, and the portable device controller 13.

  The configuration of the portable device 1 is not limited to the example of FIG. For example, the portable device 1 may include an unlock button and a lock button for the user U to manually operate unlocking and locking of the vehicle.

  The vehicle-mounted device 2 is a device that controls locking and unlocking of the vehicle according to the answer signal A received from the portable device 1 and is mounted on the vehicle. The vehicle-mounted device 2 is supplied with electric power from a battery mounted on the vehicle. The in-vehicle device 2 of FIG. 1 includes an on-vehicle device receiver 21, an on-vehicle device transmitter 22, and an on-vehicle device controller 23.

  The in-vehicle device reception unit 21 is hardware that receives the answer signal A transmitted by the portable device 1 wirelessly. The in-vehicle device reception unit 21 includes a reception antenna A21 that converts an answer signal A (wireless signal) into an electric signal, and a reception circuit that performs predetermined signal processing such as demodulation on the answer signal A (electric signal). The reception circuit includes a low noise amplifier, a filter, a mixer, a demodulation circuit, and the like. The OBE receiving unit 21 inputs the answer signal A subjected to predetermined signal processing to the OBE control unit 23. Note that the receiving circuit may be an independent IC, or may be incorporated in the vehicle-mounted device control unit 23.

  The in-vehicle device transmission unit 22 is hardware that transmits the request signal R wirelessly. The in-vehicle device transmission unit 22 includes a transmission circuit that performs predetermined processing such as modulation on the request signal R (electric signal) generated by the on-vehicle device control unit 23, and a plurality of signals that convert the request signal R (electric signal) into a radio signal. A transmission antenna A23. The transmission circuit includes a modulation circuit, a mixer, a filter, a power amplifier, and the like. The plurality of transmission antennas A23 are connected to the transmission circuit via antenna lines, and are installed at different positions on the vehicle. Note that the transmission circuit may be an independent IC, or may be incorporated in the vehicle-mounted device control unit 23. Moreover, the receiving circuit of the onboard equipment receiver 21 and the transmitting circuit of the onboard equipment transmitter 22 may be incorporated into one IC.

  The OBE control unit 23 is a circuit that controls the overall operation of the OBE 2 including the OBE receiver 21 and the OBE transmitter 22, and includes a CPU, a ROM, a RAM, and a communication interface. The CPU controls each component of the vehicle-mounted device 2 by executing a program, and realizes the function of the vehicle-mounted device 2. The program executed by the CPU can be recorded on any computer-readable recording medium such as a CD, a DVD, or a flash memory. The ROM stores programs executed by the CPU and various data. In the ROM, an onboard device ID that is identification information of the onboard device 2, a portable device ID that is identification information of the portable device 1 corresponding to the onboard device 2, and a distance threshold Lth are stored in advance. The distance threshold Lth will be described later. The RAM provides a work area for the CPU. The communication interface connects the vehicle-mounted device control unit 23 to a vehicle-mounted network such as a CAN (Controller Area Network). The vehicle-mounted device control unit 23 communicates with the door control unit 3 connected to the vehicle-mounted network via the communication interface, and requests the door control unit 3 to unlock and lock the vehicle. In addition, although the onboard equipment control part 23 is a microcomputer, for example, it is not restricted to this.

  In addition, the structure of the onboard equipment 2 is not restricted to the example of FIG. For example, the vehicle-mounted device 2 may include a battery that supplies power to the vehicle-mounted device receiving unit 21, the vehicle-mounted device transmitting unit 22, and the vehicle-mounted device control unit 23.

  Next, the answer signal A and the request signal R will be described. FIG. 2 is a diagram illustrating an example of the answer signal A and the request signal R.

  The answer signal A includes a preamble signal Ap and a control signal Ac. The preamble signal Ap is a signal indicating that the signal is the answer signal A. The control signal Ac is a signal including a control command such as an unlock request for requesting unlocking of the vehicle, and various data.

  The request signal R includes a preamble signal Rp, a control signal Rc, and a measurement signal Rr. The preamble signal Rp is a signal indicating that the signal is the request signal R. The control signal Rc is a signal including a control command such as a response request for requesting transmission of the answer signal A and various data.

  The measurement signal Rr is a signal that is transmitted with a predetermined transmission signal strength and whose reception signal strength (RSSI) I is measured by the portable device 1. The portable device 1 measures the distance L between the portable device 1 and the vehicle-mounted device 2 based on the received signal strength I of the measurement signal Rr. The portable device 1 determines whether a relay attack has been performed based on the received signal strengths Ix, Iy, and Iz for each axis of the measurement signal Rr. The received signal strengths Ix, Iy, and Iz are received signal strengths of the measurement signal Rr received on the X, Y, and Z axes of the receiving antenna A11. A relay attack determination method based on the received signal strengths Ix, Iy, and Iz will be described later. In the example of FIG. 2, the request signal R includes one measurement signal Rr, but may include a plurality of measurement signals Rr having different transmission signal strengths.

  Next, unlocking of the vehicle by the RKE system 100 will be described. FIG. 3 is a diagram for explaining unlocking of the vehicle by the authorized user U. In the example of FIG. 3, the portable device 1 is possessed by the user U, and the vehicle-mounted device 2 is mounted on the vehicle. In addition, transmission antennas A23a to A23e of the in-vehicle device transmission unit 22 are respectively installed at different positions of the vehicle.

  The vehicle-mounted device 2 mounted on the vehicle periodically transmits a request signal R from the transmission antennas A23a to A23e. When the user U approaches the vehicle, the portable device 1 receives the request signal R and returns an answer A to the request signal R. When receiving the answer signal A, the vehicle-mounted device 2 requests the door control unit 3 to unlock the door. The door control unit 3 unlocks the door according to the request. As described above, the RKE system 100 is a so-called smart keyless entry system in which the user U can unlock the door without operating the portable device 1. Since the request signal R has a short communicable distance as described above, the door is normally unlocked only when the user U approaches the vehicle.

  As can be seen from FIG. 3, when the relay attack is not performed and the on-vehicle device 2 transmits the request signal R from each transmission antenna A23, the request signal R is transmitted to the portable device 1 from different directions for each transmission antenna A23. Will arrive. Therefore, the request signal R from the transmission antenna A23a has the maximum received signal strength Ix, the request signal R from the transmission antenna A23b has the maximum received signal strength Iy, and so on. Are different ratios for each transmission antenna A23 that transmits the request signal R.

  On the other hand, FIG. 4 is a diagram for explaining unlocking of the vehicle by the relay attack. As shown in FIG. 4, the relay attack is performed by using two repeaters 4A and 4B that relay the request signal R. The repeater 4A receives the request signal R near the vehicle-mounted device 2, amplifies and frequency-converts the request signal R, and transmits the request signal R. Thereby, the request signal R is transmitted far beyond the original communicable distance. The repeater 4B receives the request signal R transmitted by the repeater 4A near the user U, and returns the request signal R to its original frequency and transmits it. When the portable device 1 receives the request signal R transmitted from the repeater 4B, it returns an answer signal A. When receiving the answer signal A, the vehicle-mounted device 2 requests the door control unit 3 to unlock the door. The door control unit 3 unlocks the door according to the request. Thus, according to the relay attack, although the user U is away from the vehicle, the door of the vehicle is unlocked.

  As can be seen from FIG. 4, when the relay attack is performed, even if the vehicle-mounted device 2 transmits the request signal R from each transmission antenna A23, the request signal R is transmitted to the portable device 1 only from the direction of the repeater 4B. Will not arrive. Therefore, unlike the case where no relay attack is performed, the ratios of the received signal strengths Ix, Iy, Iz of the request signals R transmitted from any of the transmission antennas A23 are substantially the same.

  As described above, when the relay attack is not performed, the ratios of the received signal strengths Ix, Iy, and Iz are different among the plurality of request signals R. When the relay attack is performed, the received signal strengths Ix, Iy , Iz ratios are substantially the same among the plurality of request signals R. Therefore, by comparing the ratios of the received signal strengths Ix, Iy, and Iz among the plurality of request signals R, it can be determined whether the relay attack has been performed.

  However, even if the relay attack is not performed, the ratios of the received signal strengths Ix, Iy, and Iz are the same among the plurality of request signals R depending on the position of the user U with respect to each transmission antenna A23. There is a possibility. Even when a relay attack is performed, the relative position between the portable device 1 and the repeater B changes during the transmission interval of the request signal R, so that the received signal strengths Ix, Iy, Iz Are not completely the same among the plurality of request signals R. For this reason, it is difficult to accurately determine whether the relay attack has been performed by simply comparing the ratios of the received signal strengths Ix, Iy, and Iz among the plurality of request signals R.

  Therefore, the RKE system 100 according to the present embodiment repeatedly calculates the similarity S between the ratios of the received signal strengths Ix, Iy, and Iz of the measurement signal Rr included in the request signal R transmitted from different transmission antennas A23. Then, based on the plurality of similarities S obtained, it is determined whether a relay attack has been performed. As a result, the RKE system 100 can accurately determine whether a relay attack has been performed. The method for determining the relay attack will be described later in detail.

  Next, a functional configuration of the portable device control unit 13 of the portable device 1 according to the present embodiment will be described. FIG. 5 is a diagram illustrating an example of a functional configuration of the portable device control unit 13. 5 includes a received signal strength calculation unit 131, a similarity calculation unit 132, a relay attack determination unit 133, a distance measurement unit 134, a portable device storage unit 135, and a request signal authentication unit 136. And an answer signal generation unit 137. Each functional configuration is realized by the CPU executing a program and cooperating with other hardware. The portable device storage unit 135 is realized by a ROM or a RAM.

The received signal strength calculation unit 131 calculates received signal strengths Ix, Iy, and Iz of the measurement signal Rr included in the request signal R received by the portable receiver 11 through the receiving antenna A11. The received signal strength calculation unit 131 calculates the received signal strength I of the measurement signal Rr included in the request signal R received by the portable device receiving unit 11 through the receiving antenna A11. The received signal strength I is a composite value of the received signal strengths Ix, Iy, and Iz, and becomes I = (Ix ² + Iy ² + Iz ² ) ^1/2 .

  The similarity calculation unit 132 calculates the similarity S between the ratios of the received signal strengths Ix, Iy, and Iz of the measurement signal Rr included in the request signal R transmitted from the different transmission antenna A23. The similarity S is a value indicating the degree of similarity of the ratios of the received signal strengths Ix, Iy, and Iz of the plurality of measurement signals Rr. The similarity S is calculated so as to increase as the degree of similarity increases, and is maximized when the ratios match. As described above, when the relay attack is performed, the ratios of the received signal strengths Ix, Iy, and Iz of the plurality of measurement signals Rr are substantially the same, and thus the similarity S increases. On the other hand, when the relay attack is not performed, the ratio S of the received signal strengths Ix, Iy, and Iz of the measurement signal Rr is different, so the similarity S is small. Therefore, the similarity S is a value indicating the high probability that the relay attack has been performed.

  6 and 7 are diagrams illustrating examples of ratios of the received signal strengths Ix, Iy, and Iz of the measurement signals Rr23a and Rr23b transmitted from the antennas A23a and A23b. In the example of FIG. 6, the received signal strengths Ix, Iy, Iz of the measurement signal Rr23a are 60, 100, 80, respectively, and the received signal strengths Ix, Iy, Iz of the measurement signal Rr23b are 30, 50, respectively. 40. In this case, the ratio (Ix: Iy: Iz) of the measurement signal Rr23a is 3: 5: 4, and the ratio (Ix: Iy: Iz) of the measurement signal Rr23b is also 3: 5: 4. In the example of FIG. 6, since the ratios of the measurement signals Rr23a and Rr23b are the same, the similarity S between the measurement signals Rr23a and Rr23b is maximized.

  In contrast, in the example of FIG. 7, the received signal strengths Ix, Iy, and Iz of the measurement signal Rr23a are 60, 100, and 80, respectively, and the received signal strengths Ix, Iy, and Iz of the measurement signal Rr23b are 60, 80 and 100 respectively. In this case, the ratio (Ix: Iy: Iz) of the measurement signal Rr23a is 3: 5: 4, and the ratio (Ix: Iy: Iz) of the measurement signal Rr23b is 3: 4: 5. In the example of FIG. 7, since the ratios of the measurement signals Rr23a and Rr23b are different, the similarity S between the measurement signals Rr23a and Rr23b is smaller than that of the example of FIG.

  For example, the similarity calculation unit 132 normalizes the received signal strengths Ix, Iy, and Iz of the plurality of measurement signals Rr as a three-dimensional vector, and sets a value that increases as the Euclidean distance between the three-dimensional vectors decreases. S can be calculated. Specifically, when the received signal strengths Ix, Iy, and Iz are normalized to a three-dimensional vector of magnitude 1, the similarity S can be expressed by the following equation.

S = P-{(Ix1 / P1-Ix2 / P2) ² + (Iy1 / P1-Iy2 / P2) ² + (Iz1 / P1-Iz2 / P2) ² } ^1/2 (1)
P1 = Ix1 ² + Iy1 ² + Iz1 ² (2)
P2 = Ix2 ² + Iy2 ² + Iz2 ² (3)

In Expressions (1) to (3), P is an arbitrary value, Ix1, Iy1, and Iz1 are received signal strengths Ix, Iy, and Iz of one measurement signal Rr, and Ix2, Iy2, and Iz2 are the other. The received signal strengths Ix, Iy, and Iz of the measurement signal Rr. According to the equations (1) to (3), the similarity S is any value from P-2 ^1/2 to P. Specifically, the similarity S between the measurement signals Rr23a and Rr23b in FIG. 6 is P, and the similarity S between the measurement signals Rr23a and Rr23b in FIG. 7 is P−0.2.

  Further, the similarity calculation unit 132 can also calculate the similarity S by the following equation.

S = 1− (X × Y × Z) (4)
X = min {(Ix1 ′ / Ix2 ′), (Ix2 ′ / Ix1 ′)} (5)
Y = min {(Iy1 ′ / Iy2 ′), (Iy2 ′ / Iy1 ′)} (6)
Z = min {(Iz1 ′ / Iz2 ′), (Iz2 ′ / Iz1 ′)} (7)
Ix1 ′ = (Ix1 / I1max) (8)
Iy1 ′ = (Iy1 / I1max) (9)
Iz1 ′ = (Iz1 / I1max) (10)
Ix2 ′ = (Ix2 / I2max) (11)
Iy2 ′ = (Iy2 / I2max) (12)
Iz2 ′ = (Iz2 / I2max) (13)
I1max = max (Ix1, Iy1, Iz1) (14)
I2max = max (Ix2, Iy2, Iz2) (15)

  In Expressions (4) to (15), Ix1, Iy1, and Iz1 are received signal strengths Ix, Iy, and Iz of one measurement signal Rr, and Ix2, Iy2, and Iz2 are received signal strengths of the other measurement signal Rr. Ix, Iy, Iz. According to the equations (4) to (15), the similarity S is any value from 0 to 1. Specifically, the similarity S between the measurement signals Rr23a and Rr23b in FIG. 6 is 1, and the similarity S between the measurement signals Rr23a and Rr23b in FIG. 7 is 0.36.

  Note that the method of calculating the similarity S is not limited to the above example. The similarity calculation unit 132 can calculate the similarity S by any method that can calculate a value indicating the degree of similarity of the ratios of the received signal strengths Ix, Iy, and Iz of the plurality of measurement signals Rr. In the above example, the case where the similarity S between the two measurement signals Rr is calculated has been described as an example. However, the similarity calculation unit 132 uses the similarity between three or more measurement signals Rr. It is also possible to calculate S. In this case, the similarity calculation unit 132 selects the reference measurement signal Rr from the plurality of measurement signals Rr, and calculates the similarity S between the selected measurement signal Rr and another measurement signal Rr as described above. What is necessary is just to calculate the average value of the some similarity S obtained by such a method as the similarity S between the some measurement signal Rr.

  The relay attack determination unit 133 determines whether a relay attack has been performed based on the plurality of similarities S calculated by the similarity calculation unit 132. For example, when the sum Ssum of the plurality of similarities S is equal to or greater than the similarity threshold Sth, the relay attack determining unit 133 determines that the relay attack has been performed, and the sum Ssum of the plurality of similarities S is the similarity threshold Sth. If it is less than that, it is determined that no relay attack is performed. The number of similarities S used by the relay attack determination unit 133 can be arbitrarily set.

  FIG. 8 is a diagram illustrating an example of a relay attack determination method. In the example of FIG. 8, it is assumed that the presence or absence of a relay attack is determined based on the four similarities S1 to S4. In the example of FIG. 8, since the total Ssum of the four similarities S1 to S4 is equal to or greater than the similarity threshold Sth, the relay attack determination unit 133 determines that the relay attack has been performed.

  The relay attack determination unit 133 may determine the presence or absence of a relay attack each time the similarity calculation unit 132 calculates a new similarity S. In this case, in the example of FIG. 8, every time the similarity S1, S2, S3 is calculated, the relay attack determination unit 133 determines that the relay attack is not performed, and the similarity S4 is calculated. It is determined that a relay attack has been performed. If the total Ssum is equal to or greater than the similarity threshold Sth when the similarity S3 is calculated, the relay attack determination unit 133 may determine that the relay attack has been performed when the similarity S3 is calculated. The same applies to the similarities S1 and S2.

  Alternatively, the presence / absence of a relay attack may be determined each time the similarity calculation unit 132 calculates a predetermined number of similarities S. In this case, in the example of FIG. 8, the relay attack determination unit 133 does not determine the presence or absence of the relay attack until the similarity S4 is calculated, and determines that the relay attack has been performed when the similarity S4 is calculated. . The relay attack determination unit 133 does not determine whether there is a relay attack at the time when the similarity S3 is calculated even when the total Ssum is equal to or greater than the similarity threshold Sth at the time when the similarity S3 is calculated. The same applies to the similarities S1 and S2.

  Note that the relay attack determination method is not limited to the above example. For example, the relay attack determination unit 133 may determine whether or not there is a relay attack based on an average value of the plurality of similarities S instead of the total Ssum of the plurality of similarities S.

  The distance measuring unit 134 measures the distance L from the vehicle-mounted device 2 to the portable device 1 based on the received signal strength I of the measurement signal Rr. Specifically, the distance measuring unit 134 acquires the distance corresponding to the received signal strength I as the distance L between the in-vehicle device 2 and the portable device 1 with reference to the distance table.

  The portable device storage unit 135 stores various information used by the portable device control unit 13. The information stored in the portable device storage unit 135 includes, but is not limited to, a portable device ID, an in-vehicle device ID, a similarity threshold Sth, and a distance table.

  The request signal authentication unit 136 authenticates the request signal R. Specifically, the request signal authentication unit 136 compares the in-vehicle device ID included in the request signal R with the in-vehicle device ID stored in the portable device storage unit 135, so that the request signal R becomes the portable device 1. It is judged whether it is what was transmitted from the onboard equipment 2 corresponding to. When the onboard equipment ID matches, the request signal authentication unit 136 determines that the request signal R is transmitted from the onboard equipment 2 corresponding to the portable device 1 (successful authentication), and the onboard equipment ID does not match. The request signal R is determined not to be transmitted from the vehicle-mounted device 2 corresponding to the portable device 1 (authentication failure).

  When the portable device receiving unit 11 receives the request signal R and the request signal authentication unit 136 succeeds in authenticating the request signal R, the answer signal generation unit 137 controls the unlock request, the portable device ID, and the distance L as a control signal. An answer signal A included in Ac is generated. The answer signal generation unit 137 may generate the answer signal A only when the relay attack determination unit 133 determines that the relay attack is not performed, and the request signal R of the request signal R is determined regardless of the determination result of the relay attack. An answer signal A may be generated every time authentication is successful. In the latter case, the answer signal generation unit 137 may generate the answer signal A that includes the determination result of the relay attack in the control signal Ac. The answer signal A generated by the answer signal generation unit 137 is input to the portable device transmission unit 12 and is wirelessly transmitted to the vehicle-mounted device 2 by the portable device transmission unit 12.

  Next, the functional configuration of the in-vehicle device control unit 23 of the in-vehicle device 2 according to the present embodiment will be described. FIG. 9 is a diagram illustrating an example of a functional configuration of the vehicle-mounted device control unit 23. The in-vehicle device control unit 23 in FIG. 9 includes a distance determination unit 231, an on-vehicle device storage unit 232, an answer signal authentication unit 233, a control signal generation unit 234, and a request signal generation unit 235. Each functional configuration is realized by the CPU executing a program and cooperating with other hardware. Moreover, the onboard equipment memory | storage part 232 is implement | achieved by ROM or RAM.

  When the in-vehicle device reception unit 21 receives the answer signal A, the distance determination unit 231 determines whether the distance L included in the answer signal A is less than the distance threshold Lth. The distance threshold Lth is a threshold set in advance to determine whether the portable device 1 is near the vehicle (onboard device 2) (whether the user U is near the vehicle). When the distance L is less than the distance threshold Lth, this corresponds to the case where the portable device 1 is near the vehicle, and when the distance L is greater than or equal to the distance threshold Lth, this corresponds to the case where the portable device 1 is not near the vehicle. To do.

  The on-vehicle device storage unit 232 stores various types of information used by the on-vehicle device 2. Information stored in the in-vehicle device storage unit 232 includes the portable device ID, the in-vehicle device ID, and the distance threshold Lth, but is not limited thereto.

  The answer signal authentication unit 233 authenticates the answer signal A. Specifically, the answer signal authentication unit 233 compares the portable device ID included in the answer signal A with the portable device ID stored in the in-vehicle device storage unit 232, so that the answer signal A is transmitted to the in-vehicle device 2. It is determined whether it is transmitted from the portable device 1 corresponding to. When the portable device IDs match, the answer signal authentication unit 233 determines that the answer signal A is transmitted from the portable device 1 corresponding to the vehicle-mounted device 2 (authentication success), and the portable device IDs do not match It is determined that the answer signal A is not transmitted from the portable device 1 corresponding to the vehicle-mounted device 2 (authentication failure).

  The control signal generation unit 234 determines that the relay attack is not performed by the portable device 1, the in-vehicle device reception unit 21 receives the answer signal A, and the distance determination unit 231 determines that the distance L is less than the distance threshold Lth. When the answer signal authentication unit 233 determines that the answer signal A has been successfully authenticated, an unlock request that is a control signal for requesting the door control unit 3 to unlock the door is generated. The unlock request generated by the control signal generation unit 234 is input to the door control unit 3.

  The request signal generator 235 periodically generates a request signal R including the response request and the vehicle-mounted device ID in the control signal Rc. The request signal R generated by the request signal generation unit 235 is input to the in-vehicle device transmission unit 22 and is transmitted to the portable device 1 by the on-vehicle device transmission unit 22 wirelessly.

  Next, the process which the vehicle equipment 2 which concerns on this embodiment performs is demonstrated. FIG. 10 is a flowchart illustrating an example of a transmission process of the request signal R by the in-vehicle device 2. The vehicle-mounted device 2 executes the transmission process of FIG. 10 every predetermined time T1.

  When the transmission timing of the request signal R arrives, first, the request signal generation unit 235 reads the in-vehicle device ID from the in-vehicle device storage unit 232, and the preamble signal Rp, the control signal Rc including the in-vehicle device ID, and the measurement signal Rr. The request signal R including these is generated (step S101). The request signal generation unit 235 inputs the generated request signal R to the in-vehicle device transmission unit 22.

  When the request signal R is input, the in-vehicle device transmission unit 22 selects the transmission antenna A23 that transmits the request signal R (step S102). The order of the transmitting antenna A23 that transmits the request signal R can be set in advance. Further, the selection of the transmission antenna A23 may be performed by the request signal generation unit 235.

  When the onboard equipment transmission unit 22 selects the transmission antenna A23, the onboard equipment transmission unit 22 wirelessly transmits the request signal R from the transmission antenna A23 (step S103).

  Through the above transmission processing, the request signal R is transmitted by radio from different transmission antennas A23 every predetermined time T1. In the example of FIG. 10, a new request signal R is generated every predetermined time T1, but the same request signal R may be transmitted from each transmission antenna A23 every predetermined time T1. In this case, the request signal generation unit 235 may generate a new request signal R every predetermined time T1 × n. n is the number of transmission antennas A23.

  FIG. 11 is a flowchart illustrating an example of the reception process of the answer signal A by the vehicle-mounted device 2. The vehicle-mounted device 2 is executed every predetermined time T3 for accepting reception of the answer signal A. Hereinafter, it is assumed that the answer signal A includes the determination result of the relay attack.

  When receiving the answer signal A during the execution of the reception process (step S201), the on-vehicle device receiving unit 21 inputs the answer signal A to the on-vehicle device control unit 23. When the answer signal A is input, the answer signal authentication unit 233 reads the portable device ID from the in-vehicle device storage unit 232, compares the portable device ID with the portable device ID included in the answer signal A, and receives the answer. The signal A is authenticated (step S202). When the answer signal authentication unit 233 fails to authenticate the answer signal A (step S202: NO), the vehicle-mounted device control unit 23 ends the process.

  On the other hand, when the answer signal authenticating unit 233 succeeds in authenticating the answer signal A (step S202: YES), the distance determining unit 231 reads the distance threshold Lth from the in-vehicle device storage unit 232, and the distance L included in the answer signal A Is less than the distance threshold Lth (step S203). When the distance L is greater than or equal to the distance threshold Lth (step S203: NO), the vehicle-mounted device control unit 23 ends the process.

  On the other hand, when the distance L is less than the distance threshold Lth (step S203: YES), the control signal generation unit 234 confirms the determination result of the relay attack included in the answer signal A (step S204). When the determination result of the relay attack indicates that there is no relay attack (step S204: NO), that is, when the relay attack determination unit 133 determines that the relay attack is not performed, the control signal generation unit 234 requests unlocking. And the unlock request is transmitted to the door control unit 3 via the in-vehicle network (step S205). When receiving the unlock request, the door control unit 3 unlocks the door of the vehicle.

  On the other hand, when the determination result of the relay attack indicates that there is a relay attack (step S204: YES), that is, when the relay attack determination unit 133 determines that the relay attack has been performed, the control signal generation unit 234 determines the guard time. Setting is made (step S206). The guard time is a period during which the vehicle-mounted device control unit 23 does not accept door unlocking according to the answer signal A. The onboard equipment control unit 23 may cancel the reception process of the answer signal A during the guard time, or may stop transmitting the unlock request.

  The in-vehicle device 2 executes the above process every time the answer signal A is received during the execution of the reception process. Thereby, the onboard equipment 2 can make the door control part 3 unlock the door of a vehicle according to the answer signal A received from the portable device 1 which the user U who is near the vehicle possesses. Further, when a relay attack is performed, the guard time can be set without unlocking the door.

  Note that the processing order of steps S202 to S204 in FIG. 11 is arbitrary. Further, the process of step S206 may be omitted. In this case, the vehicle-mounted device 2 does not unlock the door or set the guard time. When the answer signal A does not include the determination result of the relay attack and the portable device 1 transmits the answer signal A only when it is determined that the relay attack is not performed, the processes of steps S204 and S206 are performed. It may be omitted.

  Next, processing executed by the portable device 1 according to the present embodiment will be described. FIG. 12 is a flowchart illustrating an example of processing by the portable device 1. Each time the portable device 1 receives the request signal R, the portable device 1 executes the process of FIG. Hereinafter, it is assumed that the portable device 1 performs the relay attack determination every time the request signal R is received and transmits the answer signal A.

  When receiving the request signal R (step S301), the portable device receiving unit 11 inputs the request signal R to the portable device control unit 13. When the request signal R is input, the request signal authentication unit 136 reads the vehicle-mounted device ID from the portable device storage unit 135, compares the vehicle-mounted device ID with the vehicle-mounted device ID included in the request signal R, and requests The signal R is authenticated (step S302). When the request signal authentication unit 136 fails to authenticate the request signal R (step S302: NO), the portable device 1 ends the process.

  On the other hand, when the request signal authenticating unit 136 succeeds in authenticating the request signal R (step S302: YES), the received signal strength calculating unit 131 receives the received signal strengths I and Ix of the measurement signal Rr included in the request signal R. , Iy, Iz are calculated (step S303). The reception signal strength calculation unit 131 notifies the reception signal strength I to the distance measurement unit 134 and notifies the similarity calculation unit 132 of the reception signal strengths Ix, Iy, and Iz.

  When the received signal strength I is notified, the distance measuring unit 134 measures the distance L (step S304). Specifically, the distance measuring unit 134 refers to the distance table stored in the portable device storage unit 135 to determine the distance corresponding to the received reception signal strength I between the in-vehicle device 2 and the portable device 1. As a distance L. The distance measurement unit 134 notifies the answer signal generation unit 137 of the distance L.

  When notified of the received signal strengths Ix, Iy, and Iz, the similarity calculating unit 132 receives the received signal strengths Ix, Iy, and Iz of the reference measurement signal Rr received in the past and the measurement signal received this time. A similarity S between the received signal strengths Ix, Iy, and Iz of Rr is calculated (step S305). The reference measurement signal Rr is, for example, the measurement signal Rr received last time, but is not limited thereto. The similarity calculation unit 132 notifies the relay attack determination unit 133 of the calculated similarity S.

  When using the measurement signal Rr received this time as a reference for calculating the similarity S of the measurement signal Rr received thereafter, the similarity calculation unit 132 receives the measurement signal Rr received this time. The signal strengths Ix, Iy, and Iz may be stored as the received signal strengths Ix, Iy, and Iz of the reference measurement signal Rr. Further, when the received signal strengths Ix, Iy, and Iz of the reference measurement signal Rr are not stored, the similarity calculation unit 132 sets the similarity S of the measurement signal Rr received this time to a minimum value (for example, 0). ).

  When the relay attack determination unit 133 is notified of the similarity S, the relay attack determination unit 133 calculates the sum of the similarity S and the total Ssum of the similarities S calculated up to the previous time as a new total Ssum (step S306). ).

  Next, the relay attack determination unit 133 reads the similarity threshold Sth stored in the portable device storage unit 135 and determines whether the new total Ssum is equal to or greater than the similarity threshold Sth (Step S307). When the total Ssum is equal to or greater than the similarity threshold Sth (step S307: YES), the relay attack determination unit 133 determines that a relay attack has been performed (relay attack is present) (step S308). Further, when the total Ssum is less than the similarity threshold Sth (step S307: NO), the relay attack determination unit 133 determines that no relay attack is performed (no relay attack) (step S313). Thereafter, the relay attack determination unit 133 notifies the answer signal generation unit 137 of the determination result of the relay attack.

  When the answer signal generation unit 137 is notified of the determination result of the relay attack, the answer signal generation unit 137 reads out the portable device ID stored in the portable device storage unit 135, reads the preamble signal Ap, the portable device ID, the distance L, the unlock request, and An answer signal A including the control signal Ac including the determination result of the relay attack is generated (step S309). When it is determined that the relay attack has been performed, the answer signal generation unit 137 may generate the answer signal A that does not include the unlock request. Thereafter, the answer signal generation unit 137 inputs the generated answer signal A to the portable device transmission unit 12. When the answer signal A is input, the portable transmitter 12 transmits the answer signal A wirelessly from the transmission antenna A12 (step S310).

  When the similarity S calculated in step S305 is the nth similarity S (step S311: YES), the relay attack determination unit 133 resets the total Ssum (step S312). On the other hand, when the similarity S calculated in step S305 is not the n-th similarity S (step S311: NO), the portable device 1 ends the process. n is a preset upper limit value of the number of similarities S used for determination of relay attack.

  Each time the portable device 1 receives the request signal R, the portable device 1 performs the above processing. Thereby, whenever the portable device 1 receives the request signal R, the portable device 1 can transmit the answer signal A including the determination result of the relay attack.

  Note that the processing of steps S311 and S312 in FIG. 12 may be performed after determination of the relay attack. Further, when it is determined that there is a relay attack (step S308), the portable device 1 may omit the processes of steps S309 and S310. In this case, the answer signal A is transmitted only when it is determined that there is no relay attack. Therefore, the answer signal A may not include the determination result of the relay attack. Further, the portable device 1 may not perform the calculation of the total Ssum, the determination of the relay attack, and the transmission of the answer signal A until n similarities S are calculated. In this case, the relay attack determination unit 133 may store each similarity S notified so far until the n-th similarity S is notified.

  As described above, the RKE system 100 according to the present embodiment determines whether a relay attack has been performed based on the similarity S of the plurality of measurement signals Rr transmitted from different transmission antennas A23. As a result, when the similarity S is small despite the relay attack being performed (when the ratios of the received signal strengths Ix, Iy, and Iz of the request signals R transmitted from different transmission antennas A23 are different), or the relay attack Even if there is a case where the similarity S is large even though the ratios of the received signal strengths Ix, Iy, and Iz of request signals R transmitted from different transmission antennas A23 are similar, It is possible to accurately determine whether or not a relay attack has been performed. As a result, the relay attack detection accuracy can be improved and the safety of the RKE system 100 can be improved. In addition, erroneous detection of the relay attack can be suppressed and the convenience of the user U can be improved.

  FIG. 13 is a diagram illustrating another example of the functional configuration of the portable device 1 according to the present embodiment. The portable device 1 in FIG. 13 does not include the similarity calculation unit 132 and the relay attack determination unit 133. Other configurations are the same as those in FIG. Each time the portable device 1 in FIG. 13 receives the request signal R from the vehicle-mounted device 2, the control signal Ac including the preamble signal Ap and the received signal strengths Ix, Iy, and Iz of the measurement signal Rr included in the request signal R. The answer signal A including these is transmitted by radio.

  Moreover, FIG. 14 is a figure which shows the other example of a function structure of the onboard equipment 2 which concerns on this embodiment. The vehicle-mounted device 2 in FIG. 14 includes a similarity calculation unit 236 and a relay attack determination unit 237. The functions of the similarity calculation unit 236 and the relay attack determination unit 237 are the same as those of the similarity calculation unit 132 and the relay attack determination unit 133, respectively. Other configurations are the same as those in FIG. In the vehicle-mounted device 2 in FIG. 14, every time the answer signal A is received from the portable device 1, the similarity calculation unit 236 calculates the similarity S based on the received signal strengths Ix, Iy, and Iz included in the answer signal A. Then, the relay attack determination unit 237 calculates the total Ssum based on the plurality of similarities S, compares the total Ssum with the similarity threshold Sth stored in the in-vehicle device storage unit 232, and the relay attack is performed. Judge whether or not.

  In this way, the portable device 1 in FIG. 13 and the vehicle-mounted device 2 in FIG. 14 determine whether a relay attack has been performed based on the similarity S of the plurality of measurement signals Rr transmitted from different transmission antennas A23. Can do. Therefore, similarly to the above, the detection accuracy of the relay attack can be improved, and the safety of the RKE system 100 can be improved. In addition, erroneous detection of the relay attack can be suppressed and the convenience of the user U can be improved.

  The arrangement of the functional configuration in the RKE system 100 is not limited to the above example. For example, the similarity calculation unit 132 can be arranged in the portable device 1 and the relay attack determination unit 237 can be arranged in the vehicle-mounted device 2. In this case, every time the portable device 1 receives the request signal R, the portable device 1 transmits the answer signal A including the similarity S, and the vehicle-mounted device 2 increases the similarity S included in the answer signal A every time the answer signal A is received. Based on this, the presence or absence of a relay attack may be determined.

  It should be noted that the present invention is not limited to the configuration shown here, such as a combination with other elements in the configuration described in the above embodiment. These points can be changed without departing from the spirit of the present invention, and can be appropriately determined according to the application form.

1: portable device 2: on-vehicle device 3: door control unit 11: portable device reception unit 12: portable device transmission unit 13: portable device control unit 21: on-vehicle device reception unit 22: on-vehicle device transmission unit 23: on-vehicle device control unit 100 : RKE system 131: Received signal strength calculation unit 132: Similarity calculation unit 133: Relay attack determination unit 134: Distance measurement unit 135: Portable device storage unit 136: Request signal authentication unit 137: Answer signal generation unit 231: Distance determination unit 232: OBE storage unit 233: answer signal authentication unit 234: control signal generation unit 235: request signal generation unit 236: similarity calculation unit 237: relay attack determination unit

Claims (5)

A portable device receiving unit including a three-axis antenna that receives a request signal including a measurement signal transmitted from each of a plurality of transmitting antennas by an in-vehicle device;
A portable transmitter that transmits an answer signal to the vehicle-mounted device; and
A portable device controller for controlling the portable device receiver and the portable device transmitter;
With
The portable device control unit
A received signal strength calculation unit for calculating the received signal strength for each axis of the measurement signal;
A similarity calculator that calculates a similarity between the received signal strengths of the measurement signals transmitted from different transmitting antennas;
A relay attack determination unit that determines whether a relay attack has been performed based on the plurality of similarities;
A portable machine equipped with. The portable device according to claim 1, wherein the relay attack determination unit determines that the relay attack has been performed when a total of a plurality of the similarities is equal to or greater than a threshold value. An in-vehicle device receiver for receiving an answer signal from a portable device;
A plurality of transmission antennas, an on-vehicle transmitter that transmits a request signal including a measurement signal to each of the portable devices from the plurality of transmission antennas;
An on-vehicle device control unit for controlling the on-vehicle device reception unit and the on-vehicle device transmission unit, and
With
The in-vehicle device control unit is
A similarity calculator that calculates a similarity between the received signal strengths of the measurement signals transmitted from different transmitting antennas;
A relay attack determination unit that determines whether a relay attack has been performed based on the plurality of similarities;
On-vehicle device equipped with. The on-vehicle device according to claim 3, wherein the relay attack determination unit determines that the relay attack is performed when a total of a plurality of the similarities is equal to or greater than a threshold value. A remote keyless entry system comprising a portable device and an in-vehicle device,
The portable device is
A portable receiver including a three-axis antenna for receiving a request signal including a measurement signal from the vehicle-mounted device;
A portable transmitter that transmits an answer signal to the vehicle-mounted device; and
A portable device controller for controlling the portable device receiver and the portable device transmitter;
With
The in-vehicle device is
An in-vehicle receiver that receives the answer signal from the portable device;
An in-vehicle device transmission unit comprising a plurality of transmission antennas for transmitting the request signal to the portable device;
An on-vehicle device control unit for controlling the on-vehicle device reception unit and the on-vehicle device transmission unit, and
With
A received signal strength calculation unit for calculating the received signal strength for each axis of the measurement signal;
A similarity calculator that calculates a similarity between the received signal strengths of the measurement signals transmitted from different transmitting antennas;
A relay attack determination unit that determines whether a relay attack has been performed based on the plurality of similarities;
Remote keyless entry system.

Images