A Wired article recently exposed an attack which is capable of attacking many different makes and models of vehicles currently on the market. This attack steals the "rolling code" which is used to authenticate the unlock command, and then replays the stolen code at a later time to gain access to the vehicle.
I simulate this by creating a TCP socket server (the vehicle) and TCP clients (the victim and attacker). I generate rolling codes with a simple scheme: SHA1(salt + n) where 'salt' is a passphrase, and 'n' is a counter that is synchronized both on the client and server. The lower 8 bytes of the hashed phrase are used as the rolling code. When the server receives a message, it increments its 'n' counter, takes the SHA1 hash, and checks if the codes match. In case they do not match, it keeps incrementing 'n' and generating new hashes until the codes match.
In order to prevent the rolljam attack, any code which has been generated by the server and did not match the received code is added to a list of permanently invalid codes. The server assumes any code in the list of invalid codes has been stolen.
Because I am using an 8 byte rolling code, it would be quite some time until an invalid code was legitimately reused by the client, so I feel like this is an acceptable solution.
Another key difference between my simulation and the real world is that my simulation encrypts the entire message being transmitted, while real vehicle systems appear to only encrypt part of the message.
The code is available on my github.
No comments:
Post a Comment