RuhrSec 2017: "The (In)Security of Automotive Remote Keyless Entry Systems...", Dr. David Oswald

RuhrSec is the annual English speaking non-profit IT security conference with cutting-edge security talks by renowned experts. RuhrSec is organized by Hackmanit. 🔽 More information ... Talk. The (In)Security of Automotive Remote Keyless Entry Systems revisited Abstract. Remote keyless entry (RKE) systems, usually based on so-called rolling codes, are the most widespread way of (un)locking vehicle doors, opening the trunk, and disarming the alarm system. RKE is based on the unidirectional transmission of an (increasing) counter value, authenticated by means of symmetric cryptography. There are two major ways of attacking RKE systems: (i) by exploiting vulnerable key distribution schemes, and (ii) by making use of cryptographical weaknesses in the employed ciphers. In this talk, we will give practical example for both cases (based on our Usenix Security 2016 paper). First, we show that the RKE system used by the VW group (Audi, Seat, Skoda, Volkswagen) was based on only a handful global keys over the past 20 years. By extracting these keys from ECU firmware, an adversary is able to clone the owner's remote control from a distance of up to 100m, using a single rolling code. Second, we present novel attacks on the Hitag2 RKE scheme (employed by Alfa Romeo, Peugeot, Lancia, Opel, Renault, and Ford among others). Based on black-box reverse-engineering of the protocol, we devise a new cryptanalytical attack on Hitag2 for full key recovery, requiring four to eight rolling codes and negligible computation. Finally, our talk also includes a brief survey of the state of automotive security in general, a discussion of the responsible disclosure process, and recommendations for designing more secure RKE systems. Biography. David Oswald is a lecturer (assistant professor) in the Security and Privacy Group at the University of Birmingham, UK. His main field of research is the security of embedded systems in the real world. On the one hand, the focus is on attack methods that exploit weaknesses in the physical implementation of mathematically secure cryptographic algorithms. Those techniques include both (passive) side-channel analysis and (active) fault injection, as well as reverse engineering. On the other hand, David is working on the practical realization of security systems in embedded applications. He is co-founder of the Kasper & Oswald GmbH, offering innovative products and services for security engineering. His research on vulnerabilities of various wide-spread systems (e.g. DESFire RFID smartcards, Yubikey two-factor authentication tokens, electronic locks, and VW/Hitag2 RKE systems) has created awareness for the crucial importance of security among developers of embedded devices. Speaker: Dr. David Oswald ——— 👉 Subscribe to our channel:    / @hackmanit-it-security   👉 Read more about interesting IT Security topics on our blog: https://hackmanit.de/en/blog-en ✍️ Want a deeper dive? Training courses in Single Sign-On (SAML, OAuth and OpenID Connect), Secure Web Development, TLS and Web Services are available here: https://hackmanit.de/en/training/port... ——— 🌍 RuhrSec conference website: https://www.ruhrsec.de 🌍 Visit our website: https://hackmanit.de/en ✔ Follow RuhrSec on Twitter:   / ruhrsec   ✔ Follow Hackmanit on Twitter:   / hackmanit   Linkedin:   / hackmanit   XING: https://www.xing.com/pages/hackmanitgmbh ——— Thanks for your attention and support. Stay secure. #cybersecurity #rollingcodes #ruhrsec #cyber #conference #talk #itsecurity #itsicherheit #RKE #cryptography #crypto #Hitag2 #RKEsystems