Design of intelligent car anti-theft device based on frequency hopping communication

Abstract: In order to solve the problem that the existing ordinary automobile electronic anti-theft devices use fixed frequency communication and are easily cracked and copied, a new anti-theft device is designed using the RF transceiver chip nRF905 with carrier frequency modulation function. The anti-theft device constantly changes the communication frequency during the communication process, so that the information cannot be interfered with or intercepted. The anti-theft device is difficult to be copied and cracked. The reliability of frequency hopping communication is increased through the optimization of communication scheme and program design. The added two-way communication function enables the car owner to grasp the car status and alarm information in time, and the reliability of the anti-theft device is increased through the design of multi-sensor detection circuit. After testing, it has achieved a good anti-theft effect.

0 Introduction

With the development of social economy and the improvement of people's living standards, cars have gradually entered families, and how to effectively prevent car theft has become a concern for car owners. At present, among car anti-theft devices, ordinary electronic remote control anti-theft devices occupy a large market share due to their low prices. However, ordinary electronic remote control anti-theft devices are mostly fixed carrier frequency communications, which are easily interfered, intercepted and cracked. It is reported that ordinary remote control locks can be copied by special decoders within 30 seconds and can be cracked within 1 minute. Ordinary electronic remote control anti-theft devices are mostly one-way communications. Car owners can remotely lock and unlock their cars, but car information cannot be fed back to the car owner in time.

In view of the shortcomings of ordinary electronic anti-theft devices, we apply the frequency hopping communication technology used in military communications to the design of intelligent remote control anti-theft devices for automobiles. Constantly changing the communication frequency of both parties during the communication process makes it difficult to track, interfere, intercept or crack the information transmission, which will effectively improve the security and reliability of the anti-theft system.

1 System overall design

The system consists of two parts: the vehicle terminal and the human-held terminal. The vehicle terminal mainly completes the reception and execution of human-machine control instructions, executes the car locking and unlocking instructions, and completes the detection and transmission of car anti-theft information; the human-held terminal mainly completes the owner's transmission of the car's locking and unlocking control instructions, and receives the car-related alarm information and instruction execution information sent by the vehicle terminal. The system functional structure is shown in Figure 1.

Figure 1 System overall structure diagram

2 System Circuit Design and Implementation

2.1 Circuit Design of Vehicle Terminal

The vehicle terminal mainly monitors the car anti-theft information and sends the car abnormal condition information to the car owner, and receives the executor's terminal control instructions such as locking and unlocking the car. In view of the unreliable problem that the current anti-theft device mainly relies on vibration sensors to detect theft information, a multi-information fusion sensor circuit is designed to improve the reliability of the anti-theft device by monitoring the car doors, windows, and seats. The added backup power management function ensures that the anti-theft device can still work normally when the main power line is cut. It is mainly composed of the main control MCU module, wireless frequency hopping communication module, car door and window monitoring, power monitoring, vibration detection, and whether there is someone in the car monitoring module.

2.1.1 Main control MCU module circuit

The main control MCU is mainly responsible for the coordination and control of the entire system, the detection and processing of sensor information, the configuration of the frequency hopping communication module, the sending and receiving of information, etc., which is implemented using C8051F340. C8051F340 is a mixed signal system-level integrated chip from Cygnal, USA. It has a high-speed CIP-51 core compatible with 8051. It integrates analog and digital peripherals and other functional components commonly used in data acquisition and control systems. The internal clock frequency can reach 48 MHz. It has an enhanced SPI interface, which can easily realize the control of nRF905.

2.1.2 Frequency Hopping Communication Module Hardware Circuit

The hardware circuit of the frequency hopping communication module is implemented by the single-chip RF transceiver chip nRF905 launched by Nordic. Its power consumption is very low. When transmitting with an output power of –10 dBm, the current is only 11 mA, and in the receiving mode, the current is 12.5 mA. The transmission distance is greater than 100 m. It works in 433/868/915 MHz3 ISM channels (free to use). nRF905 can automatically complete the processing of headers and cyclic redundancy code checks, and can automatically complete Manchester encoding/decoding by the hardware on the chip. It uses the SPI interface to communicate with the microcontroller. The configuration is very convenient and the performance is reliable. It can also realize manual carrier frequency control. It has 128 optional frequency points, the frequency point interval is 100 kHz, and the frequency point switching time is 650 μs, which can quickly realize frequency point switching. The chip can be used to form a wireless frequency hopping communication transceiver module. The module circuit and the microcontroller interface circuit are shown in Figure 2. The working mode configuration is realized by connecting to the microcontroller through PWR_UP, TRX_CE and TX_EN. Carrier detection, address detection and interrupt detection are performed through CD, AM and DR. The carrier frequency, communication instruction data format configuration and data reception are realized through the SPI interface to communicate with the microcontroller.

Figure 2 nRF905 and MCU interface circuit

2.1.3 Door and window monitoring module

By placing photoelectric detection diodes at the door and window openings, when the doors or windows are not locked, the corresponding photoelectric detection circuit will detect relevant information. When there is no one in the car, the on-board terminal will notify the car microprocessor system through the car main control interface to start the automatic door and window closing circuit, and remind the owner that the doors or windows are not locked. If the doors or windows are opened in the anti-theft state, an alarm signal will be issued.

2.1.4 Vehicle presence detection module

A pressure measuring device designed with strain resistors placed under the car seat is used to determine whether there is anyone in the car. If there is no one in the car and the car anti-theft lock system is not activated, the car will be automatically locked after a delay of 1 minute. If there is someone in the car when the car anti-theft lock is activated, it is possible that someone has stolen the car, and the anti-theft device will immediately sound an alarm.

2.1.5 External vibration detection module

The external vibration detection is used to detect whether someone collides with the car when the car is in anti-theft mode, and alarms if so. It uses the vibration sensor Z04B, which is a highly sensitive vibration module that can detect extremely weak vibration waves; it is easy to install and is not restricted by any angle; it has good anti-interference performance, no reaction to external sounds, and has the ability to resist lightning and firecracker interference. The output is a transient pulse, which is used to form a reliable car vibration detection module.

2.1.6 Power supply measurement and control module

A backup power management function is designed. When the main power of the car is cut off, the backup power supply will be used and the situation will be fed back to the car owner, improving the safety and reliability of the anti-theft system.

2.2 Circuit Design of Handheld Terminal

The human-held terminal completes the transmission of control commands such as locking and unlocking the car, and receives car-related information from the vehicle computer, such as vibration, door and window switch information, and issues voice prompts. It consists of a main control microcontroller circuit, a frequency hopping communication module, and a human-machine interface module, of which the main control microcontroller circuit and the frequency hopping communication module are the same as the vehicle-mounted terminal.

The human-machine interaction interface module circuit mainly uses a key circuit to complete the sending of human operation instructions, uses an LCD display circuit to make the operation more convenient, and uses ISD1820 to design a voice prompt circuit for alarm prompts and vehicle terminal command execution status prompts.

3. System software design and implementation

3.1 nRF905 configuration process and frequency hopping communication implementation

3.1.1 nRF905 configuration process

As shown in Figure 2, nRF905 controls the high and low levels of the three pins PWR_UP, TRX_CE and TX_EN of nRF905 through the CPU to determine its four working modes (as shown in Table 1), and performs carrier detection, address detection, and interrupt detection through the three pins CD, AM, and DR of nRF905. In the first two modes in Table 1, the MCU configures the five internal registers of nRF905 (status register, RF configuration register, transmit address register, transmit data register, and receive data register) through the SPI interface. Among them, the status register contains the data ready pin status information and the address matching pin status information; the RF configuration register contains the transceiver configuration information, such as frequency and output function; the transmit address register contains the address of the receiver and the number of bytes of data; the transmit data register contains the information of the data packet to be sent, such as the number of bytes; the receive data register contains the number of bytes of data to be received.

Table 1 nRF905 working mode

3.1.2 Wireless Transmission and Reception Process of nRF905

1) Transmission mode setting and process

a) After power-on, the MCU first configures the nRF905 mode, and first sets PWR_UP, TX_EN, and TRX_CE to (10X) configuration mode.

b) MCU moves the frequency configuration data of the RF register into the nRF905 module through SPI.

c) When the MCU has data to send to a specified node, the address (TX-address) and valid data (TX-payload) of the receiving node are transmitted to nRF905 through the SPI interface.

d) MCU sets TRX_CE, TX_EN to high to start transmission.

e) nRF905 internal processing: wireless system automatically powers on, data packet is completed (with preamble and CRC checksum), data packet is sent (1000kbps, GFSK, Manchester encoding).

2) Receiving mode

a) After power-on, the MCU first configures the nRF905 mode, and first sets PWR_UP, TX_EN, and TRX_CE to (10X) configuration mode.

b) MCU moves the frequency configuration data of the RF register into the nRF905 module through SPI.

c) Set TRX_CE high and TX_EN low to select RX mode, and nRF905 monitors the information in the air.

d) When nRF905 finds a carrier with the same frequency as the receiving frequency, the carrier detect (CD) is set high.

e) When the nRF905 receives a valid address, Address Match (AM) is set high.

f) When nRF905 receives a valid data packet (CRC check is correct), nRF905 removes the preamble, address and CRC bits, and Data Ready (DR) is set high.

g) MCU sets TRX_CE low and enters standby mode.

h) MCU can read out valid data through the SPI interface at an appropriate rate.

i) When all valid data are read out, nRF905 sets AM and DR to low.

3.1.3 Implementation of frequency hopping

nRF905 can realize artificial carrier frequency control. You only need to modify CH_NO and HFREQ_PLL of nRF905's RF operating frequency register to select different carrier frequencies and realize frequency hopping. If the bit variable HFREQ_PLL is 0, it means working in the 430 MHz frequency band with a channel difference of 100 kHz; if it is 1, it means working in the 868/915 MHz frequency band with a channel difference of 200 kHz. Therefore, there are 1 024 communication frequencies. The communication frequency (H) is H=(422.4+(CH_NO)10/10)×(1+HFREQ_PLL).

For example, CH_NO=(001001100)2=(76)10, HFREQ_PLL=0, then H=(422.4+76/10)×(1+0)=430.0 MHZ.

The system is uniformly set to work at a frequency band of 430 MHz, a channel difference of 100 kHz, a frequency interval of 100 kHz, a random number generated between 0 and 128, a frequency hopping bandwidth of 12.8 MHz, and a frequency hopping time of T ≤ 800 μs.

3.2 Reliability Design and System Implementation of Remote Control Anti-theft Device Based on Frequency Hopping Communication

3.2.1 Generate a random frequency hopping table to enhance security

In order to increase security, each pair of password locks not only has a unique 32-bit encrypted address but also has a one-to-one random frequency hopping table. When used for the first time, turn on the setting switches corresponding to the vehicle computer and the human-machine, and the human-held terminal can generate a random frequency hopping table and send the frequency hopping table to the vehicle terminal through the handshake frequency. When the return verification is correct, the frequency hopping table is stored in the non-volatile FLASH memory with power-off protection, and the setting switch is turned off. While ensuring that the two machines have a one-to-one corresponding frequency hopping table, the security of the frequency table is well protected. As long as both parties follow the pre-agreed CH_NO and HEFREQ_PLL values ​​that correspond to the frequency hopping table, frequency hopping communication can be achieved, which increases the reliability and security of wireless communication.

3.2.2 Set handshake and error and packet loss return frequencies to ensure reliable communication

A prominent problem of frequency hopping communication is that although the reliability is high, once the communication errors occur between the two parties, the data read from the frequency hopping table will be inconsistent, and the system will be confused and unable to communicate. In order to solve this problem and improve the security and reliability of the anti-theft device, the system sets a fixed frequency as the handshake frequency. The communication between the human-machine and the vehicle machine is first connected by handshake at a handshake frequency set by both parties. This frequency only carries the target address and the handshake request or response signal, and even if it is intercepted, it does not affect the security of the system. When the system has a problem and the communication between the two parties is unsuccessful, it immediately returns to the handshake frequency and restarts the communication from the initial value of the frequency hopping table. During the transmission of a command information, the interruption is shielded to ensure the reliable transmission of information.

3.2.3 System working process

After the system is powered on and the frequency hopping table is initialized, both the human machine and the vehicle machine set the system's working mode (Set nRF905 Mode) and configure the registers of nRF905 (Configure Register) to make it work in the handshake frequency and receiving mode (RX Mode). When one end receives an interrupt request (owner's command/alarm information, etc.), it initiates a handshake request. After the handshake is completed, two frequency hopping communication processes are performed to complete the transmission and feedback of the information. During the transmission process, the time for the sender to wait for a response or feedback after sending a handshake request or command shall not exceed 200 ms, otherwise it is considered that the communication is wrong and the initiator re-initiates the request.

Taking the locking command issued by the car owner as an example, the entire working process of the system is shown in Figure 3. The process of sending commands from other car owners and sending vehicle alarm information is similar.

Figure 3 Anti-theft device working process diagram

4 Conclusion

After testing, the reliable communication distance of the system in the community can reach 150 meters, which meets the actual application requirements of general car anti-theft devices. The use of frequency hopping communication ensures that the anti-theft device is not easily intercepted and cracked. Through the optimization design of the communication scheme, the communication reliability of frequency hopping is guaranteed, and the safety and reliability of the anti-theft device are further improved. After simplifying the peripheral circuit design of the system, it can also be used for motorcycle anti-theft and other anti-theft systems.