When Reverse-Engineering Meets Side-Channel Analysis - Digital Lockpicking in Practice

摘要

In the past years, various electronic access control systems have been found to be insecure. In consequence, attacks have emerged that permit unauthorized access to secured objects. One of the few remaining, allegedly secure digital locking systems-the system 3060 manufactured and marketed by SimonsVoss-is employed in numerous objects worldwide. Following the trend to analyze the susceptibility of real-world products towards implementation attacks, we illustrate our approach to understand the unknown embedded system and its components. Detailed investigations are performed in a step-by-step process, including the analysis of the communication between transponder and lock, reverse-engineering of the hardware, bypassing the read-out protection of a microcontroller, and reverse-engineering the extracted program code. Piecing all parts together, the security mechanisms of the system can be completely circumvented by means of implementation attacks. We present an EM side-channel attack for extracting the secret system key from a door lock. This ultimately gives access to all doors of an entire installation. Our technique targets a proprietary function (used in combination with a DES for key derivation), probably originally implemented as an obscurity-based countermeasure to prevent attacks.