Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
I took a look at the MIT Guide to Lock Picking August 1991 revision at http://www.lysator.liu.se/mit-guide/mit-guide.html It says: 9.10 Master Keys Many applications require keys that open only a single lock and keys that open a group of locks. The keys that open a single lock are called change keys and the keys that open multiple locks are called master keys. To allow both the change key and the master key to open the same lock, a locksmith adds an extra pin called a spacer to some of the pin columns. See Figure 9.8. The effect of the spacer is to create two gaps in the pin column that could be lined up with the sheer line. Usually the change key aligns the top of the spacer with the sheer line, and the master key aligns the bottom of the spacer with the sheer line (the idea is to prevent people from filing down a change key to get a master key). In either case the plug is free to rotate. The parenthetical comment suggests awareness of the general vulnerability Matt exploited, but I suspect that had the authors known the multiple partial copy trick Matt described, they would have published it. Arnold Reinhold - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
At 09:12 PM 01/26/2003 -0500, Donald Eastlake 3rd wrote: It's just silly to spend, say, $50 more, on a more secure lock unless you are really willing, in the forseeable future, to spend hundreds or thousands of dollars or even more on other weaknesses to make most of them approximately as strong. Defense in depth is certainly important for physical security, for serial attacks as well as parallel attacks. A long long time ago, in a phone company far far away, about two floors down from where Matt Blaze was working, I ran the computers and some other operations for a workroom that did classified government processing. The higher-security data lived in safes when we weren't actively using it, as did any classified backup magtapes. (Computers were still big then, and the removable disk packs were roughly 14 diameter, 8 high, 250MB.) The TEMPEST room they lived in didn't have locks on it, just annoyingly unreliable electrical airlock doors. It lived inside a room that had several inches of sheetrock and wiremesh walls, and a door that had two locks - a classified-rated Sergeant Greenleaf mechanical combination lock, which we used when the room was unattended, and an electronic-pushbutton combination lock which was enough when the room wasn't attended by a guard at the front desk, plus there were motion-detector alarms set when it wasn't attended. Army Reg 380-380 didn't require that the room be impregnable to people with sawzalls and dynamite - just that it be hard to break into, and extremely hard to break into without leaving an obvious mess, and a guard schedule appropriate for the level of difficulty breaking in. There are also other factors in planning physical security. I've had to actually break through a wall because an electronic lock's battery back up power died because the transformer for a building was being replaced and it had absolutely no power feed for a few days. The repair of such wall damage is an expense. Mechanical devices do not have the problem of requiring power (PS: Brass is self lubricating). One of the screws holding the SG lock to the doorframe came loose and jammed the lock. We had to call a locksmith to drill it out, and it took him about the required two hours to do it. (If there'd been an emergency, we'd have sawzalled the door.) The electronic lock jammed a couple of times, and it wasn't hard to jimmy the door enough with a fireman's prybar to use a screwdriver to open the latch, but we let the guards know before we started. The real security problem was when somebody built another secure lab next door, with what was supposed to be a high-spookiness-quality alarm system; it took a long time to figure out that most of the false alarms were from the guards' walkie-talkies causing electrical interference, and got them instructed not to press talk in that hallway unless there was something seriously suspicious going on... and got them instructed to call the other guy, not me, if there was an alarm :-) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
My message was not a reply to Matt's paper. It was a reply to a message that said, approximately, If I wanted to SECURE A BUILDING the first thing I would do is worry about the LOCK and replace it with an electric lock... It did NOT say If I wanted to SECURE A LOCK My reply was to point out that the suggested strategy for securing a building would almost always be the wrong strategy. I agree that locks and methods of defeating them are intersting. Thanks, Donald == Donald E. Eastlake 3rd [EMAIL PROTECTED] 155 Beaver Street +1-508-634-2066(h) +1-508-851-8280(w) Milford, MA 01757 USA [EMAIL PROTECTED] On Mon, 27 Jan 2003, Faust wrote: Date: Mon, 27 Jan 2003 13:57:30 + From: Faust [EMAIL PROTECTED] To: Donald Eastlake 3rd [EMAIL PROTECTED] Cc: Pete Chown [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs) You are coming at this from a software/computer mindset that just isn't applicable to this sort of physical world security. Matt's paper was about _locks_. In case you have forgotten, the title was Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks. To weakly criticize his paper because it did not talk about the cost of fabrication or physical tolerances misses the point entirely. There _are_ situations where information leakage is of concern. I can imagine other applications of Matt's methods to other forms of physical security. In any case, it is intrinsically interesting In practice, social engineering is far easier to use to access secure premises. Bribe a guard, go to bed with a person with access etc.. However, that is not the proper domain of a study of rights amplification. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
On Mon, 27 Jan 2003, Faust wrote: Bribe a guard, go to bed with a person with access etc.. However, that is not the proper domain of a study of rights amplification. I'm actually not sure of that. I think that an organized case-by-case study of social engineering breaches would be valuable reading material for security consultants, HR staff, employers, designers, and psychologists. It's not actually the study of cryptography, but it's a topic near and dear to the heart of those who need security, just as Matt's paper on locks. Bear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
On Sat, 25 Jan 2003, Sampo Syreeni wrote: Sure. But trying those combinations out can be automated -- I don't think the kind of automatic lock pickers one sees in current action movies are *entirely* fictional. There are several types of devices that can convince a keylock to open. One of them is a kind of spring-loaded bar, usually on a handle. The bar is inserted into the keyhole, and then the spring is released and a weight whacks the bar fairly hard. This transmits the shock to the pins resting on the bar, and thence to the other side of the pins resting across the cut from the shocked side. The result is that the pins fly apart momentarily against the retaining springs. If your timing is good, you can turn the lock immediately after the 'snap' of the spring slamming shut. It usually takes an experienced user no more than three or four tries to get the timing right. This is actually a very simple device to construct. I ran across it in a book on locks and mechanisms. Some folks call it an automatic lock picker, but it's really just a snap mechanism. I've never actually seen one in person, but I can give you the name and publication date of the pamphlet I saw it in if I can find it around here. Bear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
On Sat, 25 Jan 2003, Pete Chown wrote: Date: Sat, 25 Jan 2003 11:53:23 + From: Pete Chown [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs) Len Sassaman wrote: Most of the time, the lock is not the weakest point of attack. Isn't this like saying that cryptography isn't important, because most real world attacks aren't cipher breaks? Also, if you pick the lock, You are coming at this from a software/computer mindset that just isn't applicable to this sort of physical world security. Sure, in the ~0 fabrication and distribution cost world of software, you might as well use strong crypto because its costs ~0 and probably a lot of the other weaknesses are also software and can also be avoided for ~0 cost. If you can think of a more secure physical lock design that is CHEAPER, run out and patent it now. You will probably make money. But most substantially more secure physical locks are substantially more expensive to fabric being more complex and frequently requiring tighter mechanical tolerances. potentially no one will know that you gained access. An ordinary burglar can just break a window, but someone with a more subtle reason for wanting to gain access may not want to. It is usually not that hard to gain invisible access even with quite crude methods. If I wanted to make a building physically secure, my instinct would be to use electronic locks. While attacks on, say, an iButton are probably possible, it seems to me that it must be an order of magnitude more difficult than attacking a mechanical lock. The lock almost never has anything to do with it. Why is it you never see simple pin tumbler locks on safes and vaults? Because, with substantial metal and/or solid reinforced concrete walls on all sides and no windows, it is actually worth the cost of good combination locks, possibly with time lock in addition. If I wanted to make a building more secure, even if for some reason I'm just looking at the only door, there are a lot of things I'd look at right away: Are the hinges on the outside and if so what steps have beeen taken to stop someone from removing the hinge pins and removing the door? Is there an astragal to stop people from credit-carding the door? What steps have been made to stop someone from spreading the door frame so that any bolts no longer latch? If there is a lock cylinder, can you just unscrew it from the outside and open the door with a scredriver (I have determined by experimentation that most cylinder set screws will easily give way and allow you to unscrew the cylinder with minimal damage)? Is there any kind of opening above the door, like a transom (even if it is tiny, you may be able to drop a loop down inside and turn the internal door knob, opening the door despite its being locked for the outside knob)? Etc. Etc. Oh, and I suppose you could think about attacks on the security of the lock itself, which is probably pin tumbler. But it probably has lots of window/wall/roof/basement/etc. weaknesses that have nothing to do with the door. It's just silly to spend, say, $50 more, on a more secure lock unless you are really willing, in the forseeable future, to spend hundreds or thousands of dollars or even more on other weaknesses to make most of them approximately as strong. There are also other factors in planning physical security. I've had to actually break through a wall because an electronic lock's battery back up power died because the transformer for a building was being replaced and it had absolutely no power feed for a few days. The repair of such wall damage is an expense. Mechanical devices do not have the problem of requiring power (PS: Brass is self lubricating). Now, I'm not an expert on locks, so firstly am I right? If so, does this mean that high security mechanical locks will gradually disappear? There are markets for a wide variety of locks. I do not believe that high security or low security mechanical locks will disappear in my lifetime. Thanks, Donald == Donald E. Eastlake 3rd [EMAIL PROTECTED] 155 Beaver Street +1-508-634-2066(h) +1-508-851-8280(w) Milford, MA 01757 USA [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
You are coming at this from a software/computer mindset that just isn't applicable to this sort of physical world security. Matt's paper was about _locks_. In case you have forgotten, the title was Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks. To weakly criticize his paper because it did not talk about the cost of fabrication or physical tolerances misses the point entirely. There _are_ situations where information leakage is of concern. I can imagine other applications of Matt's methods to other forms of physical security. In any case, it is intrinsically interesting In practice, social engineering is far easier to use to access secure premises. Bribe a guard, go to bed with a person with access etc.. However, that is not the proper domain of a study of rights amplification. -- natsu-gusa ya / tsuwamono-domo-ga / yume no ato summer grasses / strong ones / dreams site Summer grasses, All that remains Of soldier's dreams (Basho trans. Stryk) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
On 24 Jan 2003, David Wagner wrote: If those locksmiths didn't publish the vulnerability, phooey on them. Matt Blaze deserves full credit for being the first to publish. I'm fairly certain this has been published in locksmithing journals previously, though I would have to do some digging to prove that. What good is it to know about a vulnerability if you never warn the users and never fix the weakness? It is the prevailing opinion in the physical security space that users are not the best qualified to judge their own threat models. Whether or not this is correct could be up for debate, but trying to force high-security locks on someone who doesn't need it is viewed with the same sort of disdain that you might have for a company trying to sell Tempest-shielding to a small business owners. The actual lock is very rarely the point of least resistance for an attack. [These and other weaknesses are, in fact, addressed in a number of high-security locks. Most users won't want to pay for them.] In scientific research, we credit the first person to publish new knowledge. Sure, maybe you've invented a cure for cancer ... but if you don't tell anyone, you don't get the credit, and you haven't done much good for the world. I think, on balance, Matt Blaze's paper seems likely to be beneficial for users of locks. It helps us more accurately evaluate our own security and be smarter about how we select physical security defenses. That seems likely to lead to greater security for all of us in the end. We should be grateful to Blaze for publishing, not dismissive. Matt's paper is beneficial to fledgling locksmiths, but I'm uncertain if it will have any effect on users. Perhaps I'm cynical. Here's a story you might find interesting. A few years ago, a certain employee of a Silicon Valley company with which both you and Matt may be familiar asked me to evaluate the physical defenses of one of their facilities. The goal was to see how close I could get to the center of the building. They had a magnetically-sealed front door, a hand geometry scanner on one inner door, iButton access on another, and fairly secure physical lock cylinders. I was able to get inside with nothing more than a coat hanger, credit card, and a pen knife. This is the reality of physical security. Designing a burglar-proof installation is tricky business, and using secure locks is usually the least of the problem. A user who needs full security should be engaging a qualified physical security specialist to do the design and installation, and a security professional who knows how to address all the other potential attacks will surely be aware of key decoding techniques, and how to defend against them. Matt's technique is clever, and I am impressed that he came up with it on his own. His paper is well-written, and explains a lot about master-keyed systems in general. People interested in becoming locksmiths or entering the physical security business will definitely want to read it. I don't think it is going to significantly increase security in the real world, however. --Len. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
Actually even in their Biaxial design the sidebar hole is always on the bottom pin, and so the master shares the angle with the change keys. -matt There is, however, a newer medeco design that uses a drill-hole instead of a groove. With that design you can have the pin twist be different at different pin-heights (by putting the drill-hole at a different twist-angle). I don't think this attack would work quite as easily on this design. -derek - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
Matt Blaze [EMAIL PROTECTED] writes: I have no particular interest in seeing you eat crickets (and before I went veggie I've eaten a few myself; taste like whatever they're cooked in), but I've done it on Medecos; it's no problem. Having taken apart Medeco's before, I have to agree with Matt that this attack would work fine on old-style medecos with a groove for the the turn-bar. This means the twist is the same at all pin heights for any particular pin. The angles will be the same on the master as the change key; only the cut depth will differ. If you have a code cutter at the oracle lock it's no different from doing the attack regular locks, except that Medeco's MACS restrictions mean you have to be careful about whether you use the change depth or previously learned master depth at the positions adjacent to the position under test. If you're using a file at the oracle lock, just use a code machine to pre-cut a #1 cut at the right angle at each position; the sharp angle actually makes filing a bit easier than on locks with a standard cut. There is, however, a newer medeco design that uses a drill-hole instead of a groove. With that design you can have the pin twist be different at different pin-heights (by putting the drill-hole at a different twist-angle). I don't think this attack would work quite as easily on this design. -derek -- Derek Atkins Computer and Internet Security Consultant [EMAIL PROTECTED] www.ihtfp.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
On Fri, 24 Jan 2003, Matt Blaze wrote: I have no particular interest in seeing you eat crickets (and before I went veggie I've eaten a few myself; taste like whatever they're cooked in), but I've done it on Medecos; it's no problem. Well, unfortunately I specified live, which probably precludes the cooking bit. Hmm. Cricket fondue, perhaps. The angles will be the same on the master as the change key; only the cut depth will differ. That isn't necessarily the case. High-security Medecos can have multiple valid pin rotation positions -- the pin's angled surface doesn't need to be flush with the key. This allows much larger number of possible pin combinations, and I think it would make your attack infeasible in practice (particularly since the attacker presumably doesn't know if there are dummy steps added, or if the key is part of a master-ring system. That's a lot of work to do only to find out the attack wouldn't have worked in the first place.) If you have a code cutter at the oracle lock it's no different from doing the attack regular locks, except that Medeco's MACS restrictions mean you have to be careful about whether you use the change depth or previously learned master depth at the positions adjacent to the position under test. That would certainly be true. If you're using a file at the oracle lock, just use a code machine to pre-cut a #1 cut at the right angle at each position; the sharp angle actually makes filing a bit easier than on locks with a standard cut. I recommend a light garlic sauce. *grin* Have you found a source for the factory-controlled Medeco key blanks? --Len. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
The fact that the hole is on the bottom pin is not important. What is important is that the hole at the change-key height does not need to be at the same angular position as the hole at the master-key height. It's hard to draw ascii art to show what I mean, but because the twist holes are at a particular height when the key is inserted, you can certainly see how at different heights the holes can be in different locations. -derek Matt Blaze [EMAIL PROTECTED] writes: Actually even in their Biaxial design the sidebar hole is always on the bottom pin, and so the master shares the angle with the change keys. -matt There is, however, a newer medeco design that uses a drill-hole instead of a groove. With that design you can have the pin twist be different at different pin-heights (by putting the drill-hole at a different twist-angle). I don't think this attack would work quite as easily on this design. -derek -- Derek Atkins Computer and Internet Security Consultant [EMAIL PROTECTED] www.ihtfp.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]