Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Editor's Blog and Industry Comments

Academic security research facility decrypts RFID access control devices.

28 April, 2008
In a blow to remote access control technology, researchers at Ruhr University have cracked KeeLoq based ciphers enabling them to duplicate or disable RFID keys.
Vehicle and building security systems deploying the KeeLoq standard that has been available since the mid 90's have suffered a setback after researchers have successfully hacked the encryption of such devices enabling duplicate access control keys to be made or existing keys disabled.

Ruhr University Bochum in Germany is home to the Communication Security Group headed by Professor Christof Paar and conduct research into the vulnerability of secure communications including the increasingly popular technology of RFID systems. After performing extensive research into remote locking systems utilising the ten year old KeeLoq standard, they've managed to uncover a vulnerability enabling the encryption system to be hacked from a distance of up to 100 meters meaning that snoopers or eavesdroppers can pick up the encryption keys, duplicate the system and gain access to the building or vehicle without the owners being aware that a security breach has occurred.

Taking the hack out of the lab, the researchers have also confirmed the vulnerability by performing a number of successful hacks on real systems. Its currently unknown what measures will be taken to close the vulnerability.

Currently, such KeeLoq systems consist of a transponder in the key and a receiver in the lock and two uses of the key are enough for the remote eavesdroppers to recover the cryptographic key. They do this by measuring the receiver's power consumption with side-channel analysis. Knowing the properties of the KeeLoq algorithm is then enough to be able to decode the encryption.
Bookmark and Share