Security analysis of a widely deployed locking system

Authors:
Michael Weiner;Maurice Massar;Erik Tews;Dennis Giese;Wolfgang Wieser
Affiliations:
Technische Universität München, Munich, Germany;Technische Universität Kaiserslautern, Kaiserslautern, Germany;Technische Universität Darmstadt, Darmstadt, Germany;Technische Universität Darmstadt, Darmstadt, Germany;Ludwig-Maximilians-Universität, Munich, Germany
Venue:
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Year:
2013

Citing 7
Cited 0

Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Electromagnetic Analysis: Concrete Results

CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)

Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Dismantling MIFARE Classic

ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Breaking KeeLoq in a Flash: On Extracting Keys at Lightning Speed

AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
Side channel analysis of AVR XMEGA crypto engine

WESS '09 Proceedings of the 4th Workshop on Embedded Systems Security
Peeling away layers of an RFID security system

FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Electronic locking systems are rather new products in the physical access control market. In contrast to mechanical locking systems, they provide several convenient features such as more flexible access rights management, the possibility to revoke physical keys and the claim that electronic keys cannot be cloned as easily as their mechanical counterparts. While for some electronic locks, mechanical flaws have been found, only a few publications analyzed the cryptographic security of electronic locking systems. In this paper, we analyzed the electronic security of an electronic locking system which is still widely deployed in the field. We reverse-engineered the radio protocol and cryptographic primitives used in the system. While we consider the system concepts to be well-designed, we discovered some implementation flaws that allow the extraction of a system-wide master secret with a brute force attack or by performing a Differential Power Analysis attack to any electronic key. In addition, we discovered a weakness in the Random Number Generator that allows opening a door without breaking cryptography under certain circumstances. We suggest administrative and technical countermeasures against all proposed attacks. Finally, we give an examination of electronic lock security standards and recommend changes to one widely used standard that can help to improve the security of newly developed products.