Re: Want to drive a Jaguar?

2008-04-02 Thread Stefan Kelm
Peter Gutmann wrote:
   Physical Cryptanalysis of KeeLoq Code Hopping Applications

Addition (

Scientists at the Ruhr-Universit├Ąt Bochum[1] have defeated the Keeloq[2]
immobiliser and door opener used in many cars. Attackers need only
intercept two transmissions between the transmitter and receiver in
order to clone the digital key and gain access to the car. Microchip
Technology's RFID-based KeeLoq process, is used in automobiles
manufactured by Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota
(Lexus), Volvo, Volkswagen and Jaguar. KeeLoq is also used in building
access systems and garage door openers. Signal interception is possible
at a range of 100 metres, according to Professor Christof Paar of the
School of Electronics and Information Technology. In addition to gaining
unauthorised access, the systems can be manipulated, denying the
rightful owners access.

Both the KeeLoq transmitter and receiver encrypt their signals. A
proprietary, non-linear encryption algorithm is used which encrypts
controller commands with a unique code before transmission to the
vehicle. A 32 bit initialisation vector together with a 32 bit hopping
code is used as a key. An ID unique to each electronic key is added to
the calculation.

But there is also a manufacturer's master key for all of the products in
a series. This is precisely what Professor Paar's Bochum group was able
to retrieve using a procedure known as side channel analysis. To obtain
the master key the researchers used differential power analysis (DPA)
and differential electromagnetic analysis (DEMA) at both the transmitter
and receiver during the transmission. Once the master key is known, only
two transmissions are needed in order to obtain the crypto key of a
particular KeeLoq remote control. The vulnerability was tested on
commercial systems, according the Bochum scientists.

In early February the researchers presented a detailed description[3] of
the attack that required them to intercept a number of activation
procedures in order to obtain the manufacturer's key. At the CRYPTO 2007
cryptography conference, an international group of researchers presented
a method by which the individual keys could be cracked[4] using
distributed computing.




Identity Management Symposium 22.-23.04.2008 KA/Ettlingen
Stefan Kelm
Security Consultant

Secorvo Security Consulting GmbH
Ettlinger Strasse 12-14, D-76137 Karlsruhe
Tel. +49 721 255171-304, Fax +49 721 255171-100
PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B

Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Want to drive a Jaguar?

2008-02-09 Thread Peter Gutmann
  Physical Cryptanalysis of KeeLoq Code Hopping Applications

  Recently, some mathematical weaknesses of the KeeLoq algorithm have been
  reported. All of the proposed attacks need at least 2^16 known or chosen
  plaintexts. In real-world applications of KeeLoq, especially in remote
  keyless entry systems using a so-called code hopping mechanism, obtaining
  this amount of plaintext-ciphertext pairs is rather impractical. We present
  the first successful DPA attacks on numerous commercially available products
  employing KeeLoq code hopping. Using our proposed techniques we are able to
  reveal not only the secret key of remote transmitters in less that one hour,
  but also the manufacturer key of receivers in less than one day. Knowing the
  manufacturer key allows for creating an arbitrary number of valid
  transmitter keys.

KeeLoq is used in large numbers of car keyless-entry systems.  Ouch.


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]