Car RFID Security System Cracked 383
jmichaelg writes "The NY Times reports that the security chip in new auto keys has been cracked. A team at Johns Hopkins have found a method to extract the 30 bit crypto key that tells your car that the physical key in the ignition switch is the correct key. Texas Instruments has sold some 150 million security chips that are stored in the car key. The devices are credited with reducing car thefts of some car models by 90%. Stealing a crypto key requires standing next to the victim and broadcasting a series of challenges to the key and capturing the responses. The team claims an iPod-sized device would suffice to steal the crypto key in under a second. They advise wrapping your keys in foil when you're not using them. TI admits the team has cracked their code but denies there's any problem."
Easy Access (Score:2, Informative)
Tinfoil hats (Score:3, Informative)
Interesting point (Score:5, Informative)
All you'd have to do is put a towing company logo (or something made-up and likely-looking), and who'd say anything?
And take your time getting ready to leave, because the very worst that'll happen is that someone'll come back early and bribe you into leaving.
Well.... (Score:3, Informative)
Re:The logic behind why your car is safe (Score:2, Informative)
For real geeks (Score:2, Informative)
http://www.rfidanalysis.org/DSTbreak.pdf [rfidanalysis.org]
this isn't a big problem... (Score:1, Informative)
And they point out that far more cars are stolen with a flatbed truck.
The only risk is when someone has access to both the chip and the key, like a valet parking service.
Re:Quite so. (Score:5, Informative)
Re:Quite so. (Score:5, Informative)
Here's a pic of the u-channel design: http://image.www.rakuten.co.jp/lock/img1039136153
Re:30 Bit Key? That's like soooo 1990 (Score:5, Informative)
Sounds like bullshit to me. What does happen is that after a certain number of incorrect codes, the ignition/injection ECU will lock out, usually requiring a special tool to reset. Or, in the case of all BMWs made since 1981, a 6" piece of wire to short two pins for a few seconds.
Corrections: (Score:4, Informative)
Secondly, responding to the parent of this post's parent, a neighbor of mine who owned an Integra Type R (that, it just so happens, was exactly like mine) had his car stolen in under two minutes while mall security guards watched. The monkeys smashed the window, opened up the passenger floorboard, snipped the immobilizer lead, shoved a screwdriver into the ignition, and drove off.
The very next morning his car was found, minus its motor and expensive bits, rolled over, several times, into a lake. That he didn't have insurance at the time doesn't make the implementation details of immobilizers more or less important. Improperly implemented, these chips are about as potent as Master locks on chicken-wire fences.
New Prius (Score:3, Informative)
Re:I knew it! (Score:3, Informative)
Pedantic plagiarizing follows.
Why is aluminum foil sometimes called tin foil?
In 1919, the U.S. Foil Company, parent of Reynolds Metals Company was founded in Louisville, Kentucky to produce lead and tin foil. Then in 1926, the company entered the aluminum business, rolling aluminum foil for packaging. Today, Reynolds Wrap is made from 8111 alloy aluminum, at the thickest gauge specifications available in the marketplace. ReynoldsWrap® Aluminum Foil is 98.5% aluminum. The balance is primarily iron and silicon. These are added to give the strength and puncture resistance obtained only in the alloy used in ReynoldsWrap® Aluminum Foil.
Re:The More Appropriate Question... (Score:5, Informative)
The chip is an rfid device which means when it gets close to the reader, the reader sees it. The reader encrypts a string of bits using a crypto key shared by the reader and car key and then broadcasts the encrypted bits. The car key sees the broadcast and decrypts the bits using the same crypto key. It then does something to the bits, i.e, add 5, divide by 8, whatever and then recrypts the result. The encrypted result is broadcast back to the reader which sees the encrypted result. It decrypts the result, and compares it against its version of the result. If they match, then the car starts.
At no time does the key get broadcast. The attacker just pretends to be the reader and sends several encrypted strings and looks at the results coming back and acts on that information. The attack succeeds because the attacker has access to huge processing power whereas the car key is relying on the power it can suck out of the rfid antenna. The disparity in available power drives what's feasible for the key to do in a short amount of time. If the key were substantially longer, the car key would take considerably longer to decrypt and encrypt which means you'd put your key in the ignition and nothing would happen while the car key was thinking. Not something most folks would tolerate. The attacker on the other hand, can take the encrypted bits coming out of the car key, and given enough samples, can just brute force the crypto key.
I'll bet the next level of security will entail the car supplying the car key with enough power so the embedded chip can crank a bigger crypto key.
Re:It's limited by the chip (Score:2, Informative)
AES lends itself fairly well to both ASIC/hardware and software implementations. Because we are talking about cryptographic messages most likely in the sub-kilobit size range, the amount of processing in question is fairly limited.
I remember about at least one company advertising RFID tag microcontrollers. The rest is a simple matter of balancing power and time... and since the RFID microcontroller can start processing before the key is in the ignition switch, a processing delay up to a few seconds should be acceptable, allowing the microcontroller to run its core at most likely less than 100kHz or even less than 10kHz if the chip contains dedicated AES logic - we are taking 8bits microcontrollers here.
The only reason why RFID tags are the only thing we commonly see is because demand for tags far exceeds demand for everything else that could possibly be handled by RFID techniques. If demand for AES-enabled RFID microcontrollers becomes large enough, microcontroller companies will make them.
BTW, the RFID microcontroller summary did mention that an external capacitor was necessary to smooth the power but I do not remember the rest.
As far as size is concerned, keep in mind that typical microcontrollers contain well under a milion transistors so a microcontroller suitable for secure authentication for an ignition system should be well under 10 square milimeters on 180nm process.
AES-128 in a PIC (Score:3, Informative)
Since the PIC is a single-cycle execution unit, clocks correlate directly to real-time once you spec the operating frequency. At 40kHz clock (=10kHz instruction execution frequency) it'll take 527mS to encrypt one 128-bit block of data. Similarly, a 400kHz clock results in a 52.7mS block excrypt time. A maximum of 41-bytes of RAM are required for either encode/decode operations.
The claim that AES requires substantial hardware is bogus. AES is designed to be byte-processing friendly. It's much nicer than dealing with the bit-oriented DES and 3DES standards, especially in an 8-bit microcontroller environment.
Parent is not well informed. Mod down. (Score:3, Informative)
I work in the smart card industry. You can buy smart card chips that do 3DES and 2048 bit RSA for less than a dollar. You can buy a complete contactless card (what idiots here would call RFID) that has a Java operating system, does 3DES in less that 70 milliseconds and does RSA with on card key generation for about $6, and considerably less than that in volume. These chips have specialized hardware to speed and secure the crypto operations, but any 8 bit processor with some storage can do 3DES in a reasonable amount of time.
As for AES, it was designed to be able to be run on smart cards and there are implementations of it.
In short, strong crypto on a keychain is feasible. I have half a dozen keyfobs on my desk right now that do it. The reason for the 30 bit key probably has more to do with export regulations involving the US and Japan than any technological problem.
Re:Corrections: (Score:2, Informative)