Feeds

Crypto boffins break car cypher

Gone in 24 hours

The next step in data security

Cryptographic researchers have identified a practical attack against the KeeLoq car anti-theft cypher. KeeLoq serves as the cryptographic underpinning of several car anti-theft mechanisms distributed by Microchip Technology.

The technology is used in a wide variety of car remote controls from manufacturers including Chrysler, Daewoo, Fiat, General Motors, Honda, Jaguar, Toyota, Volvo, and Volkswagen.

Each device has a unique key that has up to 18 billion billion combinations, though in practice a much lower key space is used. Nonetheless, the hardware-dedicated block cypher used in KeeLoq was thought to be secure.

But a team of security researchers from Belgium and Israel has developed a technique to identify the key in less than a day. The technique requires close proximity to an intended mark's key for about an hour, during which time the key is "probed". Data from this operation is then analysed for clues that allow the researchers to identify the unique key associated with a device.

Thereafter, a counterfeit remote control might be built. "Once we have found the key, we can deactivate the alarm and drive away with your car," the researchers claim.

It's probably wiser to worry about the likes of Chris the Crafty Cockney rather than carjacking cryptographers, of course. It's far easier to capture the code used by a target when he opens his car and then replay it, rather than getting into all this complicated code breaking stuff.

Nonetheless, the research underlines a previously unidentified avenue of attack against widely-used car anti-theft mechanisms, as well as showing that KeeLoq isn't as secure as people previously thought.

The research was the work of three groups from the computer science department of Technion in Israel, the research group COSIC of the Katholieke Universiteit of Leuven in Belgium, and the maths department of the Hebrew University in Israel. A talk on the research (pdf slides here) was presented at the recent Crypto 2007 conference. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SCREW YOU, Russia! NASA lobs $6.8bn at Boeing AND SpaceX to run space station taxis
Musk charging nearly half as much as Boeing for crew trips
Boffins say they've got Lithium batteries the wrong way around
Surprises at the nano-scale mean our ideas about how they charge could be all wrong
Thought that last dinosaur was BIG? This one's bloody ENORMOUS
Weighed several adult elephants, contend boffins
Edge Research Lab to tackle chilly LOHAN's final test flight
Our US allies to probe potential Vulture 2 servo freeze
Europe prepares to INVADE comet: Rosetta landing site chosen
No word yet on whether backup site is labelled 'K'
India's MOM Mars mission makes final course correction
Mangalyaan probe will feel the burn of orbital insertion on September 24th
Cracked it - Vulture 2 power podule fires servos for 4 HOURS
Pixhawk avionics juice issue sorted, onwards to Spaceport America
City hidden beneath England's Stonehenge had HUMAN ABATTOIR. And a pub
Boozed-up ancients drank beer before tearing corpses apart
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.