Breaking KeeLoq in a Flash: On Extracting Keys at Lightning Speed

Authors:
Markus Kasper;Timo Kasper;Amir Moradi;Christof Paar
Affiliations:
Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany;Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany;Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany;Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany
Venue:
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
Year:
2009

Citing 5
Cited 6

Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Power Analysis Attacks of Modular Exponentiation in Smartcards

CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Algebraic and Slide Attacks on KeeLoq

Fast Software Encryption
On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme

CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
A practical attack on KeeLoq

EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology

Practical power analysis attacks on software implementations of mceliece

PQCrypto'10 Proceedings of the Third international conference on Post-Quantum Cryptography
Power analysis of atmel cryptomemory --- recovering keys from secure EEPROMs

CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Gone in 360 seconds: Hijacking with Hitag2

Security'12 Proceedings of the 21st USENIX conference on Security symposium
Smart keys for cyber-cars: secure smartphone-based NFC-enabled car immobilizer

Proceedings of the third ACM conference on Data and application security and privacy
Leakage Mapping: A Systematic Methodology for Assessing the Side-Channel Information Leakage of Cryptographic Implementations

ACM Transactions on Information and System Security (TISSEC)
Security analysis of a widely deployed locking system

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Quantified Score

Hi-index	0.01

Visualization

Abstract

We present the first simple power analysis (SPA) of software implementations of KeeLoq . Our attack drastically reduces the efforts required for a complete break of remote keyless entry (RKE) systems based on KeeLoq . We analyze implementations of KeeLoq on microcontrollers and exploit timing vulnerabilities to develop an attack that allows for a practical key recovery within seconds of computation time, thereby significantly outperforming all existing attacks: Only one single measurement of a section of a KeeLoq decryption is sufficient to extract the 64 bit master key of commercial products, without the prior knowledge of neither plaintext nor ciphertext. We further introduce techniques for effectively realizing an automatic SPA and a method for circumventing a simple countermeasure, that can also be applied for analyzing other implementations of cryptography on microcontrollers.