The Design of Rijndael
Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks
Proceedings of the 7th International Workshop on Security Protocols
Picking Virtual Pockets using Relay Attacks on Contactless Smartcard
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Practical Attacks on Proximity Identification Systems (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Security analysis of a cryptographically-enabled RFID device
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
How to build a low-cost, extended-range RFID skimmer
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Algebraic and Slide Attacks on KeeLoq
Fast Software Encryption
A Practical Attack on the MIFARE Classic
CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Design of an In-vehicle Anti-theft Component
ISDA '08 Proceedings of the 2008 Eighth International Conference on Intelligent Systems Design and Applications - Volume 01
Reverse-engineering a cryptographic RFID tag
SS'08 Proceedings of the 17th conference on Security symposium
Breaking KeeLoq in a Flash: On Extracting Keys at Lightning Speed
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
Extending SAT Solvers to Cryptographic Problems
SAT '09 Proceedings of the 12th International Conference on Theory and Applications of Satisfiability Testing
Wirelessly Pickpocketing a Mifare Classic Card
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Practical Algebraic Attacks on the Hitag2 Stream Cipher
ISC '09 Proceedings of the 12th International Conference on Information Security
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Dismantling SecureMemory, CryptoMemory and CryptoRF
Proceedings of the 17th ACM conference on Computer and communications security
Cryptanalysis of the atmel cipher in secure memory, cryptoMemory and crypto RF
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Exposing iClass key diversification
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
Breaking Hitag2 with Reconfigurable Hardware
DSD '11 Proceedings of the 2011 14th Euromicro Conference on Digital System Design
An open approach for designing secure electronic immobilizers
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Improved time-memory trade-offs with multiple data
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
Power analysis of atmel cryptomemory --- recovering keys from secure EEPROMs
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Cube cryptanalysis of hitag2 stream cipher
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
A cryptanalytic time-memory trade-off
IEEE Transactions on Information Theory
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Smart keys for cyber-cars: secure smartphone-based NFC-enabled car immobilizer
Proceedings of the third ACM conference on Data and application security and privacy
Efficient hardware implementation of the stream cipher WG-16 with composite field arithmetic
Proceedings of the 3rd international workshop on Trustworthy embedded devices
Trust assurance levels of cybercars in v2x communication
Proceedings of the 2013 ACM workshop on Security, privacy & dependability for cyber vehicles
Hi-index | 0.00 |
An electronic vehicle immobilizer is an anti-theft device which prevents the engine of the vehicle from starting unless the corresponding transponder is present. Such a transponder is a passive RFID tag which is embedded in the car key and wirelessly authenticates to the vehicle. It prevents a perpetrator from hot-wiring the vehicle or starting the car by forcing the mechanical lock. Having such an immobilizer is required by law in several countries. Hitag2, introduced in 1996, is currently the most widely used transponder in the car immobilizer industry. It is used by at least 34 car makes and fitted in more than 200 different car models. Hitag2 uses a proprietary stream cipher with 48-bit keys for authentication and confidentiality. This article reveals several weaknesses in the design of the cipher and presents three practical attacks that recover the secret key using only wireless communication. The most serious attack recovers the secret key from a car in less than six minutes using ordinary hardware. This attack allows an adversary to bypass the cryptographic authentication, leaving only the mechanical key as safeguard. This is even more sensitive on vehicles where the physical key has been replaced by a keyless entry system based on Hitag2. During our experiments we managed to recover the secret key and start the engine of many vehicles from various makes using our transponder emulating device. These experiments also revealed several implementation weaknesses in the immobilizer units.