Paper 2008/058
Physical Cryptanalysis of KeeLoq Code Hopping Applications
Thomas Eisenbarth, Timo Kasper, Amir Moradi, Christof Paar, Mahmoud Salmasizadeh, and Mohammad T. Manzuri Shalmani
Abstract
KeeLoq remote keyless entry systems are widely used for access control purposes such as garage door openers for car anti-theft systems. We present the first successful differential power analysis attacks on numerous commercially available products employing KeeLoq code hopping. Our new techniques combine side-channel cryptanalysis with specific properties of the KeeLoq algorithm. They allow for efficiently revealing both the secret key of a remote transmitter and the manufacturer key stored in a receiver. As a result, a remote control can be cloned from only ten power traces, allowing for a practical key recovery in few minutes. Once knowing the manufacturer key, we demonstrate how to disclose the secret key of a remote control and replicate it from a distance, just by eavesdropping at most two messages. This key-cloning without physical access to the device has serious real-world security implications. Finally, we mount a denial-of-service attack on a KeeLoq access control system. All the proposed attacks have been verified on several commercial KeeLoq products.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- KeeLoqside-channel attackcode hopping protocol
- Contact author(s)
- moradi @ crypto rub de
- History
- 2008-02-29: revised
- 2008-02-03: received
- See all versions
- Short URL
- https://ia.cr/2008/058
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2008/058, author = {Thomas Eisenbarth and Timo Kasper and Amir Moradi and Christof Paar and Mahmoud Salmasizadeh and Mohammad T. Manzuri Shalmani}, title = {Physical Cryptanalysis of {KeeLoq} Code Hopping Applications}, howpublished = {Cryptology {ePrint} Archive, Paper 2008/058}, year = {2008}, url = {https://eprint.iacr.org/2008/058} }