Feeds

Crypto boffins break car cypher

Gone in 24 hours

Secure remote control for conventional and virtual desktops

Cryptographic researchers have identified a practical attack against the KeeLoq car anti-theft cypher. KeeLoq serves as the cryptographic underpinning of several car anti-theft mechanisms distributed by Microchip Technology.

The technology is used in a wide variety of car remote controls from manufacturers including Chrysler, Daewoo, Fiat, General Motors, Honda, Jaguar, Toyota, Volvo, and Volkswagen.

Each device has a unique key that has up to 18 billion billion combinations, though in practice a much lower key space is used. Nonetheless, the hardware-dedicated block cypher used in KeeLoq was thought to be secure.

But a team of security researchers from Belgium and Israel has developed a technique to identify the key in less than a day. The technique requires close proximity to an intended mark's key for about an hour, during which time the key is "probed". Data from this operation is then analysed for clues that allow the researchers to identify the unique key associated with a device.

Thereafter, a counterfeit remote control might be built. "Once we have found the key, we can deactivate the alarm and drive away with your car," the researchers claim.

It's probably wiser to worry about the likes of Chris the Crafty Cockney rather than carjacking cryptographers, of course. It's far easier to capture the code used by a target when he opens his car and then replay it, rather than getting into all this complicated code breaking stuff.

Nonetheless, the research underlines a previously unidentified avenue of attack against widely-used car anti-theft mechanisms, as well as showing that KeeLoq isn't as secure as people previously thought.

The research was the work of three groups from the computer science department of Technion in Israel, the research group COSIC of the Katholieke Universiteit of Leuven in Belgium, and the maths department of the Hebrew University in Israel. A talk on the research (pdf slides here) was presented at the recent Crypto 2007 conference. ®

Next gen security for virtualised datacentres

More from The Register

next story
Boffins attempt to prove the UNIVERSE IS JUST A HOLOGRAM
Is this the real life? Is this just fantasy?
Our LOHAN spaceplane ballocket Kickstarter climbs through £8000
Through 25 per cent but more is needed: Get your UNIQUE rewards!
NASA to reformat Opportunity rover's memory from 125 million miles away
Interplanetary admins will back up data and get to work
LOHAN tunes into ultra long range radio
And verily, Vultures shall speak status unto distant receivers
SpaceX prototype rocket EXPLODES over Texas. 'Tricky' biz, says Elon Musk
No injuries or near injuries. Flight stayed in designated area
Galileo, Galileo! Galileo, Galileo! Galileo fit to go. Magnifico
I'm just a poor boy, nobody loves me. But at least I can find my way with ESA GPS by 2017
EOS, Lockheed to track space junk from Oz
WA facility gets laser-eyes out of the fog
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?