A complete break of the KeeLoq access control system.
The KeeLoq encryption algorithm is widely used for security relevant applications in the form of passive Radio Frequency Identification (RFID) transponders for physical access control systems, e.g., for garage door opening or building access.
We present the first successful DPA (Differential Power Analysis) attacks on numerous commercially available products employing KeeLoq. These so-called side-channel attacks are based on measuring and evaluating the power consumption of a KeeLoq device during its operation. Using our techniques, an attacker can reveal not only the secret key of remote controls in less than one hour, but also the manufacturer key of the corresponding receivers in less than one day. Knowing the manufacturer key allows for creating an arbitrary number of valid new keys and generating new remote controls.
We further propose a new eavesdropping attack for which monitoring of two ciphertexts, sent from a remote control employing KeeLoq code hopping (car key, garage door opener, etc.), is sufficient to recover the device key of the remote control. Hence, using the methods described by us, an attacker can clone a remote control from a distance and gain access to a target that is protected by the claimed to be "highly secure" KeeLoq algorithm.
We consider our attacks to be of serious practical interest, as commercial KeeLoq access control systems can be overcome with modest effort.
- July 19, 2009: Update on Attacks, Simple Power Analysis is possible
- December 27, 2008: Presentation on the 25th Chaos Communication Congress in Berlin
- May 6, 2008: KeeLoq paper accepted at Crypto 2008
- April 5, 2008: EMSEC demonstrates KeeLoq attacks on German television
(Attention, large file!)
Or play it online:
- March 31, 2008: Press Release about the KeeLoq attack available
- March 29, 2008: Website launched
|This website has been launched.|
- February 2, 2008: Scientific paper on KeeLoq attack released
- December 2007
|We succeed with recovering both the manufacturer key and the device key from several real-world systems emplyoing the KeeLoq cipher. We inform one manufacturer of KeeLoq products about the attacks.|