Cryptology ePrint Archive: Report 2013/598
Fuming Acid and Cryptanalysis: Handy Tools for Overcoming a Digital Locking and Access Control System - Full Version
Daehyun Strobel and Benedikt Driessen and Timo Kasper and Gregor Leander and David Oswald and Falk Schellenberg and Christof Paar
Abstract: We examine the widespread SimonsVoss digital locking system
3060 G2 that relies on an undisclosed, proprietary protocol to mutually authenticate transponders and locks. For assessing the security of the system, several tasks have to be performed: By decapsulating the used microcontrollers with acid and circumventing their read-out protection with UV-C light, the complete program code and data contained in door lock and transponder are extracted. As a second major step, the multi-pass challenge-response protocol and corresponding cryptographic primitives are recovered via low-level reverse-engineering. The primitives turn out to be based on DES in combination with a proprietary construction.
Our analysis pinpoints various security vulnerabilities that enable practical key-recovery attacks. We present two different approaches for unauthorizedly gaining access to installations. Firstly, an attacker having physical access to a door lock can extract a master key, allowing to mimic transponders, in altogether 30 minutes. A second, purely logical attack exploits an implementation flaw in the protocol and works solely via the wireless interface. As the only prerequisite, a valid ID of a transponder needs to be known (or guessed). After executing a few (partial) protocol runs in the vicinity of a door lock, and some seconds of computation, an adversary obtains all of the transponderís access rights.
Category / Keywords: secret-key cryptography / Access control, electronic lock, reverse-engineering, realworld attack, hardware attack, cryptanalysis, wireless door openers
Original Publication (with major differences): IACR-CRYPTO-2013
Date: received 16 Sep 2013
Contact author: daehyun strobel at rub de
Available format(s): PDF | BibTeX Citation
Version: 20130919:123518 (All versions of this report)
Short URL: ia.cr/2013/598
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]