research-article

Security analysis of a widely deployed locking system

Authors:

Michael Weiner,

Maurice Massar,

Wolfgang WieserAuthors Info & Claims

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Pages 929 - 940

https://doi.org/10.1145/2508859.2516733

Published: 04 November 2013 Publication History

Abstract

Electronic locking systems are rather new products in the physical access control market. In contrast to mechanical locking systems, they provide several convenient features such as more flexible access rights management, the possibility to revoke physical keys and the claim that electronic keys cannot be cloned as easily as their mechanical counterparts. While for some electronic locks, mechanical flaws have been found, only a few publications analyzed the cryptographic security of electronic locking systems. In this paper, we analyzed the electronic security of an electronic locking system which is still widely deployed in the field.

We reverse-engineered the radio protocol and cryptographic primitives used in the system. While we consider the system concepts to be well-designed, we discovered some implementation flaws that allow the extraction of a system-wide master secret with a brute force attack or by performing a Differential Power Analysis attack to any electronic key. In addition, we discovered a weakness in the Random Number Generator that allows opening a door without breaking cryptography under certain circumstances. We suggest administrative and technical countermeasures against all proposed attacks.

Finally, we give an examination of electronic lock security standards and recommend changes to one widely used standard that can help to improve the security of newly developed products.

References

[1]

M. W. Tobias, M. Fiddler, and T. Bluzmanis, "Invisible Access - Opening New Doors to Insecurity," DEFCON 17, 2009, http://defcon.org/images/defcon-17/dc-17-presentations/defcon-17-marc webertobias-matt fiddler-invisible access.pdf, accessed on 26.07.2013.

[2]

M. Kasper, T. Kasper, A. Moradi, and C. Paar, "Breaking keeloq in a flash: On extracting keys at lightning speed," in Progress in Cryptology -- AFRICACRYPT 2009, ser. Lecture Notes in Computer Science, B. Preneel, Ed. Springer Berlin Heidelberg, 2009, vol. 5580, pp. 403{420. {Online}. Available: http://dx.doi.org/10.1007/978--3--642-02384--2 25

Digital Library

[3]

D. Strobel, B. Driessen, T. Kasper, G. Leander, D. Oswald, F. Schellenberg, and C. Paar, "Fuming acid and cryptanalysis: Handy tools for overcoming a digital locking and access control system," in Advances in Cryptology -- CRYPTO 2013, ser. Lecture Notes in Computer Science, R. Canetti and J. Garay, Eds. Springer Berlin Heidelberg, 2013, vol. 8042, pp. 147--164. {Online}. Available: http://dx.doi.org/10.1007/978--3--642--40041--4 9

[4]

P. Kocher, J. Jaffe, and B. Jun, "Differential power analysis," in Advances in Cryptology | CRYPTO' 99, ser. Lecture Notes in Computer Science, M. Wiener, Ed. Springer Berlin Heidelberg, 1999, vol. 1666, pp. 388--397. {Online}. Available: http://dx.doi.org/10.1007/3--540--48405--1 25

Digital Library

[5]

S. Spitz, M. Pramateftakis, and J. Swoboda, Kryptographie und IT-Sicherheit. Wiesbaden, Germany: Vieweg + Teubner Verlag -- Springer Fachmedien, 2011.

[6]

J. Weyers, "Showing your keys on TV: What could possibly go wrong?" 2013, https://program.ohm2013.org/event/49.html, accessed on 16.08.2013.

[7]

A. Kerckhos, "La cryptographie militaire," Journal des sciences militaires, 1883.

[8]

F. Garcia, G. Koning Gans, R. Muijrers, P. Rossum, R. Verdult, R. Schreur, and B. Jacobs, "Dismantling mifare classic," in Computer Security - ESORICS 2008, ser. Lecture Notes in Computer Science, S. Jajodia and J. Lopez, Eds. Springer Berlin Heidelberg, 2008, vol. 5283, pp. 97--114. {Online}. Available: http://dx.doi.org/10.1007/978--3--540--88313--5 7

Digital Library

[9]

H. Plotz and K. Nohl,"Peeling away layers of an rfid security system," in Financial Cryptography and Data Security, ser. Lecture Notes in Computer Science, G. Danezis, Ed. Springer Berlin Heidelberg, 2012, vol. 7035, pp. 205{219. {Online}. Available: http://dx.doi.org/10.1007/978--3--642--27576-0 17

Digital Library

[10]

"SimonsVoss Technologies AG: Historie, http://www.simons-voss.de/Historie.32.0.html, accessed on 24.07.2013.

[11]

"SECURITY 2006 Messe News," 2006, http://web.archive.org/web/20061211054124/ http:/www.simons-voss.de/fileadmin/media/home/Internet Flyer deutsch.pdf, accessed on 26.08.2013.

[12]

"Handbuch LSM - Benutzer," Tech. Rep., Jul 2010, http://www.simons-voss.de/fileadmin/php/fileadmin/downloads/ger/lsm/HB LSM 30 Benutzer V1.0 D. pdf, accessed on 26.07.2013.

[13]

N. F. PUB, "46--3. data encryption standard," Federal Information Processing Standards, National Bureau of Standards, US Department of Commerce, 1977.

[14]

bunnie, "Hacking the PIC 18F1320," 2007, http://www.bunniestudios.com/blog/~page id=40,accessed on 26.07.2013.

[15]

"Unmarked Die Revisions :: Part I," 2007, http://www.flylogic.net/blog/~p=9, accessed on 26.07.2013.

[16]

"CloudCracker - Dictionaries, https://www.cloudcracker.com/dictionaries.html, accessed on 13.08.2013.

[17]

K. Gandol, C. Mourtel, and F. Olivier, "Electromagnetic analysis: Concrete results," in Cryptographic Hardware and Embedded Systems | CHES 2001, ser. Lecture Notes in Computer Science, Koc, CetinK. and Naccache, David and Paar, Christof, Ed. Springer Berlin Heidelberg, 2001, vol. 2162, pp. 251--261. {Online}. Available: http://dx.doi.org/10.1007/3--540--44709--1 21

Digital Library

[18]

J. H. Stewart, "Future testing of large LSI circuit cards," in Semiconductor Test Symposium. IEEE, 1977, pp. 6--15.

[19]

E. Brier, C. Clavier, and F. Olivier, "Correlation power analysis with a leakage model," in Cryptographic Hardware and Embedded Systems - CHES 2004, ser. Lecture Notes in Computer Science, M. Joye and J.-J. Quisquater, Eds. Springer Berlin Heidelberg, 2004, vol. 3156, pp. 16--29. {Online}. Available: http://dx.doi.org/10.1007/978--3--540--28632--5 2

[20]

Matthew Kwan, "Bitslice DES," http://www.darkside.com.au/bitslice/, accessed on 12.08.2013.

[21]

S. Mangard, E. Oswald, and T. Popp, Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security). Secaucus, NJ, USA: Springer-Verlag New York, Inc., 2007.

Digital Library

[22]

"PIC16C5X Data Sheet,"Microchip Technology Inc., Tech. Rep., 2002, http://ww1.microchip.com/downloads/en/devicedoc/30453d.pdf, accsessed on 26.07.2013.

[23]

"PIC16C5X Data Sheet,"Microchip Technology Inc., Tech. Rep., 2002, http://ww1.microchip.com/downloads/en/devicedoc/30453d.pdf, accessed on 12.08.2013.

[24]

I. Kizhvatov, "Side channel analysis of avr xmega crypto engine," in Proceedings of the 4th Workshop on Embedded Systems Security, ser. WESS '09. New York, NY, USA: ACM, 2009, pp. 8:1--8:7. {Online}. Available: http://doi.acm.org/10.1145/1631716.1631724

Digital Library

[25]

"VdS-Richtlinien fur mechanische Sicherungseinrichtungen - Schliezylinder mit Einzelsperrschlieung," VdS, Tech. Rep., 2012.

[26]

"VdS-Richtlinien fur mechanische Sicherungseinrichtungen - Schliezylinder mit Einzelsperrschlieung - Teil 2: Elektronische Schliezylinder," VdS, Tech. Rep., 2012.

[27]

"BSI TR-03126--5, Technische Richtlinie fur den sicheren RFID-Einsatz (TR RFID), Einsatzgebietelektronischer Mitarbeiterausweis," Bundesamt fur Sicherheit in der Informationstechnik, Tech. Rep., 2010.

[28]

"BSI TL-03405, Anforderungen und Prufbedingungen fur elektronische Schliezylinder und Schliesysteme,"Bundesamt fur Sicherheit in der Informationstechnik, Tech. Rep., 2010.

[29]

"BSI TL-03424, Erganzung zu BSI TL elektronische Schliesysteme, Zutrittskontrollanlagen; Anforderungen fur elektronische Schlussel," Bundesamt fur Sicherheit in der Informationstechnik, Tech. Rep., 2011.

[30]

"Common Criteria for Information Technology Security Evaluation, Part 3: Security assurance components," Tech. Rep., 2012, https://www.niap-ccevs.org/Documents and Guidance/cc docs.cfm, accessed on 25.08.2013.

Cited By

Bullee JMontoya LJunger MHartel P(2018)Physical location of smart key activators – a building security penetration testJournal of Corporate Real Estate10.1108/JCRE-05-2017-001420:2(138-151)Online publication date: 14-May-2018
https://doi.org/10.1108/JCRE-05-2017-0014
Ha YJang SKim KYoon J(2017)Side channel attack on digital door lock with vibration signal analysis: Longer password does not guarantee higher security level2017 IEEE International Conference on Multisensor Fusion and Integration for Intelligent Systems (MFI)10.1109/MFI.2017.8170414(103-110)Online publication date: Nov-2017
https://doi.org/10.1109/MFI.2017.8170414
Pehl MSeuschek H(2014)Herausforderungen der ganzheitlichen Absicherung eingebetteter SystemeDatenschutz und Datensicherheit - DuD10.1007/s11623-014-0300-938:11(757-761)Online publication date: 6-Nov-2014
https://doi.org/10.1007/s11623-014-0300-9

Index Terms

Security analysis of a widely deployed locking system
1. Networks
  1. Network types
    1. Mobile networks
    2. Wireless access networks
2. Security and privacy
  1. Network security

Recommendations

One-Sided Countermeasures for Side-Channel Attacks Can Backfire
WiSec '18: Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks

Side-channel attacks are currently one of the most powerful attacks against implementations of cryptographic algorithms. They exploit the correlation between the physical measurements (power consumption, electromagnetic emissions, timing) taken at ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
Abstract
Side-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
Power analysis by exploiting chosen message and internal collisions – vulnerability of checking mechanism for RSA-Decryption
Mycrypt'05: Proceedings of the 1st international conference on Progress in Cryptology in Malaysia

In this paper, we will point out a new side-channel vulnerability of cryptosystems implementation based on BRIP or square-multiply-always algorithm by exploiting specially chosen input message of order two. A recently published countermeasure, BRIP, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

November 2013

1530 pages

ISBN:9781450324779

DOI:10.1145/2508859

General Chair:
Ahmad-Reza Sadeghi
TU Darmstadt, CASED, Intel ICRI-SC, Germany
,
Program Chairs:
Virgil Gligor
Carnegie Mellon University, USA
,
Moti Yung
Columbia University, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'13

Sponsor:

SIGSAC

CCS'13: 2013 ACM SIGSAC Conference on Computer and Communications Security

November 4 - 8, 2013

Berlin, Germany

Acceptance Rates

CCS '13 Paper Acceptance Rate 105 of 530 submissions, 20%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
794
Total Downloads

Downloads (Last 12 months)32
Downloads (Last 6 weeks)1

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Bullee JMontoya LJunger MHartel P(2018)Physical location of smart key activators – a building security penetration testJournal of Corporate Real Estate10.1108/JCRE-05-2017-001420:2(138-151)Online publication date: 14-May-2018
https://doi.org/10.1108/JCRE-05-2017-0014
Ha YJang SKim KYoon J(2017)Side channel attack on digital door lock with vibration signal analysis: Longer password does not guarantee higher security level2017 IEEE International Conference on Multisensor Fusion and Integration for Intelligent Systems (MFI)10.1109/MFI.2017.8170414(103-110)Online publication date: Nov-2017
https://doi.org/10.1109/MFI.2017.8170414
Pehl MSeuschek H(2014)Herausforderungen der ganzheitlichen Absicherung eingebetteter SystemeDatenschutz und Datensicherheit - DuD10.1007/s11623-014-0300-938:11(757-761)Online publication date: 6-Nov-2014
https://doi.org/10.1007/s11623-014-0300-9

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten