All (well, most of) your electronic keys…

April 4, 2008

…are belong to us, or them, depending on how you look at it… A German team of scientists (crackers, in this instance!) have broken the hardware based block cipher as used in Keeloq electronic key devices,  currently utilised by Honda, Toyota, Volvo, Volkswagen and other manufacturers to securely transmit access codes that are transmitted using radio frequency identification technology.The hardware-based block cipher is made by US-based Microchip Technology.

The weak link here is poor key management, where each key is derived from a master key that’s stored in the reading device. Additionally, the cryptographic output uses a proprietary algorithm which is known to be weak.

The algorithm in use has been kept “secret” for the last couple of decades, until it was noticed on Wikipedia by the research scientists, who immediately saw it’s weakness.

An excerpt from Wikipedia follows;

” KeeLoq is a proprietary hardware-dedicated NLFSR-based block cipher. The uni-directional command transfer protocol was designed by Frederick Bruwer PhD, CEO at Nanoteq (Pty) Ltd and the crypto algorithm was done by Professor Gideon Kuhn with the silicon implementation by Willem Smit, PhD at Nanoteq Pty Ltd (South Africa) in the mid 80’s and sold to Microchip Technology Inc in 1995 for $10 million. It’s used in “code hopping” encoders and decoders such as NTQ105/106/115/125D/129D and HCS101/2XX/3XX/4XX/5XX. KeeLoq is used in the majority of remote keyless entry systems by such companies as Chrysler, Daewoo, Fiat, GM, Honda, Toyota, Volvo, VW, Clifford, Shurlok, Jaguar, etc  ”

Back to the big physical locks, pits, traps and dogs, then ;) Seriously though,

Kerckhoffs’ principle, presented in 1883.

If this system depends on the algorithm being a secret, it’s improperly designed.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: