Battery-enabled anti-theft vehicle immobilizer

Battery-enabled anti-theft vehicle immobilizer

연구 분야: Cryptography

학회: MobiSys '22: Proceedings of the 20th Annual International Conference on Mobile Systems, Applications and Services

Auto thieves often exploit the cyber vulnerabilities of existing key/phone-based vehicle immobilizers. To prevent this exploitation of cyber vulnerabilities for auto thefts, we present Battery Sleuth (Bleuth), a novel "physical" vehicle immobilizer which is immune to the common cyber-attack vectors - avoiding the use of wireless communication between key/phone and vehicle as well as in-vehicle networks. Bleuth achieves this by using the common 12V vehicle batteries to authenticate the driver with encrypted power-line communication and then control the battery's output power based on the authentication results, hence (im)mobilizing the vehicle without requiring drivers to carry any additional token. Bleuth is also equipped with four alarms to detect, and respond to, illegitimate operations (i.e., theft attempts), including attempts of unauthorized cranking of the engine, removal/shorting of the authenticator from the battery, abuse of the PLC to drain the car battery, and removal of the dongle from the auxiliary power outlet. Bleuth recharges its power supply automatically to free drivers from the maintenance burden. We have prototyped Bleuth as an add-on module that can be installed on commodity vehicles and evaluated it via field tests on 8 vehicles. We have also demonstrated Bleuth's utility and effectiveness via a survey of 612 car owners.