Digital Key Development Enables New Era of Security and Convenience

By James E. Schuessler Samsung Research America & Chair, CCC Technical Working Group
By Sooyeon Jung Samsung Research & Samsung Representative, CCC Digital Key Task Group

As you leave home, have you ever thought, "Oh, there is too much stuff in my pockets", or "have I forgotten my smartphone, car key, home key, wallet…?" Well, then this article will be interesting to you.

Image credit:

Recently, a cool feature - Digital Keys (DKs) - was introduced by Samsung and car companies (click to see the news). From now on, you can use your smartphone as your car key and no longer carry the car key in your pocket. You don't need to touch the car door with your phone. You don't even need to take it out from your bag or pocket. You just leave it in your pocket, walk up to your car and grab the door handle to open it (or close it). Then the car will recognize you and happily open and operate for you!

DKs, or keys based upon modern cryptographic techniques coupled with wireless communications, have been replacing physical keys of all sorts for some time now. Closely related to secure payment methods, digital keys have now made inroads to replace your car key, home or apartment key, and many others. Generically these are called Access Control methods and Samsung has been and remains a strong contributor to the development of the necessary standards these require throughout the world.

Why are standards necessary? Because without them, you are still carrying separate DKs, often using proprietary or outmoded security methods, for every lock you need to access. With standards, an open, transparent and world-class security architecture can be applied across many manufacturers and one device, such as your Samsung phone, can be used to access many “locks” across brand and market area.

Recently a major milestone has been reached with the completion of a standard the authors and several other Samsung engineers have been working on for the past two years. We want to share some of the exciting progress that is a major step forward in improving both security and features. This DK specification was developed within the Car Connectivity Consortium (CCC), and as the name suggests, aims to replace vehicle keys across all manufacturers throughout the world. The new specification, called DK Release 3, and co-developed by Samsung, our competitors, automotive OEMs, Tier-1 automotive suppliers, chip manufacturers, security and access control makers, and other experts from these fields was released to member companies of CCC in May of this year.

So why is the CCC DK Release 3 so great, especially since you may already have a DK based in your mobile device for your car? The CCC DK not only matches all the current features of proprietary solutions, but through the first use of Ultra Wide Band (UWB) radio technology in vehicles, also significantly improves the user experience and security. A little history will help explain.

The automotive OEM has long had a desire to use smartphones as car keys since these days, almost everyone carries one. However, let’s appreciate that it is a car, not a toy. Not only is it a big asset that can cause financial loss if stolen, it can also cause accidents if it is attacked. So it was not easy for car companies to actually accept smartphone-based digital keys until they had a strong belief that the smartphone is both safe and secure enough. As the smartphone embedded Secure Element (SE) came into common use, it opened the door to use a smartphone as a car key.

The SE chip provides both physical and logical protections for DKs. Automotive OEMs made use of it to provide first generation DKs to their customers. The CCC’s Release 1 enabled them to provide a standardized way to store their keys into the SE, however each automotive OEM developed their own App and proprietary security mechanism. This development proved to be very difficult, as automotive OEMs had no prior experience with the resource limitations of the SE, and as a result, Release 1 was not widely adopted.

In CCC DK Release 2, the standardized interface between cars and smartphones and security mechanisms was defined. As a result, phone manufacturers were able to develop the first complete DK solution according to standardized CCC technologies, and automotive OEMs were able to be free from App and secure element implementations. CCC DK Release 2 has been deployed by multiple automotive OEMs, but also has not enjoyed widespread adoption because it exclusively uses Near Field Communications (NFC) radio technology and offers little to no improvement in the User Experience (UX) compared with newer key fobs, which already were offering the superior Passive Keyless Entry (PKE) method. PKE allows keeping the fob in your pocket or purse and yet gain access and operating control over the vehicle.

All these previous generation DKs are based on proprietary RF protocols, Bluetooth LE, or NFC technologies and are subject to common threats; RF Relay attacks, and sometimes Man-in-the-Middle attacks. Once esoteric and difficult to accomplish, each is increasingly easy to buy the equipment for and learn the techniques. Even NFC, which requires a very short distance between the Sender and Reader device has been compromised with this type of attack under certain circumstances.

The Car Connectivity Consortium’s Digital Key Release 3 uses Bluetooth LE for the discovery of your phone, but in the first ever use within vehicles, UWB secure ranging is used between the phone and multiple anchor UWB radios in the vehicle. Utilizing the secure and privacy-protecting ranging methods from the Institute of Electrical and Electronic Engineers (IEEE) 802.15.4z standard, DK Release 3 integrates this into the DK system architecture that defines an entire ecosystem for key creation, management, sharing, transfer, and termination.

You may be asking yourself why automotive OEMs would add cost to their vehicles by adding these UWB anchors. The reason is that Passive Keyless Entry systems can now be built that eliminate any known RF Relay attack methods, thereby greatly enhancing security, safety (as the precise position of the phone is known), and it preserves privacy - as the IEEE standard prevents Personally Identifiable Information (PII) from being revealed. The traditional relay attack is a process of picking up the radio signal from a key fob, potentially inside a home and relaying it to an attacker's device near the car - fooling the car's electronics into thinking the owner is performing keyless entry. When previous generation technologies - proprietary RF protocols, Bluetooth LE, or NFC -were used, there was no way for a car to determine whether the signal was really from the device next to it or from a long distance by relaying. With UWB, however, distance is measured using round trip propagation delays – at the speed of light – preventing any ambiguity in the measurement.

While these security, privacy and safety features are paramount, the CCC DK also brings a new level of convenience to vehicle operation and sharing we will all enjoy in the future.

You can easily share your key with your friends or family even if they are not beside you; there is no need to give your phone to them. Automotive OEM Apps may offer geo-fencing, time limits, speed limits, entertainment volume, and other controls with enhanced privacy and security.

Capability for a cloud-based server to be the vehicle owner will enable reliable and secure fleet operation, from small to large vehicle rental companies, to any business that operates a group of vehicles.

Security can be adaptive to the phone device context, adding layers when threats are perceived to be higher, and lowering authentication requirements when threats are less likely. The context can utilize the full complement of phone sensors and meta-sensors (calendar appointments, ambient temperature, home / away data, etc.)

Ensuring low-battery (phone will not start) operation through a mandatory fallback to NFC access.

Although the authors have been devoted to developing the DK for automotive use, many other Samsung Research colleagues are working to bring these same benefits to home and company access, again based on the superior secure ranging provided by the UWB radios in Samsung mobile devices. The Fine Ranging (FiRa) Consortium, founded by Samsung and other multi-national companies, is doing just that.

The CCC DK Release 3 specification now enables you to leave your car key at home permanently, with no anxiety you will be locked out of your vehicle. The same will soon be true for your home, and your place of employment. Very shortly, we will inhabit a world where physical keys are only found in museums.