Skip to main content

PAKAMAC: A PUF-based Keyless Automotive Entry System with Mutual Authentication


In recent years, connected and intelligent vehicles have posed advanced risks to road safety and vehicle thefts. The keyless entry and immobiliser systems of luxury vehicles have been under extensive scrutiny and found to be vulnerable against lack of mutual authentication in challenge-response protocol, smaller key size for the cipher, amplification and relay attack, etc. This work presents an initial study to use an unconventional hardware security primitive named Physically Unclonable Functions (PUFs) to nullify such impacts and develop a novel mutual authentication protocol (coined as “PAKAMAC”) to provide an alternative to remote keyless entry (RKE) system and passive keyless entry and start (PKES) system. The proposed scheme generates a hardware fingerprint of the key fob using an embedded PUF instance for unique identification by the vehicle and also leverages two factors, namely time-to-live (TTL) and nonce, to provide secure utility for keyless entry. We have implemented the protocol in Scyther protocol verification tool, and it shows that PAKAMAC satisfies all the security features and can be conveniently applied to automotive systems with minimal hardware overhead and no additional message exchange between the key fob and the car.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7


  1. Wouters L, Marin E, Ashur T et al (2019) Fast, furious and insecure: Passive keyless entry and start systems in modern supercars. IACR Trans Cryptogr Hardw Embed Syst 3:66–85

    Article  Google Scholar 

  2. Joo K, Choi W, Lee DH (2020) Hold the door! fingerprinting your car key to prevent keyless entry car theft. In: 27th Annual Network and Distributed System Security Symposium, NDSS 2020

  3. Chatterjee U, Sadhukhan R, Govindan V et al (2018) PUFSSL: an openssl extension for PUF based authentication. In: 23rd IEEE International Conference on Digital Signal Processing, DSP 2018, pp 1–5

  4. Lim D, Lee J, Gassend B et al (2005) Extracting secret keys from integrated circuits. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 13(10):1200–1205

  5. Hammouri G, Öztürk E, Sunar B (2008) A tamper-proof and lightweight authentication scheme. Pervasive Mob Comput 4(6):807–818

    Article  Google Scholar 

  6. Majzoobi M, Rostami M, Koushanfar F et al (2012) Slender PUF protocol: A lightweight, robust, and secure authentication by substring matching. In: 2012 IEEE Symposium on Security and Privacy Workshops, pp 33–44

  7. Öztürk E, Hammouri G, Sunar B (2008) Towards robust low cost authentication for pervasive devices. In: Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom 2008)

  8. Delvaux J, Gu D, Schellekens D et al (2014) Secure lightweight entity authentication with strong pufs: Mission impossible? In: Batina L, Robshaw M (eds) Cryptographic Hardware and Embedded Systems - CHES 2014

  9. Kitsos P, Zhang Y (2008) Rfid security techniques, protocols and system-on-chip design. Springer. RFID Fundamentals and Applications pp 3–27

  10. Jiang Q, Zhang X, Zhang N et al (2019) Two-factor authentication protocol using physical unclonable function for iov. In: 2019 IEEE/CIC International Conference on Communications in China, ICCC

  11. Renault É, Mühlethaler P, Boumerdassi S (2021) Communication security in vanets based on the physical unclonable function. In: ICC 2021 - IEEE International Conference on Communications

  12. Al-Fadhli SA, Lu S, Chen K et al (2020) MFSPV: A multi-factor secured and lightweight privacy-preserving authentication scheme for vanets. IEEE Access 8:142,858–142,874

  13. Sharma G, Joshi AM, Mohanty SP (2021) An efficient physically unclonable function based authentication scheme for V2G network. In: IEEE International Symposium on Smart Electronic Systems, iSES 2021

  14. Bansal G, Naren N, Chamola V et al (2020) Lightweight mutual authentication protocol for V2G using physical unclonable function. IEEE Trans Veh Technol 69(7):7234–7246

    Article  Google Scholar 

  15. Labrado C, Thapliyal H, Mohanty SP (2022) Fortifying vehicular security through low overhead physically unclonable functions. ACM J Emerg Technol Comput Syst 18(1):8:1–8:18

  16. Smith C (2016) The Car Hacker’s Handbook: A Guide for the Penetration Tester, 1st edn. No Starch Press, USA

    Google Scholar 

  17. Wang Y, Wang C, Gu C, Cui Y, O'Neill M, Liu W (2021) A dynamically configurable PUF and dynamic matching authentication Protocol. IEEE Transactions on Emerging Topics in Computing.

  18. Gu C, Chang CH, Liu W, Yu S, Wang Y, O’Neill M (2021) A modeling attack resistant deception technique for securing lightweight-PUF-based authentication. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 10;40(6):1183-96.

  19. Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–207

    MathSciNet  Article  Google Scholar 

  20. Cremers C (2006) Scyther: semantics and verification of security protocols. PhD thesis, Mathematics and Computer Science

  21. Cremers CJF (2008) The scyther tool: Verification, falsification, and analysis of security protocols. In: Gupta A, Malik S (eds) Computer Aided Verification, 20th International Conference, CAV, vol 5123. Lecture Notes in Computer Science. Springer, pp 414–418

    Chapter  Google Scholar 

  22. Lowe G (1997) A hierarchy of authentication specification. In: 10th Computer Security Foundations Workshop (CSFW ’97), pp 31–44

  23. Chatterjee U, Chakraborty RS, Mukhopadhyay D (2017) A puf-based secure communication protocol for iot. ACM Trans Embed Comput Syst 16(3)

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Urbi Chatterjee.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the Topical Collection on Big Data Security Track

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Gade, S., Chatterjee, U. & Mukhopadhyay, D. PAKAMAC: A PUF-based Keyless Automotive Entry System with Mutual Authentication. J Hardw Syst Secur (2022).

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI:


  • Keyless entry systems
  • Automotive
  • Mutual authentication
  • Relay attacks
  • Physically unclonable functions