隨著智能汽車的蓬勃發展，實體鑰匙逐漸勢微與淘汰，取而代之的是被動式車輛與進入啟動系統（Passive and Keyless Entry System，PKES）的市場快速崛起。被動式車輛與進入啟動系統讓使用者可以不需將實體鑰匙取出或是主動操作鑰匙，僅需靠近與進入汽車，便能將汽車解鎖與啟動。但是在系統帶來了便利的同時，使用者也面臨了更多的新興威脅，而尤其以中繼攻擊（Relay Attack）最為嚴重。而研究者們也利用了不同的方案以因應這方面的攻擊，例如：加強加密方式、偵測訊號強度，到驗證使用者的位置等。
本論文提出一個適用於被動式車輛與進入啟動系統之輕量化多方鑑別協定，稱之為「3 Party Passive Entry and Start System」來增強被動式車輛與進入啟動系統的安全並且不需要任何密碼。本論文所提出的系統主要由三個要素組成：被動式車輛與進入啟動系統，一個行動裝置與一個無線車鑰匙。在所提出來的協定中，被動式車輛與進入啟動系統會與行動裝置進行鑑別並產生會話金鑰(Session Key)，行動裝置會將此鑑別階段的流程加密並再傳遞給無線車鑰匙(Wireless Key)，而無線車鑰匙將自己的秘密值包含在裡面並傳給被動式車輛與進入啟動系統進行最後的鑑別。最後的加密訊息會包含三個要素所擁有的秘密值(Secret Value)，會話金鑰與時間戳記(Timestamp)。因為協定主要的加密方式維透過雜湊(Hashing)與互斥(XOR)的方式進行加密，因此可以大幅減少運算時間，同時所占用的運算資源亦會比較少。此論文亦有實作實驗去驗證我們所提出的概念，並且對此協定有更進一步的安全性分析，以茲證明此協定在能兼顧安全的同時，也能夠兼顧效率與額外的效益。

The Passive Keyless Entry system market is growing rapidly in this modern era, especially in the vehicle industry. Physical keys no longer remain as an essential role anymore, while users can enter and start the vehicle by drawing near and entering the vehicle with the key fob aside. However, such convenient designs bring potential risks, especially a relay attack. Some research has focused by enhancing the encryption method and others uses the signal strength to identify the user position.
This study proposes a secure multi-party authentication protocol called “3 Party Passive Entry and Start System”. The protocol is composed of three components: A vehicle authenticator, a mobile device and a key fob. In this protocol, the vehicle authenticator will authenticate the identity of the mobile device and generate a session key. The mobile device will then transmit an encrypted message to the paired wireless key fob to forward a signal to activate the 3 Party Passive Entry and Start system. The message includes information of the secret values of the three parties, session key and timestamp. While the main encryption method utilizes Hashing and XOR functions, short computation time and less of memory usage are achieved in this protocol. We built a 3 Party Passive Entry and Start system simulation scenario to provide related experiment results. Also, we have further security analyzed of our protocol to prove that while we can achieve efficiency, security concerns are also included.

Acknowledgement III
Table of Contents IV
List of Tables VI
List of Figures VII
Chapter 1 Introduction 1
1.1 Background 1
1.2 Relay Attack against PKES System 5
1.3 Motivation 7
Chapter 2 Related Work 9
2.1 PKES System Security 9
2.2 Multi-party Authentication 13
Chapter 3 Proposed Protocol 16
3.1 Protocol Design Concept 16
3.2 Assumptions 19
3.3 Notations 20
3.4 The Proposed Authentication Protocol 22
3.4.1 Vehicle Authenticator to Mobile Device Authentication Phase 22
3.4.2 Mobile Device to Key Fob Authentication Phase 27
3.4.3 Key Fob to Vehicle Authenticator Authentication Phase 29
Chapter 4 Experiments and Analyses 31
4.1 Experiment Setup 31
4.2 Experiment Process and Results 32
4.3 Security Analysis 33
Chapter 5 Conclusion and Future Work 38
References 41

[1] “How Remote Entry Works | HowStuffWorks.” https://auto.howstuffworks.com/remote-entry.htm (accessed May 09, 2020).
[2] R. Verdult, F. D. Garcia, and J. Balasch, “Gone in 360 Seconds: Hijacking with Hitag2.” Accessed: May 09, 2020. [Online]. Available: http://www.copacobana.org.
[3] S. Tillich and M. Wójcik, “Security analysis of an open car immobilizer protocol stack,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Dec. 2012, vol. 7711 LNCS, pp. 83–94, doi: 10.1007/978-3-642-35371-0_8.
[4] ADAC, “Keyless: Gefahr Autoklau | ADAC,” Aug. 2019. https://www.adac.de/rund-ums-fahrzeug/ausstattung-technik-zubehoer/assistenzsysteme/keyless/ (accessed Apr. 28, 2020).
[5] ABI, “‘Car thieves have been having a field day.’ ABI responds to new keyless access security rating ABI,” 2019. https://www.abi.org.uk/news/news-articles/2019/03/thatcham-research-release-comment/ (accessed Apr. 28, 2020).
[6] B. Slater, “How easy is it to steal your car? – Which? News,” Which?, 2019. https://www.which.co.uk/news/2019/01/how-easy-is-your-car-to-steal/?wgu=5665_54264_15880598275511_9cec346c1c&wgexpiry=1595835827&utm_source=webgains&utm_medium=affiliates&utm_content=22278&source_code=314AGJ (accessed May 09, 2020).
[7] S. C. Aurelien Francillon , Boris Danev, “Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars – NDSS Symposium,” 2011. Accessed: Jun. 17, 2019. [Online]. Available: https://www.ndss-symposium.org/ndss2011/relay-attacks-on-passive-keyless-entry-and-start-systems-in-modern-cars/.
[8] S. Brands, S. Brands, and D. Chaum, “Distance-Bounding Protocols (Extended Abstract),” EUROCRYPT’93, Lect. NOTES Comput. Sci. 765, vol. 765, pp. 344--359, 1993, Accessed: May 10, 2020. [Online]. Available: https://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.51.6437.
[9] C. Cremers, K. B. Rasmussen, B. Schmidt, and S. Capkun, “Distance hijacking attacks on distance bounding protocols,” in Proceedings - IEEE Symposium on Security and Privacy, 2012, pp. 113–127, doi: 10.1109/SP.2012.17.
[10] H. Oguma, N. Nobata, K. Nawa, T. Mizota, and M. Shinagawa, “Passive keyless entry system for long term operation,” in 2011 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2011 - Digital Proceedings, 2011, doi: 10.1109/WoWMoM.2011.5986125.
[11] Ahmer Khan Jadoon ; Licheng Wang ; Muhammad Azam Zia, “HB-protocol based advance security system for PKES using multiple antennas - IEEE Journals & Magazine.” https://ieeexplore.ieee.org/document/8594720 (accessed Jul. 07, 2020).
[12] W. Choi, M. Seo, and D. H. Lee, “Sound-Proximity: 2-Factor Authentication against Relay Attack on Passive Keyless Entry and Start System,” J. Adv. Transp., vol. 2018, p. 1935974, 2018, doi: 10.1155/2018/1935974.
[13] S. Rizvi, J. Imler, L. Ritchey, and M. Tokar, “Securing PKES against Relay Attacks using Coordinate Tracing and Multi-Factor Authentication,” in 2019 53rd Annual Conference on Information Sciences and Systems (CISS), Mar. 2019, pp. 1–6, doi: 10.1109/CISS.2019.8692790.
[14] K. Joo, W. Choi, and D. H. Lee, “Hold the Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft,” Feb. 2020, doi: 10.14722/ndss.2020.23107.
[15] W. Tang, “A simple three party password based key exchange protocol,” in ICMET 2010 - 2010 International Conference on Mechanical and Electrical Technology, Proceedings, 2010, pp. 730–732, doi: 10.1109/ICMET.2010.5598460.
[16] Y. Wang and Y. Chen, “Multi-party fair ring-exchange scheme based on group signcryption,” Jun. 2011, doi: 10.1109/CSSS.2011.5972167.
[17] X. Liu, J. Liu, and G. Chang, “A four-party password-based authentication key exchange protocol,” in Proceedings - 2012 6th International Conference on Genetic and Evolutionary Computing, ICGEC 2012, 2012, pp. 280–283, doi: 10.1109/ICGEC.2012.14.
[18] V. Venukumar and V. Pathari, “Multi-factor authentication using threshold cryptography,” in 2016 International Conference on Advances in Computing, Communications and Informatics, ICACCI 2016, Nov. 2016, pp. 1694–1698, doi: 10.1109/ICACCI.2016.7732291.
[19] “How Many People Have Smartphones Worldwide (July 2020).” https://www.bankmycell.com/blog/how-many-phones-are-in-the-world (accessed Jul. 08, 2020).
[20] “Compare Pixel 4 & Pixel 4 XL Tech Specs - Google Store.” https://store.google.com/us/product/pixel_4_specs?hl=en-US (accessed Jul. 08, 2020).
[21] “iPhone 11 - Technical Specifications - Apple.” https://www.apple.com/iphone-11/specs/ (accessed Jul. 08, 2020).
[22] “Specifications | Samsung Galaxy S10e, S10 & S10+ – The Official Samsung Galaxy Site.” https://www.samsung.com/global/galaxy/galaxy-s10/specs/ (accessed Jul. 08, 2020).
[23] “Cathedrow/Cryptosuite: Cryptographic suite for Arduino (SHA, HMAC-SHA).” https://github.com/Cathedrow/Cryptosuite (accessed Jul. 08, 2020).
[24] “Cryptography | Android 開發人員 | Android Developers.” https://developer.android.com/guide/topics/security/cryptography (accessed Jul. 08, 2020).
[25] Eduard Kovacs, “Hackers Can Clone Tesla Key Fobs in Seconds | SecurityWeek.Com,” Security Week. https://www.securityweek.com/hackers-can-clone-tesla-key-fobs-seconds (accessed Jun. 26, 2019).