motordavid
01-28-2005, 05:06 PM
From Sat's NewYawkTimes; at least we jes'have those popable locks. :D
January 28, 2005
Students Say They Found a Hole in High-Tech Car Security Systems
By JOHN SCHWARTZ
BALTIMORE - Matt Green starts his 2005 Ford Escape with a duplicate key he had made at Lowe's. Nothing unusual about that, except that the auto industry has spent millions of dollars to keep him from being able to do it.
Mr. Green, a graduate student at Johns Hopkins University, is part of a team that plans to announce on Jan. 29 that it has cracked the security behind "immobilizer" systems from Texas Instruments Inc. The systems reduce car theft, because vehicles will not start unless the system recognizes a tiny chip in the authorized key. They are used in millions of Fords, Toyotas and Nissans.
All that would be required to steal a car, the researchers said, is a moment next to the car owner to extract data from the key, less than an hour of computing, and a few minutes to break in, feed the key code to the car and hot-wire it.
An executive with the Texas Instruments division that makes the systems did not dispute that the Hopkins team had cracked its code, but said there was much more to stealing a car than that. The devices, said the executive, Tony Sabetti, "have been fraud-free and are likely to remain fraud-free."
The implications of the Hopkins finding go beyond stealing cars.
Variations on the technology used in the chips, known as RFID for radio frequency identification, are widely used. Similar systems deduct highway tolls from drivers' bank accounts and restrict access to office buildings. Wal-Mart is using the technology to track inventory, the Food and Drug Administration is considering it to foil drug counterfeiting, and the medical school at the University of California, Los Angeles, has announced it will implant chips in cadavers to curtail unauthorized sale of body parts.
The Johns Hopkins researchers say that if other radio frequency ID systems are vulnerable, the new field could offer far less security than its proponents promise.
The computer scientists are not doing R.&D. for the Mob. Aviel D. Rubin, a professor of computer science who led the team, said his three graduate students did what security experts often do: showed the lack of robust security in important devices that people use every day.
"What we find time and time again is the security is overlooked and not done right," said Dr. Rubin, who has previously exposed flaws in electronic voting systems and wireless computer networks.
David Wagner, an assistant professor of computer science at the University of California, Berkeley, who reviewed a draft of a paper by the Hopkins team, called it "great research," adding, "I see it as an early warning" for all radio frequency ID systems.
The "immobilizer" technology used in the keys has been an enormous success. Texas Instruments alone has its chips in an estimated 150 million keys. Replacing the key on newer cars can cost hundreds of dollars, but the technology has been credited with greatly reducing auto theft - for some models, by 90 percent.
Early versions of in-key chips were relatively easy to clone, but the Texas Instruments chips are considered to be among the best. A paper from the company says the system offers "the highest level of RFID security." But the amount of computing the chip can do is restricted by the fact that it has no power of its own; it builds a slight charge from an electromagnetic field from the car's transmitter.
Cracking the system took the graduate students three months, Dr. Rubin said, adding, "There was a lot of trial-and-error work with, every once in awhile, a little 'Aha!' "
The Hopkins researchers got unexpected help from Texas Instruments itself. They were able to buy a tag reader directly from the company, which sells kits for $280 on its Web site. They also found a general diagram on the Internet, from a technical presentation by the company's German division. It was vague, and "contains a large number of inaccuracies," as the researchers wrote in the paper describing their work. But they wrote that the diagram and a related paper they found in the Library of Congress provided "a useful foothold" into the structure of the algorithm used by the system. (The Hopkins paper, which is online at www.rfidanalysis.org, does not provide detailed information that could allow others to readily duplicate the attack.)
They wrote software that mimics the system, which works through a pattern of challenge and response. The part of the system in the car, called the authenticator, "wakes up" the chip with a small surge of power, and sends a random number to it. The chip encrypts the number and sends the result back to be accepted by the authenticator.
The researchers discovered a critically important fact: the encryption algorithm used by the chip to scramble the challenge uses a relatively short code, known, confusingly, as a "key." The longer the code key, which is measured in bits, the harder to crack any encryption system.
"If you were to tell a cryptographer that this system uses 40-bit keys, you'd immediately conclude that the system is weak and that you'd be able to break it," said Ari Juels, a scientist with the research arm of RSA Security, which financed the research and offered cryptographic assistance.
So the researchers took each chip they were trying to clone and fed it challenges. With an array of programmable computer chips emulating the challenge and response at a much greater speed than the physical system, the researchers were able to conduct what is known as a brute force attack, working through all 1,099,511,627,776 possible encryption keys in less than an hour. Once they had the key, they could answer future challenges correctly.
An enterprising car thief using this technique, the Hopkins researchers said, would need just a quarter of a second near the car's owner to issue the required challenges to the key and record the response; after cracking the chip, they could then use the code, relayed via an antenna, to allow them to hotwire the car.
Mr. Sabetti of Texas Instruments argues that this is where the researchers' analysis is flawed: grabbing the code from a key would be very difficult, because the chips have a very short broadcast range. The greatest distance that his company's engineers have managed in the lab is 12 inches, and then only with large antennas that require a power source.
Dr. Rubin acknowledged that his team had been able to read the keys just a few inches from a reader, but said he believed the range might be extended. If not, he said, many situations could put an attacker and a target in close proximity, including crowded elevators.
The researchers used several thousand dollars of off-the-shelf computer equipment to crack the code, and had to fill a back seat of Mr. Green's S.U.V. with computers and signal processing equipment to successfully imitate a key. But the cost of equipment could be brought down to several hundred dollars, Dr. Rubin said, and Adam Stubblefield, another of the Hopkins graduate students, said, "We think the entire attack could be done with a device the size of an iPod."
The Texas Instruments chips are also used in millions of the Speedpass tags that drivers buy gas at ExxonMobil stations without pulling out a credit card, and the researchers have shown that they can buy gas with a cracked code. A spokeswoman for ExxonMobil, Prem Nair, said the company used additional antifraud measures, including restrictions that only allow two gas purchases per day. "We strongly believe that the Speedpass devices and the checks that we have in place are much more secure than those using credit cards with magnetic stripes," she said.
The Hopkins team discussed its research with Texas Instruments before making the paper public. Matthew Buckley, a spokesman for RSA Security, said that his company, which offers security consulting services and is developing radio frequency ID tags that resist unauthorized eavesdropping, had offered to work with Texas Instruments free of charge to address the security issues.
Dr. Wagner said that graduate students at a top university defeating the system does not mean that the attack is the sole province of the technology elite. After having seen the paper, he said, "I could have given this as an extended homework problem for a cryptography class," and that the resources at the command of organized crime were more than adequate for the task. "The white hats don't have a monopoly on cryptographic expertise," he said.
Dr. Rubin said that if criminals did eventually duplicate his students' work, people cold block eavesdroppers by keeping the key or Speedpass token in a tinfoil sheath when not in use. But Mr. Sabetti, the Texas Instruments executive, said that such precautions were unnecessary. "It's a solution to a problem that doesn't exist," he said.
http://www.nytimes.com/2005/01/28/science/28cnd-key.html?hp&ex=1106974800&en=48eb306a45a3b7a0&ei=5094&partner=homepage
January 28, 2005
Students Say They Found a Hole in High-Tech Car Security Systems
By JOHN SCHWARTZ
BALTIMORE - Matt Green starts his 2005 Ford Escape with a duplicate key he had made at Lowe's. Nothing unusual about that, except that the auto industry has spent millions of dollars to keep him from being able to do it.
Mr. Green, a graduate student at Johns Hopkins University, is part of a team that plans to announce on Jan. 29 that it has cracked the security behind "immobilizer" systems from Texas Instruments Inc. The systems reduce car theft, because vehicles will not start unless the system recognizes a tiny chip in the authorized key. They are used in millions of Fords, Toyotas and Nissans.
All that would be required to steal a car, the researchers said, is a moment next to the car owner to extract data from the key, less than an hour of computing, and a few minutes to break in, feed the key code to the car and hot-wire it.
An executive with the Texas Instruments division that makes the systems did not dispute that the Hopkins team had cracked its code, but said there was much more to stealing a car than that. The devices, said the executive, Tony Sabetti, "have been fraud-free and are likely to remain fraud-free."
The implications of the Hopkins finding go beyond stealing cars.
Variations on the technology used in the chips, known as RFID for radio frequency identification, are widely used. Similar systems deduct highway tolls from drivers' bank accounts and restrict access to office buildings. Wal-Mart is using the technology to track inventory, the Food and Drug Administration is considering it to foil drug counterfeiting, and the medical school at the University of California, Los Angeles, has announced it will implant chips in cadavers to curtail unauthorized sale of body parts.
The Johns Hopkins researchers say that if other radio frequency ID systems are vulnerable, the new field could offer far less security than its proponents promise.
The computer scientists are not doing R.&D. for the Mob. Aviel D. Rubin, a professor of computer science who led the team, said his three graduate students did what security experts often do: showed the lack of robust security in important devices that people use every day.
"What we find time and time again is the security is overlooked and not done right," said Dr. Rubin, who has previously exposed flaws in electronic voting systems and wireless computer networks.
David Wagner, an assistant professor of computer science at the University of California, Berkeley, who reviewed a draft of a paper by the Hopkins team, called it "great research," adding, "I see it as an early warning" for all radio frequency ID systems.
The "immobilizer" technology used in the keys has been an enormous success. Texas Instruments alone has its chips in an estimated 150 million keys. Replacing the key on newer cars can cost hundreds of dollars, but the technology has been credited with greatly reducing auto theft - for some models, by 90 percent.
Early versions of in-key chips were relatively easy to clone, but the Texas Instruments chips are considered to be among the best. A paper from the company says the system offers "the highest level of RFID security." But the amount of computing the chip can do is restricted by the fact that it has no power of its own; it builds a slight charge from an electromagnetic field from the car's transmitter.
Cracking the system took the graduate students three months, Dr. Rubin said, adding, "There was a lot of trial-and-error work with, every once in awhile, a little 'Aha!' "
The Hopkins researchers got unexpected help from Texas Instruments itself. They were able to buy a tag reader directly from the company, which sells kits for $280 on its Web site. They also found a general diagram on the Internet, from a technical presentation by the company's German division. It was vague, and "contains a large number of inaccuracies," as the researchers wrote in the paper describing their work. But they wrote that the diagram and a related paper they found in the Library of Congress provided "a useful foothold" into the structure of the algorithm used by the system. (The Hopkins paper, which is online at www.rfidanalysis.org, does not provide detailed information that could allow others to readily duplicate the attack.)
They wrote software that mimics the system, which works through a pattern of challenge and response. The part of the system in the car, called the authenticator, "wakes up" the chip with a small surge of power, and sends a random number to it. The chip encrypts the number and sends the result back to be accepted by the authenticator.
The researchers discovered a critically important fact: the encryption algorithm used by the chip to scramble the challenge uses a relatively short code, known, confusingly, as a "key." The longer the code key, which is measured in bits, the harder to crack any encryption system.
"If you were to tell a cryptographer that this system uses 40-bit keys, you'd immediately conclude that the system is weak and that you'd be able to break it," said Ari Juels, a scientist with the research arm of RSA Security, which financed the research and offered cryptographic assistance.
So the researchers took each chip they were trying to clone and fed it challenges. With an array of programmable computer chips emulating the challenge and response at a much greater speed than the physical system, the researchers were able to conduct what is known as a brute force attack, working through all 1,099,511,627,776 possible encryption keys in less than an hour. Once they had the key, they could answer future challenges correctly.
An enterprising car thief using this technique, the Hopkins researchers said, would need just a quarter of a second near the car's owner to issue the required challenges to the key and record the response; after cracking the chip, they could then use the code, relayed via an antenna, to allow them to hotwire the car.
Mr. Sabetti of Texas Instruments argues that this is where the researchers' analysis is flawed: grabbing the code from a key would be very difficult, because the chips have a very short broadcast range. The greatest distance that his company's engineers have managed in the lab is 12 inches, and then only with large antennas that require a power source.
Dr. Rubin acknowledged that his team had been able to read the keys just a few inches from a reader, but said he believed the range might be extended. If not, he said, many situations could put an attacker and a target in close proximity, including crowded elevators.
The researchers used several thousand dollars of off-the-shelf computer equipment to crack the code, and had to fill a back seat of Mr. Green's S.U.V. with computers and signal processing equipment to successfully imitate a key. But the cost of equipment could be brought down to several hundred dollars, Dr. Rubin said, and Adam Stubblefield, another of the Hopkins graduate students, said, "We think the entire attack could be done with a device the size of an iPod."
The Texas Instruments chips are also used in millions of the Speedpass tags that drivers buy gas at ExxonMobil stations without pulling out a credit card, and the researchers have shown that they can buy gas with a cracked code. A spokeswoman for ExxonMobil, Prem Nair, said the company used additional antifraud measures, including restrictions that only allow two gas purchases per day. "We strongly believe that the Speedpass devices and the checks that we have in place are much more secure than those using credit cards with magnetic stripes," she said.
The Hopkins team discussed its research with Texas Instruments before making the paper public. Matthew Buckley, a spokesman for RSA Security, said that his company, which offers security consulting services and is developing radio frequency ID tags that resist unauthorized eavesdropping, had offered to work with Texas Instruments free of charge to address the security issues.
Dr. Wagner said that graduate students at a top university defeating the system does not mean that the attack is the sole province of the technology elite. After having seen the paper, he said, "I could have given this as an extended homework problem for a cryptography class," and that the resources at the command of organized crime were more than adequate for the task. "The white hats don't have a monopoly on cryptographic expertise," he said.
Dr. Rubin said that if criminals did eventually duplicate his students' work, people cold block eavesdroppers by keeping the key or Speedpass token in a tinfoil sheath when not in use. But Mr. Sabetti, the Texas Instruments executive, said that such precautions were unnecessary. "It's a solution to a problem that doesn't exist," he said.
http://www.nytimes.com/2005/01/28/science/28cnd-key.html?hp&ex=1106974800&en=48eb306a45a3b7a0&ei=5094&partner=homepage
