KeeLoq - Physical Cryptoanalysis A complete break of an access control system
The KeeLoq encryption algorithm is widely used for security relevant applications, e.g., in the form of passive Radio Frequency Identification (RFID) transponders for car immobilizers and in various access control and Remote Keyless Entry (RKE) systems, e.g., for opening car doors and garage doors.
We present the first successful DPA (Differential Power Analysis) attacks on numerous commercially available products employing KeeLoq.
We further propose a new eavesdropping attack for which monitoring of two ciphertexts, sent from a remote control employing KeeLoq code hopping (car key, garage door opener, etc.), is sufficient to recover the device key of the remote control. Hence, using the methods described by us, an attacker can clone a remote control from a distance and gain access to a target that is protected by the claimed to be "highly secure" KeeLoq algorithm.
We were engaged in ECRYPT, the European Network of Excellence for Cryptology. ECRYPT was a 4-year network of excellence funded by the European Commission under contract number IST-2002-507932 and was launched on February 1st, 2004. Its objective was to intensify the collaboration of European researchers in information security, and more in particular in cryptology and digital watermarking. HGI Bochum and DTU Copenhagen were the leaders of the Secure and efficient implementations virtual lab (VAMPIRE).
We maintained the
We are also one of the partners of ECRYPT II, the successor of ECRYPT. ECRYPT II - European Network of Excellence for Cryptology II is a 4-year network of excellence funded within the Information & Communication Technologies (ICT) Programme of the European Commission's Seventh Framework Programme (FP7) under contract number ICT-2007-216676. It falls under the action line Secure, dependable and trusted infrastructures. ECRYPT II started on 1 August 2008. Its objective is to continue intensifying the collaboration of European researchers in information security. Our main activity is within Virtual Applications and Implementations Research Lab (VAMPIRE).
The project "Ubiquitous Sensing and Security in the European Homeland" (UbiSec&Sens) deals among other things with wireless sensore networks. Eight partners of industry, universities and research facilities from all over Europe are involved in this project. By the European Commission it is founded as Target Research Project under the 6th Framework program.
- More information:www.ist-ubisecsens.org.
Due to the increasing mobility of computing-devices such as smartphones or tablets, the requirements regarding the storage of data have changed. Considering the paradigma of storing data "in the cloud" - and with an eye on recent security breaches in this context - it is obvious that new mechanisms are needed to ensure the confidentiality of data.
In this project, new concepts for „Secure Ad-hoc On Demand Virtual Private Storage“ will be developed. A key feature will be to to ensure that all data stored "in the cloud" is encrypted and the corresponding keys are stored on highly secure smartcards.
- More information: www.sec2.org.
In the field of soft- and hardwaredevelopment for embedded and mobile systems the attackresistance of security sensitive modules with respect to side-channel analysis is of crucial importance. Efficient tools for analysis are in general based on sophisticated stochastic methods. The next generation of attackmethods especially consists of variants and improvements of these methods. This poses a major threat to embedded systems. By embedding side-channel analysis into the design and development processes for new products, the same tools can be used to strengthen the proactive protection and hardening of the involved components. The BMBF project RESIST aims to deliver new approaches and tools for side-channel analysis to constructively support the developmentprocess. These approaches are based on novel tools and methods. By embedding the analysis tools in a sound theoretical mathematical framework, the general level of trust in security and risk analyses can be improved.
- More information: www.resist-projekt.de (only available in German).
In the BMBF supported project EXSET recent penetration methods from academia will be adjusted and improved to be employed in real-world security evaluation processes. Two groups from academia are jointly working with the two major German side-channel evaluation laboratories to bring the latest technology from universities industrial applications. First active attacks are evaluated, which probe the resistance of security sensitive embeded devices against physical perturbation by means of light, voltage manipulations of electromagnetic discharges. In parallel pure passive analysis methods are implemented exploiting the massively-parallel architecture of modern graphicprocessors. These passive methods allow to rate the attackresistance of devices by means of analysing its physical behaviour (e.g., power consumption or electromagnetic radiation). The developed tools are tested and rated in real-world evaluation scenarios and will finally been merged together to a state-of-the-art prototype test bench.
- More information: EXSET Webseite (only available in German).
In SCAAS, automotive suppliers and research facilities cooperate to address passive and active side-channel analysis for security applications in the automotive industry. It is expected that agile and well-organized attackers will use side-channel attacks for manipulations in the automotive sector in near future, which is a serious threat for manufacturers, suppliers and consumers. Because of long production cycles in the automotive sector, an early investigation is essential. The goal of this project is to increase the security and the safety of future automotive products with side-channel resistant cryptographic implementations.
After the threat-analysis of existing automotive applications the constructive main goal is to develop and adapt efficient low-cost countermeasures in software for typical microcontrollers in the automotive sector. The hardened implementations will be tested with penetration tests in terms of passive side-channel analysis, fault injections attacks and a combination of both. It is intended to incorporate the results of this project into future standards like HIS and AUTOSAR, product development, scientific dissemination and education of undergraduate and graduate students.
- More information: SCAAS Webseite
Bitstream Encryption - Breaking the anti-counterfeiting scheme of FPGAs
The bitstream encryption feature of Xillinx FPGAs allows users to protect their designs from being copied, altered or reversed engineered. To achieve this goal, the configuration file that is loaded into the device at powere-up is stored inside the external configuration memory in an encrypted form. The encrypted file will then be read by the FPGA and internally decrypted. The secret decryption key is stored in a special area of the FPGA. To use the bitstream encryption, Xillinx design tools offer features to generate an encrypted bitstream with corresponding keyfile and allow to program them into the FPGA. The secret key used for encryption/decryption can be selected by the user.
We analyzed the security of this protection mechanism and found that it can be circumvented by means of side-channel analysis. This class of methods analyze the power consumption of an electronic device to obtain insights of the internally processed data. In this case we employed a differential power analysis, or DPA, attack to extract the secret key that is used to decrypt the bitstream inside the FPGA during configuration.