ohm2013 no more lockpicking - the open source...

OHM2013

No More Lockpicking.Making The Open Source Lock.

mh & Ray

The Open Source Lock.http://tosl.org/

No More Lockpicking –Making The Open Source Lock.

Why closed is often open, and open locks are more secure...

mh & Ray,

SSDeV, muCCC, TOSL.org - The Open Source Lock Project

2013-08-03, OHM2013, Noord-Scharwoude, NL

OHM2013

mh & Ray

Content

1. Why Electronic Locks

2. Existing High Security Electronic Locks

▪ Design

▪ Exploits

3. The Open Source Lock

▪ Motivation

▪ Design

▪ How you can contribute

OHM2013

mh & Ray

Mechanical locks aren't that bad...

▪ Can be picked, but not a common risk

▪ ...at least for a few better models

▪ Are well analyzed so you can judge their security

▪ ...and thus we know there are some more issues than picking

OHM2013

mh & Ray

Copying Keys

▪ Any mechanical key can be copied

▪ Revocation of keys therefore not possible

▪ Security cards and patents offer very limited protection

OHM2013

mh & Ray

Classic Methods

▪ Using a machine

▪ Protected blanks using EasyEntrie

▪ Casting

▪ Re-building one

OHM2013

mh & Ray

3D Printing

▪ First printed key presented at HAR2009

▪ Mass production using laser cutters shown at HOPE2012

▪ Today there are parametric models for door locks on Thingiverse

OHM2013

mh & Ray

So why electronics?

▪ Pick resistance

▪ Prevent key copying

▪ Easy key revocation

▪ Protect against privacy escalation

▪ Flexible rights management

▪ Logging

▪ Multi-factor authorization

OHM2013

mh & Ray

Electronic LocksDesign

▪ Components:

▪ Key

▪ Often: Passive RFID transponder, active RF transceiverRare: Infrared, galvanic connection, knocking, …

▪ Lock

▪ Electronics: Interface to key, authentication, logging

▪ Electro-Mechanical Actuator: Typically couples a knob to the deadbolt; also: unblocks rotation of a key, motorized turning of a knob.

Authenticate (Log)

Authenticate Log

Unlock

Key Lock

Electronics Electro-mechanical actuator

OHM2013

mh & Ray

Electro-Mechanical Actuator

▪ Typical design criteria:

▪ Small

▪ Wear resistant

▪ Long battery life (small battery)

▪ Implementations:

▪ Solenoid pulls a blocking pin out of the way

▪ Electric motor moves a clutch element or turns a blocking element

▪ (exotic: centrifugal clutch element)

▪ Small... → can often be influenced from outside

using relatively small forces (mechanical, magnetic fields, ...)

OHM2013

mh & Ray

Example: Axial Solenoid

Video:

OHM2013

mh & Ray

Solenoid Actuator Activates Clutch

▪ Can potentially be influenced by

▪ Momentum transfer (bumping, vibration)

▪ Magnet, if close to outside

Knob with batteries, antenna, ...

Solenoid

OHM2013

mh & Ray

Authentication by Bumping

Video:

OHM2013

mh & Ray

Authentication by Bumping

Solenoid blocks the “bolt work”:

OHM2013

mh & Ray

Authentication by Strong Magnet

Early version of an RFID-based cylinder lock

(Source: Presentation by Barry Wels at 21C3, 2005)

„Magnet of Death“

Invalid Key

OHM2013

mh & Ray

Turning Magnet Actuator

▪ Can potentially be influenced by

▪ Vibration

▪ Possibly: Magnet, if located on the outside

Magnet turns

OHM2013

mh & Ray

Authentication by Vibration

Early version of an electronic cylinder lock

(Source: Presentation by Barry Wels at HAR2009)

High speed rotary toolwith vibrating plastic piece

Invalid Key

OHM2013

mh & Ray

Countermeasure: Use a Geared Motor

▪ Engaging a clutch or unblocking rotation requires several turns of an electric motor

▪ Use gears to transmit rotation

▪ Influencing by vibration seems to be futile

OHM2013

mh & Ray

Exploit: Turn a Sensor

Early version of an RFID-based electronic cylinder lock

(Source: Youtube.com, “civil1230”)

Ring with magnets turns a magnetic sensor element that's connected to the gears.

OHM2013

mh & Ray

Example: Electronic Padlock

OHM2013

mh & Ray

Exploit: Turn the Motor from the OutsideVideo:

OHM2013

mh & Ray

How to find such exploits?

Reverse Engineering of the mechanical part:

▪ Take apart, analyze, observe

▪ Ideally make a working cutaway lock

▪ Attacker's focus is different from the focus of the lock development team: Cost, Time-to-market, Quality, Patents, … → completely irrelevantOne single weakness is sufficient.

OHM2013

mh & Ray

Electronic Part of Electronic Locks

▪ Mainly a micro controller

▪ Designed for low energy consumption, budget, time to market, user convenience

▪ ...but probably not mainly security

▪ Manufacturers don't tell many details

▪ Analysis requires complex reverse engineering

OHM2013

mh & Ray

Opened Mechanical Lock

OHM2013

mh & Ray

Opened Electronic Lock

OHM2013

mh & Ray

Difficulties while analyzing

▪ Unknown controllers, sometimes even covered in glue

▪ Software sometimes not easy to extract

▪ Different controllers, so many different tools and know-how needed

▪ Altogether: quite a challenge

▪ ... but not impossible

OHM2013

mh & Ray

Exploits: Call-A-Bike

▪ Anonymously sent to the CCC in 2004

▪ Common Atmel micro controller

OHM2013

mh & Ray

OHM2013

mh & Ray

▪ Anonymously sent to the CCC in 2004

▪ Common Atmel micro controller

▪ Possible to read out firmware

▪ Development of an own, ”improved” firmware

OHM2013

mh & Ray

OHM2013

mh & Ray

OHM2013

mh & Ray

▪ „Proof-of-Concept“ mass-flashing of over 100 bikes in Berlin

▪ They were not happy but honored the efforts – lock bits are now set

▪ More Details: http://www.ccc.de/hackabike/

OHM2013

mh & Ray

Hotel Locks

OHM2013

mh & Ray

Hotel Locks

▪ Power/Programming Interface open at the bottom

OHM2013

mh & Ray

Exploits: Hotel Locks

▪ Interface accessible at the bottom

▪ Enables you to read memory and send commands

▪ Opening: read out hotel code from any lock, and open all locks using open command which only needs the hotel code

▪ Exploit using simple Arduino hardware (“$50”)

▪ Fixing only by exchange of hardware

▪ "Irresponsible" Disclosure (BlackHat 2012)

▪ More details: http://daeken.com/blackhat-paper

OHM2013

mh & Ray

Exploits: Electronic Padlock

▪ Texas Instruments standard controller (MSP430)

▪ Read protection not enabled

▪ Flash contacts accessible from battery slot

▪ Motor contacts also...

OHM2013

mh & Ray

Flash Access

▪ So we needed a matching adapter

▪ ...and had a laser cutter

OHM2013

mh & Ray

Flash Analysis

OHM2013

mh & Ray

Flash Analysis

OHM2013

mh & Ray

Flash Analysis

OHM2013

mh & Ray

Analyzing Software

▪ Reading out the flash and disassembly

▪ Reverse engineering of used algorithms

▪ Typical Problems:

▪ Bad crypto (Home grown algorithms, side channel attacks)

▪ Bad protocols (Master keys distributed everywhere, replay attacks, ... )

▪ Backdoors (intentional or unintentional)

OHM2013

mh & Ray

In a nutshell

▪ Too Many Secrets

▪ Lock companies didn't understand Kerkhoff's principle

("A crypto system should be secure even if everything about the system, except the key, is public knowledge.“ - La cryptographie militaire, 1883)

▪ Therefore very limited public reviews

▪ Basically no publication/discussion of good implementations

▪ Neutral judgment of different systems basically impossible

▪ (except for the broken ones...)

▪ So we need Open Source

OHM2013

mh & Ray

The solution: Open Source.

We observed, we hacked, … Now it's time to MAKE!

Let's make a highly secure electronic lock!

▪ Publish sources for the electronic components (software, schematics, layouts) and of the mechanical components (drawings, test results)

▪ Open Source allows for Peer Review with early intensive and targeted tests by experienced experts – the international hacker and lock sport communities

→ TOSL: The Open Source Lock

OHM2013

mh & Ray

TOSL: Mechanics

Goals:

▪ Secure against all known manipulation attacks (bumping, vibration, magnets, shimming, glue injection, heating / cooling, fast turning, ...)

▪ High resistance against brute force (drilling, milling, pulling, …), have a defined resistance level,ideally exceed standards like VdS, SKG, etc

→ Design a simple, secure mechanics part, not miniaturized

OHM2013

mh & Ray

Standard Locks in Europe

Standardized, so it fits into many European doors: DIN 18252 / DIN EN 1303 / “Euro Cylinder”

→ Start with Euro Cylinder. If it fits into this format, making a U.S. Style deadbolt will be possible as well.

OHM2013

mh & Ray

Euro Cylinder

Design constraints:

17mm30mm

M5 hole / weak point (if forced, cylinder typically breaks here)

OHM2013

mh & Ray

Prototype

Knob cylinder, coupling element placed in the inside knob.

Authentication electronics will also be placed in the inside knob.

Outside Inside

Here be drill protection Coupling

element

Servo motor

OHM2013

mh & Ray

OHM2013

mh & Ray

TOSL: Electronics

Goals:

▪ Of course: Authentication which is secured against sniffing and man in the middle

▪ One time access keys

▪ Temporary access keys

▪ 2-Factor authorization like key+PIN

▪ Offline creation of new keys

▪ Logging

▪ No Logging

▪ Backdoor-free

▪ ...except if you want one...

▪ Basically: Whatever you can think of...

OHM2013

mh & Ray

Challenges

▪ Extraction of key from micro controller not under our control

▪ Jamming might be quite easy

▪ Permanent DoS should not be too easy

▪ Power consumption (if the lock has no permanent supply)

▪ Hardware shouldn't be too special to enable peer review

OHM2013

mh & Ray

Open Source Electronics

▪ Modular design:

▪ Different authentication schemes

▪ Maybe even different transmission channels (RF, IR, ...)

▪ Probably multiple micro controllers

▪ Useable with our hardware, or mechanics of existing locks

▪ Goal: have a power saving electronic for the lock and a small token for your keychain

OHM2013

mh & Ray

Prototype

OHM2013

mh & Ray

Prototype

▪ Using the r0ket (http://r0ket.de/) as sender and receiver

▪ Has 60MHz ARM Cortex M3, 2.4GHz RF, rechargeable battery, 5-way input button

▪ Not really end-user compatible, but might well be an option for hacker spaces

▪ It will be easy to build a reduced r0ket with just micro controller and RF part

OHM2013

mh & Ray

Other options

▪ Power saving MCU like TI MSP430 including RF

▪ Special Crypto MCUs (like Maxim) which incorporate counter measures against side channel attacks etc.

▪ Smart card MCUs?

▪ Arduino/ATMega for the ”entry level“

▪ Or go James-Bond-style and use a watch?

OHM2013

mh & Ray

Crypto

▪ Use well known algorithms (AES, SHA256, etc.)

▪ We know enough about crypto so we know that nobody alone ever knows enough about crypto

▪ Currently collecting ideas in our Wiki / Mailing list to build first implementation on r0ket

▪ Contact us if you're interested in working on and/or using this!

OHM2013

mh & Ray

Thank you for your attention!

▪ Questions?

▪ Contact: mh@tosl.org / r@y.nu

▪ TOSL: http://tosl.org

▪ Subscribe to our mailing list! Tell us why you find TOSL interesting, and how you would like to contribute to the project!

ohm2013 no more lockpicking - the open source...

Documents

lockpicking - simplified.pdf

lockpicking, - informatikai intézet · spp (single pick...

lockpicking en español

hackbulgaira - lockpicking

the complete guide to lockpicking - eddie the wire -...

beating the bilock - lockpicking forensics

ohm2013 federation fosters freedom

forensicforensic locksmithin...

segurança física: lockpicking

the complete guide to lockpicking - eddie the wire -...

car automation ohm2013

introduction to lockpicking & key...

wirelessly lockpicking a smart card...

introduction to lockpicking & key bumping - auto … to...

ten things everyone should know about lockpicking & physical

lockpicking forensics

the document which used to be called the mit lockpicking...

ohm2013 'defeating trojans' slides

the complete guide to lockpicking - loompanics

easy pickings - a self teaching manual in the technique of...