Feeds

Crypto boffins break car cypher

Gone in 24 hours

The smart choice: opportunity from uncertainty

Cryptographic researchers have identified a practical attack against the KeeLoq car anti-theft cypher. KeeLoq serves as the cryptographic underpinning of several car anti-theft mechanisms distributed by Microchip Technology.

The technology is used in a wide variety of car remote controls from manufacturers including Chrysler, Daewoo, Fiat, General Motors, Honda, Jaguar, Toyota, Volvo, and Volkswagen.

Each device has a unique key that has up to 18 billion billion combinations, though in practice a much lower key space is used. Nonetheless, the hardware-dedicated block cypher used in KeeLoq was thought to be secure.

But a team of security researchers from Belgium and Israel has developed a technique to identify the key in less than a day. The technique requires close proximity to an intended mark's key for about an hour, during which time the key is "probed". Data from this operation is then analysed for clues that allow the researchers to identify the unique key associated with a device.

Thereafter, a counterfeit remote control might be built. "Once we have found the key, we can deactivate the alarm and drive away with your car," the researchers claim.

It's probably wiser to worry about the likes of Chris the Crafty Cockney rather than carjacking cryptographers, of course. It's far easier to capture the code used by a target when he opens his car and then replay it, rather than getting into all this complicated code breaking stuff.

Nonetheless, the research underlines a previously unidentified avenue of attack against widely-used car anti-theft mechanisms, as well as showing that KeeLoq isn't as secure as people previously thought.

The research was the work of three groups from the computer science department of Technion in Israel, the research group COSIC of the Katholieke Universiteit of Leuven in Belgium, and the maths department of the Hebrew University in Israel. A talk on the research (pdf slides here) was presented at the recent Crypto 2007 conference. ®

Eight steps to building an HP BladeSystem

More from The Register

next story
Malaysian Airlines flight MH17 claimed lives of HIV/AIDS cure scientists
Researchers, advocates, health workers among those on shot-down plane
Forty-five years ago: FOOTPRINTS FOUND ON MOON
NASA won't be back any time soon, sadly
Mwa-ha-ha-ha! Eccentric billionaire Musk gets his PRIVATE SPACEPORT
In the Lone Star State, perhaps appropriately enough
MARS NEEDS OCEANS to support life - and so do exoplanets
Just being in the Goldilocks zone doesn't mean there'll be anyone to eat the porridge
The Sun took a day off last week and made NO sunspots
Someone needs to get that lazy star cooking again before things get cold around here
Diary note: Pluto's close-up is a year from … now!
New Horizons is less than a year from the dwarf planet
Boffins discuss AI space program at hush-hush IARPA confab
IBM, MIT, plenty of others invited to fill Uncle Sam's spy toolchest, but where's Google?
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.