Security Analysis of a Widely Deployed Locking System

Weiner, Michael and Massar, Maurice and Tews, Erik and Giese, Dennis and Wieser, Wolfgang

Lehrstuhl für Sicherheit in der Informationstechnik (Prof. Sigl)

Zurück
Zurück zum Anfang der Trefferliste
Dauerhafter Link zum angezeigten Objekt

Titel:: Security Analysis of a Widely Deployed Locking System
Dokumenttyp:: Konferenzbeitrag
Art des Konferenzbeitrags:: Vortrag / Präsentation
Autor(en):: Weiner, Michael and Massar, Maurice and Tews, Erik and Giese, Dennis and Wieser, Wolfgang
Abstract:: Electronic locking systems are rather new products in the physical access control market. In contrast to mechanical locking systems, they provide several convenient features such as more flexible access rights management, the possibility to revoke physical keys and the claim that electronic keys cannot be cloned as easily as their mechanical counterparts. While for some electronic locks, mechanical flaws have been found, only a few publications analyzed the cryptographic security of electronic locking systems. In this talk, the security analysis results of a widely deployed electronic locking system will be presented. For the analysis, our team reverse-engineered the radio protocol and cryptographic primitives used in the system. While we consider the system concepts to be well-designed, we discovered some implementation flaws that allow the extraction of a system-wide master secret with a brute force attack or by performing a Differential Power Analysis attack to any electronic key. In addition, we discovered a weakness in the Random Number Generator that allows opening a door without breaking cryptography under certain circumstances. This talk gives a description of our analysis methods, the results and its implications. Furthermore, possible administrative and technical countermeasures against all discovered attacks are discussed. The talk is concluded by an examination of electronic lock security standards and recommends changes to one widely used standard that can help to improve the security of newly developed products. «
Electronic locking systems are rather new products in the physical access control market. In contrast to mechanical locking systems, they provide several convenient features such as more flexible access rights management, the possibility to revoke physical keys and the claim that electronic keys cannot be cloned as easily as their mechanical counterparts. While for some electronic locks, mechanical flaws have been found, only a few publications analyzed the cryptographic security of electronic l... »
Dewey-Dezimalklassifikation:: 620 Ingenieurwissenschaften
Kongress- / Buchtitel:: ACM CCS 2013
Kongress / Zusatzinformationen:: Berlin, Germany
Jahr:: 2013
Jahr / Monat:: 2013-11
Monat:: Nov
Reviewed:: ja
Sprache:: en
WWW:: http://www.sigsac.org/ccs/CCS2013/%20%20%20http%3A//www.hgi.rub.de/hgi/hgi-seminar/
BibTeX

Vorkommen:

mediaTUM Gesamtbestand Hochschulbibliographie 2013 Fakultäten Elektrotechnik und Informationstechnik Lehrstuhl für Sicherheit in der Informationstechnik (Prof. Sigl)

mediaTUM Gesamtbestand Einrichtungen Schools TUM School of Computation, Information and Technology Departments Computer Engineering Sicherheit in der Informationstechnik (Prof. Sigl)2013