Difference between revisions of "KeeloQ"
| Line 11: | Line 11: | ||
=== KeeloQ === | === KeeloQ === | ||
KeeloQ is used for access authorization in electronic | KeeloQ is used for access authorization in electronic access systems, distributed by Micochip Technology Inc.. The system consists of a sender e.g. car remote key and a reciever e.g. car. In order to get access with a remote key, the reciever must learn about the remote key. For the regostration the remote key has a serial number and a secret key and the reciever has an secret manufacturer key. The registration process can be described as followed: | ||
1) The sender send his serial number in plaintext to the reciever | |||
2) The reciever has a secret manufacturer key. This key is used for the decryption of the serialnumber. | |||
3) The solution to this decryption is the secret key of the sender. From this point the sender key is used to encrypt and decrypt the messages. | |||
To communicate blocks of 32bit are encrypted. One block contain a code for an action. This codes are always the same, therefore the encrypted messages would be always the same. To prevent this behavior the hopping code algorithm is used. | |||
The hopping code adds a counter to the encrypted messages. When the reciever decrypts the message the counter is read. If the recieved counter is a number within a range of 16 values difference from the last recieved counter the action is executed. | |||
To ensure that the recieved message is from the same remote key and not just a resent message from someone else the friend or foe algorithm is used. This is algorithm is an challange response algorithm. To verify the remote key the reciver sends a message in plaintext to the sender. The sender encrypts the message and send it back. If the reciever can decrypt the message correctly the remote key is verifyed. | |||
KeeloQ is an blockcipher that uses 64 bit keys on 32bit plaintext blocks. To encrypt the messages KeeloQ uses a 64bit long secret key on a 32bit long plaintext message. The encryption process takes 5bits from the plaintext register and uses them to calculate one bit with a non linear function. To get one bit from the encrypted message the solution form the non linear function is XORed with one bit from the key and two bot from the plaintext register. After that the plaintext register and the key register are shifted to the right. This process is repeated 527 times to get one block of an encrypted message. To decrypt a message a similar routine is used. | |||
=== Security Threats === | |||
==== Side channel ==== | |||
In this attack a side channel is used to get the secret sender key. This side channel is the hardware. Therfore the current consumption is messured and analysed or the electromagnetic field of the semicondutor chip. | |||
==== Slide attack ==== | |||
This attack uses the weakness of the blockcipher that it needs 528 cycles to de- or encrypt a message. With enough slide pairs (plaintext and matching encryptedt text) the steps to get the encrpted message can be traced back to get the sender secret key. | |||
==== Algebraic attack ==== | |||
In this approch the attacker tries to solve multivariate equivalations. This equivalations must be solved for every encryption step. | |||
== References == | == References == | ||
Revision as of 14:55, 12 January 2020
Summary
This article provides an overview of KeeloQ and three popular attacks.
Requirements
- Basic knwoledge of blockcipher
Description
KeeloQ
KeeloQ is used for access authorization in electronic access systems, distributed by Micochip Technology Inc.. The system consists of a sender e.g. car remote key and a reciever e.g. car. In order to get access with a remote key, the reciever must learn about the remote key. For the regostration the remote key has a serial number and a secret key and the reciever has an secret manufacturer key. The registration process can be described as followed:
1) The sender send his serial number in plaintext to the reciever 2) The reciever has a secret manufacturer key. This key is used for the decryption of the serialnumber. 3) The solution to this decryption is the secret key of the sender. From this point the sender key is used to encrypt and decrypt the messages.
To communicate blocks of 32bit are encrypted. One block contain a code for an action. This codes are always the same, therefore the encrypted messages would be always the same. To prevent this behavior the hopping code algorithm is used.
The hopping code adds a counter to the encrypted messages. When the reciever decrypts the message the counter is read. If the recieved counter is a number within a range of 16 values difference from the last recieved counter the action is executed.
To ensure that the recieved message is from the same remote key and not just a resent message from someone else the friend or foe algorithm is used. This is algorithm is an challange response algorithm. To verify the remote key the reciver sends a message in plaintext to the sender. The sender encrypts the message and send it back. If the reciever can decrypt the message correctly the remote key is verifyed.
KeeloQ is an blockcipher that uses 64 bit keys on 32bit plaintext blocks. To encrypt the messages KeeloQ uses a 64bit long secret key on a 32bit long plaintext message. The encryption process takes 5bits from the plaintext register and uses them to calculate one bit with a non linear function. To get one bit from the encrypted message the solution form the non linear function is XORed with one bit from the key and two bot from the plaintext register. After that the plaintext register and the key register are shifted to the right. This process is repeated 527 times to get one block of an encrypted message. To decrypt a message a similar routine is used.
Security Threats
Side channel
In this attack a side channel is used to get the secret sender key. This side channel is the hardware. Therfore the current consumption is messured and analysed or the electromagnetic field of the semicondutor chip.
Slide attack
This attack uses the weakness of the blockcipher that it needs 528 cycles to de- or encrypt a message. With enough slide pairs (plaintext and matching encryptedt text) the steps to get the encrpted message can be traced back to get the sender secret key.
Algebraic attack
In this approch the attacker tries to solve multivariate equivalations. This equivalations must be solved for every encryption step.