KeeLoq - Physical Cryptoanalysis A complete break of an access control system

The KeeLoq encryption algorithm is widely used for security relevant applications, e.g., in the form of passive Radio Frequency Identification (RFID) transponders for car immobilizers and in various access control and Remote Keyless Entry (RKE) systems, e.g., for opening car doors and garage doors.

We present the first successful DPA (Differential Power Analysis) attacks on numerous commercially available products employing KeeLoq.

We further propose a new eavesdropping attack for which monitoring of two ciphertexts, sent from a remote control employing KeeLoq code hopping (car key, garage door opener, etc.), is sufficient to recover the device key of the remote control. Hence, using the methods described by us, an attacker can clone a remote control from a distance and gain access to a target that is protected by the claimed to be "highly secure" KeeLoq algorithm.

ECRYPT

We are engaged in ECRYPT, the European Network of Excellence for Cryptology. ECRYPT is a network funded by the European Commission under contract number IST-2002-507932. Its objective is to intensify the collaboration of European researchers in information security, and more in particular in cryptology and digital watermarking. HGI Bochum and DTU Copenhagen are the leaders of the Secure and efficient implementations virtual lab (VAMPIRE).
We maintain the

UbiSec&Sens

The project "Ubiquitous Sensing and Security in the European Homeland" (UbiSec&Sens) deals among other things with wireless sensore networks. Eight partners of industry, universities and research facilities from all over Europe are involved in this project. By the European Commission it is founded as Target Research Project under the 6th Framework program.

More information: www.ist-ubisecsens.org.