Car "Keyless-Go" aka RKE - How it Works and Why it's Flawed by Design

[coppice]

My car has keyless entry (VW ID.3) and it is immune to the repeater attack that has plagued many keyless-go entry systems.   It uses UWB keys.  UWB keyless technology measures the distance to the car's key using the RF delay time.  Inserting a repeater into the system - short of breaking the laws of physics - will never make the key look like it is closer than it is.  So you cannot steal the car by using a repeater device.  You must have the keys yourself.

Give it some time and we'll see. The car makers have a history of fixing one thing, and creating a fresh vulnerability. Maybe there will turn out to be something about the scan to scan timing that allows some tricks to be played. They really should do this kind of development in public, in the way good new encryption techniques come from an open discussion among experts in the field trying to pick holes in each other's work.

[mikeselectricstuff]

This is why UWB is used for rangefinder functions on e.g. AirTags, and some car key fobs.  The pulses are around 1-2ns long...

No reason this can't be used with the XOR concept BTW. Challenger sends a bit of the salt by either transmitting or not in a time slot, the dongle XORs and sends a pulse back or not. With 24 GHz (5 GHz bandwidth) a couple ns range round trip delay should be doable.

the actual turnround time isn't that important as long as it is known and consistent, so deviations can be detected.

[Marco]

I have my doubts whether the current UWB standard is really secure by design, for that the hardware has to be able to encrypt a bit of challenge and return it with negligible delay (which is why I suggest a precomputed code to XOR a challenge with). As soon as the stack has large delays, replay becomes possible again ... and the CCC stack seems huge and full of delays.

Otherwise this wouldn't make sense :
"15CCC DIGITAL KEY
‘Ranging keys’ are derived from CCC Digital
Key authentication handshake and securely
stored in the secure element. When in use,
ranging keys have a limited 12-hour lifetime to
shorten the time window for an attacker."

[tszaboo]

That kind of measure seems to suffer from exactly the vagueness I described. Crimes that go undetected don't appear in the statistics. People of low IQ are so incapable of covering their tracks there is no question that get caught a lot. For high IQ people the jury is out... although the lynch mob may be in.

Ah cool. Let's try this.
At what correlation factor do you say: Yeah, actually you are right.
Hm? 0.8? 0.9? 1.000?

Huh? what are you talking about? The question is not about the level of correlation, but what exactly are you seeing correlate.

Right. So this is why we are in this terrible situation where we cannot talk about anything anymore. Even people who probably understand statistics are completely oblivious to the implications of that statistics. You can just walk past some inconvenient truth and brush it off, because it is against the programming. If this would be reddit, you would probably be crying to the mods to get me banned,  because you don't like the implications.
And it's not "exactly are you seeing correlate". It something that is a widely accepted fact in the field of phycology with ample evidence.

[tom66]

I have my doubts whether the current UWB standard is really secure by design, for that the hardware has to be able to encrypt a bit of challenge and return it with negligible delay (which is why I suggest a precomputed code to XOR a challenge with). As soon as the stack has large delays, replay becomes possible again ... and the CCC stack seems huge and full of delays.

Otherwise this wouldn't make sense :
"15CCC DIGITAL KEY
‘Ranging keys’ are derived from CCC Digital
Key authentication handshake and securely
stored in the secure element. When in use,
ranging keys have a limited 12-hour lifetime to
shorten the time window for an attacker."

It needn't work that way.  Car and key are pre-synchronised, this is part of initial pairing process done at the factory.  The key sends a signal whenever a button is pressed, car then acknowledges that, key responds with next sequence value, which will be some internal secret like some 32 bits of a 128-bit PRNG.  There may be several rounds of this to get a two-way ranging estimate.

This doesn't require a challenge-response mechanism except when key and car get out of sync, when that happens, key will respond with a wrong value, car will do a more thorough challenge, then go back to the normal method to authenticate via time of flight.

[coppice]

That kind of measure seems to suffer from exactly the vagueness I described. Crimes that go undetected don't appear in the statistics. People of low IQ are so incapable of covering their tracks there is no question that get caught a lot. For high IQ people the jury is out... although the lynch mob may be in.

Ah cool. Let's try this.
At what correlation factor do you say: Yeah, actually you are right.
Hm? 0.8? 0.9? 1.000?

Huh? what are you talking about? The question is not about the level of correlation, but what exactly are you seeing correlate.

Right. So this is why we are in this terrible situation where we cannot talk about anything anymore. Even people who probably understand statistics are completely oblivious to the implications of that statistics. You can just walk past some inconvenient truth and brush it off, because it is against the programming. If this would be reddit, you would probably be crying to the mods to get me banned,  because you don't like the implications.
And it's not "exactly are you seeing correlate". It something that is a widely accepted fact in the field of phycology with ample evidence.

Now you are projecting. I don't want you banned. I just think you don't seem to be applying any analytical skills, and are rather confused. Just show me some evidence that holds up to scrutiny. I've never seen any. I just see studies with gaping holes in them. There appears a pretty solid correlation between low IQ and crimes the person commits being registered. There appears a pretty solid correlation between low IQ and the person being caught for their crimes which have been registered. These are unsurprising results. Beyond that I see a lot of hand waving.

[mikeselectricstuff]

I have my doubts whether the current UWB standard is really secure by design, for that the hardware has to be able to encrypt a bit of challenge and return it with negligible delay

Not necessarily - the ranging and authentication could be seperate operations. 

[Phil1977]

I have my doubts whether the current UWB standard is really secure by design, for that the hardware has to be able to encrypt a bit of challenge and return it with negligible delay (which is why I suggest a precomputed code to XOR a challenge with). As soon as the stack has large delays, replay becomes possible again ... and the CCC stack seems huge and full of delays.

A pure XOR would not be sufficient because the attacker could easily catch the XOR-key from the keyfob and use it with little delay at the car-side relay station. You would need a small interactive element, like "XOR it with a secret key and send me only only bytes nr, x1 x2 x3 x4 from the string".

[mikeselectricstuff]

Another really simple way to avoid the turnround time issue is to use two messages within up to a few tens of mS- the first sends the challenge ( maybe also including a wake-up preamble) for the fob to process, the second requests the fob tp  reply quickly and send its stored reply, and does the  ranging.