Security analysis of a widely deployed locking system

Michael Weiner, Maurice Massar, Erik Tews, Dennis Giese, Wolfgang Wieser

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

5 Citations (Scopus)
1 Downloads (Pure)

Abstract

Electronic locking systems are rather new products in the physical access control market. In contrast to mechanical locking systems, they provide several convenient features such as more flexible access rights management, the possibility to revoke physical keys and the claim that electronic keys cannot be cloned as easily as their mechanical counterparts. While for some electronic locks, mechanical flaws have been found, only a few publications analyzed the cryptographic security of electronic locking systems. In this paper, we analyzed the electronic security of an electronic locking system which is still widely deployed in the field.

We reverse-engineered the radio protocol and cryptographic primitives used in the system. While we consider the system concepts to be well-designed, we discovered some implementation flaws that allow the extraction of a system-wide master secret with a brute force attack or by performing a Differential Power Analysis attack to any electronic key. In addition, we discovered a weakness in the Random Number Generator that allows opening a door without breaking cryptography under certain circumstances. We suggest administrative and technical countermeasures against all proposed attacks.

Finally, we give an examination of electronic lock security standards and recommend changes to one widely used standard that can help to improve the security of newly developed products.
Original languageEnglish
Title of host publication2013 ACM SIGSAC Conference on Computer and Communications Security, CCS'13, Berlin, Germany, November 4-8, 2013
EditorsAhmad-Reza Sadeghi, Virgil D. Gligor, Moti Yung
PublisherAssociation for Computing Machinery
Pages929-940
Number of pages12
ISBN (Print)978-1-4503-2477-9
DOIs
Publication statusPublished - 2013
Externally publishedYes
Event20th ACM Conference on Computer and Communications Security, CCS 2013 - Berlin, Germany
Duration: 4 Nov 20138 Nov 2013
Conference number: 20
https://www.sigsac.org/ccs/CCS2013/index.html

Conference

Conference20th ACM Conference on Computer and Communications Security, CCS 2013
Abbreviated titleCCS
Country/TerritoryGermany
CityBerlin
Period4/11/138/11/13
Internet address

Fingerprint

Dive into the research topics of 'Security analysis of a widely deployed locking system'. Together they form a unique fingerprint.

Cite this