Security analysis of an open car immobilizer Protocol Stack

摘要

Openness is a key criterion of security algorithms and protocols which enable them to be subjected to scrutiny by independent security experts. The alternative "methodology" of secret proprietary algorithms and protocols has often ended in practical breaks, e.g. of the MIFARE Oyster cards for public transport or the KeeLoq remote control systems. Open evaluation is common for general applications of security, e.g. the NIST competitions for selection of the Advanced Encryption Standard (AES) and the Secure Hash Algorithm 3 (SHA-3). Nowadays an increasing number of embedded security applications apply the principle of open evaluation as well. A recent example is the specification of an open security protocol stack for car immobilizer applications by Atmel, which has been presented at ESCAR 2010. This stack is primarily intended to be used in conjunction with automotive transponder chips of this manufacturer, but could in principle be deployed on any suitable type of transponder chip. In this paper we analyze the security of this protocol stack. We were able to uncover a number of potential security vulnerabilities, for which we suggest fixes.