International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Physical Cryptanalysis of KeeLoq Code Hopping Applications

Authors:
Thomas Eisenbarth
Timo Kasper
Amir Moradi
Christof Paar
Mahmoud Salmasizadeh
Mohammad T. Manzuri Shalmani
Download:
URL: http://eprint.iacr.org/2008/058
Search ePrint
Search Google
Abstract: KeeLoq remote keyless entry systems are widely used for access control purposes such as garage door openers for car anti-theft systems. We present the first successful differential power analysis attacks on numerous commercially available products employing KeeLoq code hopping. Our new techniques combine side-channel cryptanalysis with specific properties of the KeeLoq algorithm. They allow for efficiently revealing both the secret key of a remote transmitter and the manufacturer key stored in a receiver. As a result, a remote control can be cloned from only ten power traces, allowing for a practical key recovery in few minutes. Once knowing the manufacturer key, we demonstrate how to disclose the secret key of a remote control and replicate it from a distance, just by eavesdropping at most two messages. This key-cloning without physical access to the device has serious real-world security implications. Finally, we mount a denial-of-service attack on a KeeLoq access control system. All the proposed attacks have been verified on several commercial KeeLoq products.
BibTeX
@misc{eprint-2008-17735,
  title={Physical Cryptanalysis of KeeLoq Code Hopping Applications},
  booktitle={IACR Eprint archive},
  keywords={secret-key cryptography / KeeLoq, side-channel attack, code hopping protocol},
  url={http://eprint.iacr.org/2008/058},
  note={ moradi@crypto.rub.de 13938 received 2 Feb 2008, last revised 29 Feb 2008},
  author={Thomas Eisenbarth and Timo Kasper and Amir Moradi and Christof Paar and Mahmoud Salmasizadeh and Mohammad T. Manzuri Shalmani},
  year=2008
}