Immobiliser Introduction – Part 4

Design Objectives

The Digital Signature Transponder was designed to be compatible to existing transceiver hardware, based on existing assembly standards and circuit blocks. This also made it so that the DST did not call for a change in automated production lines. These transponders were designed to:

  • have rapid transaction times in the challenge/response process
  • provide reliability in application in regards to the highly advanced supervision circuitry
  • maintain low power consumption, even with multiple gates for encryption
  • have minimal physical wiring
  • contain the smallest chips possible
  • contain cryptographic security at its highest level
  • keep the data processingeffort for the encryption key as low as possible



In a theoretical sense, any encryption key is breakable. No password or system is perfect. But a key is considered secure if it cannot be broken or guessed in a reasonable amount of time while using reasonable resources. While the word “reasonable” is subjective, it is generally assumed that:

  • The thief will not spend more than just a few minutes in the car
  • The thief is not familiar with cryptoanalytical techniques
  • The key is not available for analysis for more than ten days

Scanning is generally the most direct approach to attacking a system. If one assumes that the thief transmit a random response to any challenge or question sent by the transceiver, then the tie taken to succeed, on average, is ts .

t s = R *2 ( rb-1)

Where rb is the length of the response and R is the repetition rate of the

security controller in seconds.

In this equation, if one assumes a repetition rate of 200 ms and a response length of 24 bit, then ts = 19.4 days.

Dictionary attacks can occur if the key or challenge was available to the thief for a short period of time. In these types of attacks, the thief builds a dictionary of responses or answers to the known key. While in the automobile, the thief sends his guessed responses in hopes that he hits the right one. If he does, the engine will start. However, a quick calculation shows that even if he knew the key for ten days and in that time built a dictionary at four responses per second, his calculated rate of success is still below 1%.


Cryptoanalysis is used by those thieves who possess knowledge of the algorithm. Using cyptoanalysis, they attempt to find the mathematical solution by discovering the encryption key once they know a limited amount of the challenge/response pairs. The primary method of combating cyrptoanalysis is DST, mentioned earlier.


Supervision Circuits

The DST has a number of supervision circuits installed into its system that act to protect its reliability. A transponder must pass several tests before it can perform a command. Each of these checks is vital for the locking process because if a page is accidentally locked, the transponder can be rendered useless.

Commands, addresses, and data received during the writing phase are checked by a 16-bit Cyclic Redundancy Check (CRC), according to the CCITT standard. Programming voltage must be high enough for the right length of time to make sure the programming depth is reliable. It checks that there are the right number of bits, which verifies the framing. A Radio Frequency Limiter is applied to protect the internal IC circuitry against overload and as a means of Programming Supervision. When the limiter is saturated it means that enough power is available to ensure that voltage is high enough. The status of the limiter circuit is checked for about 800ms. If limitation happens during this time, then the charge pump is engaged. Subsequently, the RF Limiter is continuously checked. If the voltage drops for any external reason then the proper counter value is not reached, showing that the programming might not be perfectly reliable.

If any of the number of checks fail, then a message is sent to the reader drive to be evaluated. That message is also protected by the CRC to prevent any incorrect information from being exchanged.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s