Auto Keys RNG

Fri, 22 Feb 2002 10:33:26 -0800 

It's been a while since automobile ignition key crypto was
discussed here. An update below from the NY Times.

And what effect on auto theft of the Datacard thievery 
Bill Stewart got differentialed by at RSA? On electronic
sneak attacks, there's a succinct description of NONSTOP,
HIJACK and TEAPOT thievery by way of violating encrypted 
cellphones toward the bottom of this page:

  http://www.tscm.com/stu.html


http://www.nytimes.com/2002/02/22/automobiles/22CARS.html

[Excerpts]

If you lose the key for a new Lexus RX 300, one northern
Virginia dealer charges $300 for a replacement. Even for
a plain-jane Taurus, the price is $130 at a Ford dealer
here. Neither price is unusual. Dealers have the market
mostly to themselves; very few locksmiths or hardware
stores can copy the keys to late-model cars.

The technology is beyond their capabilities. For most new
cars, from the top of the price scale to the bottom, the key
is no longer a sliver of notched metal that simply works a
mechanical lock; it is now part of an electronic access
system, with computer- encoded passwords worthy of
James Bond.

Colloquially, the new keys are said to have a computer
chip inside. Actually, the head of the key contains a tiny
robot radio that communicates with the car. Their
electronic handshake may include 19 digits, which allows
10 billion-billion combinations.

While this makes life more complicated for car owners, it
poses a bigger hurdle for car thieves, who so far have not
caught up. The new keys have helped to slash the theft rate
on some models by 90 percent.

The technology differs among manufacturers, but all are
similar. At the heart of the system is a tiny electronic
device embedded in the head of the key. This device,
called a transponder, is essentially a radio that responds
to a query from another radio.

In older systems, the car sends a question and the key
gives a fixed answer. In newer models, Mr. Sabetti said,
the car has a random number generator, sending a different
message each time the key is inserted.

"When the random number is sent to the key head, the key
modifies it in a way that would only be known to the
vehicle," he said. The answer from the key "has virtually
no relationship to the message sent to the key in the first
place," he said, or at least none that an electronic
eavesdropper could discern. To anyone who intercepted
the electronic message, "it would look like garbage," he
said.

Moving to the transponder system has had several effects.
One is to cut out locksmiths. "It can run up to $50,000 for
the equipment to duplicate the keys for cars," said Randy
L. Simpson, president of the Associated Locksmiths of
America, a trade association based in Dallas. And that is
for each manufacturer; equipping a shop to make keys for
all car brands would be well beyond the means of most
locksmiths.

For example, on a 2001 Ford Taurus, the car can "teach" a
key the proper code. But it is built to do so only if the
technician starts the car with one of the keys that came
with the vehicle, turns it off, starts the car with the second
key that came with the vehicle, turns it off, and then inserts
the new key  with the metal shaft mechanically cut and
the transponder unprogrammed and awaiting instructions.

General Motors' keys have a mere 137 billion possible
combinations, and a dealer can make a copy with only one
of the factory- original keys to work with. But they have
another refinement; the systems recognize the difference
between a full-access key and a "valet" key that will start
the car but cannot be used to "teach" a new key the car's
combination, said David T. Proefke, engineering group
manager for vehicle security.

But however good the system is, Mr. Simpson of the
locksmiths association said this was not the last step in
car security. "They haven't defeated it yet," he said. "But
I'm sure it's just a matter of time."

-----

Reply via email to