Slashdot Mirror
Breaking a Car's Cipher
An anonymous reader alerts us to research out of Belgium and Israel that claims a practical attack on the KeeLoq auto anti-theft cipher. Here are slides from a talk (PDF) at CRYPTO 2007. From the researchers' site: "KeeLoq is a cipher used in several car anti-theft mechanisms distributed by Microchip Technology Inc. It may protect your car if you own a Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota, Volvo, Volkswagen, or a Jaguar. The cipher is included in the remote control device that opens and locks your car and that controls the anti-theft mechanisms. The 64-bit key block cipher was widely believed to be secure. In a recent research, a method to identify the key in less than a day was found. The attack requires access for about 1 hour to the remote control (for example, while it is stored in your pocket). The attacker than runs the implemented software, finds the secret cryptographic key, and drives away in your car after copying the key." Update: 07/23 15:27 GMT by KD : One of the researchers, Sebastiaan Indesteege, pointed out that the link to the paper was incorrect; their paper has not yet been released to the public. I also managed to mis attribute his nationality. He is Belgian, not Dutch. My apologies.
If a car thief has access to your keys for an hour, aren't you going to lose your car anyway?
Rob
This is why there is a need for more than one security level. If one anti-theft device fails, there should be a backup - whether it's a simple thing such as "The Club" or a retrieval mechanism like LoJack.
It's amazing that people will invest so much money in a car and won't take any additional steps to protect that investment.
The new keys are not like fobs that you have to push a button on ... they are transponders. The car pings them as you get close, and they respond with a code that unlocks the car. Basically, the car is pushing the transmit button.
-- Mitch
I just purchased a new car that doesn't have a mechanical ignition system. There's an place to attach the key (doesn't have metal teeth or anything), and a big "Start/Stop" button. The steering wheel lock is also electronic, and is controlled by the electronic signal from the key. I have no idea if my car uses KeyLoq--- I sure hope not.
Mechanical locks are on their way out, largely because they're ineffective against even moderately sophisticated criminals. That's the whole reason Immobilizer systems were rolled out in the first place. This attack effectively stips the immobilizer out of the car and rolls the security back to pre-Immobilizer levels. You only need to look at theft rates among models with and without immobilizers to see what impact that has.
Finally, for those who say that 1-hr access to the key is unreasonable: remember that the attack here is _key copying_, not theft. The immobilizer systems are designed to prevent copying, so that your valet or repair person can't make a copy of your key and steal it later. This attack takes a lot longer than other attacks which are out there (example), but it's still not out of the question.
The basic lesson of all these attacks is that manufacturers need to use strong cryptography rather than custom, homebrewed ciphers. Hopefully with fabrication prices dropping, this will be the last generation of truly ridiculous authentication systems.
If the manufacturers ACTUALLY gave a crap about security they could easily enough make the system secure. Instead they're more interested in patentable special sauce and NIH.
The thing is, cryptography is at the same time very easy or very hard. It's very easy to utilize one of several freely available strong systems in order to be secure. It's very easy to invent a system from scratch that YOU don't know how to crack. It's very hard to invent your own system that nobody else will know how to crack. It's very easy to introduce a serious flaw when re-implementing someone elses crypto. If you haven't devoted your professional career to cryptography, the best bet is to utilize someone elses.
For example, Blowfish is completely free of encumberance and has several fully public domain implementations available in C. RSA is (now) equally free. It is well understood, has years of successful use behind it and years of analysis demonstrating that it would cost WAY more to crack the key than any car is worth (not to mention that it would take longer than the typical lifetime of a car). There are plenty of years old CPUs out there that have more than enough "oomph" to handle RSA and are well suited to embedded use. They might cost a dollar more, but this sort of system is not used in "bargain basement" cars.
They spend the extra cash on fine leather seats and steering wheel covers but use Yugo quality locks to protect it?
Because when my wife used her key to start the car, it wouldn't work...
Check out our infosecurity industry blog: http://securitymusings.com/
They are stealing high MPG cars with more and more frequency. Sure, they aren't 'pretty' but they are being stolen.
And another reason your argument is stupid: Just because I have money to buy nice things, dosen't mean I should have them stolen. Nor should I expect it.
You own a house. Lots of people don't own a house. You should be robbed/broken into just because you have a house?