OHM2013 No More Lockpicking - The Open Source Locktheopensourcelock.huebler.org/.../No_More_Lockpicking_OHM2013.pdf · OHM2013 No More Lockpicking. Making The Open Source Lock. mh

OHM2013

No More Lockpicking.Making The Open Source Lock.

mh & Ray

Page 1

The Open Source Lock.http://tosl.org/

No More Lockpicking –Making The Open Source Lock.

Why closed is often open, and open locks are more secure...

mh & Ray,

SSDeV, muCCC, TOSL.org - The Open Source Lock Project

2013-08-03, OHM2013, Noord-Scharwoude, NL

OHM2013


mh & Ray

Page 2


Content

1. Why Electronic Locks

2. Existing High Security Electronic Locks

▪ Design

▪ Exploits

3. The Open Source Lock

▪ Motivation

▪ Design

▪ How you can contribute

OHM2013


mh & Ray

Page 3


Mechanical locks aren't that bad...

▪ Can be picked, but not a common risk

▪ ...at least for a few better models

▪ Are well analyzed so you can judge their security

▪ ...and thus we know there are some more issues than picking

OHM2013


mh & Ray

Page 4


Copying Keys

▪ Any mechanical key can be copied

▪ Revocation of keys therefore not possible

▪ Security cards and patents offer very limited protection

OHM2013


mh & Ray

Page 5


Classic Methods

▪ Using a machine

▪ Protected blanks using EasyEntrie

▪ Casting

▪ Re-building one

OHM2013


mh & Ray

Page 6


3D Printing

▪ First printed key presented at HAR2009

▪ Mass production using laser cutters shown at HOPE2012

▪ Today there are parametric models for door locks on Thingiverse

OHM2013


mh & Ray

Page 7


So why electronics?

▪ Pick resistance

▪ Prevent key copying

▪ Easy key revocation

▪ Protect against privacy escalation

▪ Flexible rights management

▪ Logging

▪ Multi-factor authorization

OHM2013


mh & Ray

Page 8


Electronic LocksDesign

▪ Components:

▪ Key

▪ Often: Passive RFID transponder, active RF transceiverRare: Infrared, galvanic connection, knocking, …

▪ Lock

▪ Electronics: Interface to key, authentication, logging

▪ Electro-Mechanical Actuator: Typically couples a knob to the deadbolt; also: unblocks rotation of a key, motorized turning of a knob.

Authenticate (Log)

Authenticate Log

Unlock

Key Lock

Electronics Electro-mechanical actuator

OHM2013


mh & Ray

Page 9


Electro-Mechanical Actuator

▪ Typical design criteria:

▪ Small

▪ Wear resistant

▪ Long battery life (small battery)

▪ Implementations:

▪ Solenoid pulls a blocking pin out of the way

▪ Electric motor moves a clutch element or turns a blocking element

▪ (exotic: centrifugal clutch element)

▪ Small... → can often be influenced from outside

using relatively small forces (mechanical, magnetic fields, ...)

OHM2013


mh & Ray

Page 10


Example: Axial Solenoid

Video:

OHM2013


mh & Ray

Page 11


Solenoid Actuator Activates Clutch

▪ Can potentially be influenced by

▪ Momentum transfer (bumping, vibration)

▪ Magnet, if close to outside

Knob with batteries, antenna, ...

Solenoid

OHM2013


mh & Ray

Page 12


Authentication by Bumping

Video:

OHM2013


mh & Ray

Page 13


Authentication by Bumping

Solenoid blocks the “bolt work”:

OHM2013


mh & Ray

Page 14


Authentication by Strong Magnet

Early version of an RFID-based cylinder lock

(Source: Presentation by Barry Wels at 21C3, 2005)

„Magnet of Death“

Invalid Key

OHM2013


mh & Ray

Page 15


Turning Magnet Actuator

▪ Can potentially be influenced by

▪ Vibration

▪ Possibly: Magnet, if located on the outside

Magnet turns

OHM2013


mh & Ray

Page 16


Authentication by Vibration

Early version of an electronic cylinder lock

(Source: Presentation by Barry Wels at HAR2009)

High speed rotary toolwith vibrating plastic piece

Invalid Key

OHM2013


mh & Ray

Page 17


Countermeasure: Use a Geared Motor

▪ Engaging a clutch or unblocking rotation requires several turns of an electric motor

▪ Use gears to transmit rotation

▪ Influencing by vibration seems to be futile

OHM2013


mh & Ray

Page 18


Exploit: Turn a Sensor

Early version of an RFID-based electronic cylinder lock

(Source: Youtube.com, “civil1230”)

Ring with magnets turns a magnetic sensor element that's connected to the gears.

OHM2013


mh & Ray

Page 19


Example: Electronic Padlock

OHM2013


mh & Ray

Page 20


Exploit: Turn the Motor from the OutsideVideo:

OHM2013


mh & Ray

Page 21


How to find such exploits?

Reverse Engineering of the mechanical part:

▪ Take apart, analyze, observe

▪ Ideally make a working cutaway lock

▪ Attacker's focus is different from the focus of the lock development team: Cost, Time-to-market, Quality, Patents, … → completely irrelevantOne single weakness is sufficient.

OHM2013


mh & Ray

Page 22


Electronic Part of Electronic Locks

▪ Mainly a micro controller

▪ Designed for low energy consumption, budget, time to market, user convenience

▪ ...but probably not mainly security

▪ Manufacturers don't tell many details

▪ Analysis requires complex reverse engineering

OHM2013


mh & Ray

Page 23


Opened Mechanical Lock

OHM2013


mh & Ray

Page 24


Opened Electronic Lock

OHM2013


mh & Ray

Page 25


Difficulties while analyzing

▪ Unknown controllers, sometimes even covered in glue

▪ Software sometimes not easy to extract

▪ Different controllers, so many different tools and know-how needed

▪ Altogether: quite a challenge

▪ ... but not impossible

OHM2013


mh & Ray

Page 26


Exploits: Call-A-Bike

▪ Anonymously sent to the CCC in 2004

▪ Common Atmel micro controller

OHM2013


mh & Ray

Page 27


OHM2013


mh & Ray

Page 28



▪ Anonymously sent to the CCC in 2004

▪ Common Atmel micro controller

▪ Possible to read out firmware

▪ Development of an own, ”improved” firmware

OHM2013


mh & Ray

Page 29


OHM2013


mh & Ray

Page 30


OHM2013


mh & Ray

Page 31



▪ „Proof-of-Concept“ mass-flashing of over 100 bikes in Berlin

▪ They were not happy but honored the efforts – lock bits are now set

▪ More Details: http://www.ccc.de/hackabike/

OHM2013


mh & Ray

Page 32


Hotel Locks

OHM2013


mh & Ray

Page 33


Hotel Locks

▪ Power/Programming Interface open at the bottom

OHM2013


mh & Ray

Page 34


Exploits: Hotel Locks

▪ Interface accessible at the bottom

▪ Enables you to read memory and send commands

▪ Opening: read out hotel code from any lock, and open all locks using open command which only needs the hotel code

▪ Exploit using simple Arduino hardware (“$50”)

▪ Fixing only by exchange of hardware

▪ "Irresponsible" Disclosure (BlackHat 2012)

▪ More details: http://daeken.com/blackhat-paper

OHM2013


mh & Ray

Page 35


Exploits: Electronic Padlock

▪ Texas Instruments standard controller (MSP430)

▪ Read protection not enabled

▪ Flash contacts accessible from battery slot

▪ Motor contacts also...

OHM2013


mh & Ray

Page 36


Flash Access

▪ So we needed a matching adapter

▪ ...and had a laser cutter

OHM2013


mh & Ray

Page 37


Flash Analysis

OHM2013


mh & Ray

Page 38


Flash Analysis

OHM2013


mh & Ray

Page 39


Flash Analysis

OHM2013


mh & Ray

Page 40


Analyzing Software

▪ Reading out the flash and disassembly

▪ Reverse engineering of used algorithms

▪ Typical Problems:

▪ Bad crypto (Home grown algorithms, side channel attacks)

▪ Bad protocols (Master keys distributed everywhere, replay attacks, ... )

▪ Backdoors (intentional or unintentional)

OHM2013


mh & Ray

Page 41


In a nutshell

▪ Too Many Secrets

▪ Lock companies didn't understand Kerkhoff's principle

("A crypto system should be secure even if everything about the system, except the key, is public knowledge.“ - La cryptographie militaire, 1883)

▪ Therefore very limited public reviews

▪ Basically no publication/discussion of good implementations

▪ Neutral judgment of different systems basically impossible

▪ (except for the broken ones...)

▪ So we need Open Source

OHM2013


mh & Ray

Page 42


The solution: Open Source.

We observed, we hacked, … Now it's time to MAKE!

Let's make a highly secure electronic lock!

▪ Publish sources for the electronic components (software, schematics, layouts) and of the mechanical components (drawings, test results)

▪ Open Source allows for Peer Review with early intensive and targeted tests by experienced experts – the international hacker and lock sport communities

→ TOSL: The Open Source Lock

OHM2013


mh & Ray

Page 43


TOSL: Mechanics

Goals:

▪ Secure against all known manipulation attacks (bumping, vibration, magnets, shimming, glue injection, heating / cooling, fast turning, ...)

▪ High resistance against brute force (drilling, milling, pulling, …), have a defined resistance level,ideally exceed standards like VdS, SKG, etc

→ Design a simple, secure mechanics part, not miniaturized

OHM2013


mh & Ray

Page 44


Standard Locks in Europe

Standardized, so it fits into many European doors: DIN 18252 / DIN EN 1303 / “Euro Cylinder”

→ Start with Euro Cylinder. If it fits into this format, making a U.S. Style deadbolt will be possible as well.

OHM2013


mh & Ray

Page 45


Euro Cylinder

Design constraints:

17mm30mm

M5 hole / weak point (if forced, cylinder typically breaks here)

OHM2013


mh & Ray

Page 46


Prototype

Knob cylinder, coupling element placed in the inside knob.

Authentication electronics will also be placed in the inside knob.

Outside Inside

Here be drill protection Coupling

element

Servo motor

OHM2013


mh & Ray

Page 47


Video

OHM2013


mh & Ray

Page 48


TOSL: Electronics

Goals:

▪ Of course: Authentication which is secured against sniffing and man in the middle

▪ One time access keys

▪ Temporary access keys

▪ 2-Factor authorization like key+PIN

▪ Offline creation of new keys

▪ Logging

▪ No Logging

▪ Backdoor-free

▪ ...except if you want one...

▪ Basically: Whatever you can think of...

OHM2013


mh & Ray

Page 49


Challenges

▪ Extraction of key from micro controller not under our control

▪ Jamming might be quite easy

▪ Permanent DoS should not be too easy

▪ Power consumption (if the lock has no permanent supply)

▪ Hardware shouldn't be too special to enable peer review

OHM2013


mh & Ray

Page 50


Open Source Electronics

▪ Modular design:

▪ Different authentication schemes

▪ Maybe even different transmission channels (RF, IR, ...)

▪ Probably multiple micro controllers

▪ Useable with our hardware, or mechanics of existing locks

▪ Goal: have a power saving electronic for the lock and a small token for your keychain

OHM2013


mh & Ray

Page 51


Prototype

OHM2013


mh & Ray

Page 52


Prototype

▪ Using the r0ket (http://r0ket.de/) as sender and receiver

▪ Has 60MHz ARM Cortex M3, 2.4GHz RF, rechargeable battery, 5-way input button

▪ Not really end-user compatible, but might well be an option for hacker spaces

▪ It will be easy to build a reduced r0ket with just micro controller and RF part

http://r0ket.de/

OHM2013


mh & Ray

Page 53


Other options

▪ Power saving MCU like TI MSP430 including RF

▪ Special Crypto MCUs (like Maxim) which incorporate counter measures against side channel attacks etc.

▪ Smart card MCUs?

▪ Arduino/ATMega for the ”entry level“

▪ Or go James-Bond-style and use a watch?

OHM2013


mh & Ray

Page 54


Crypto

▪ Use well known algorithms (AES, SHA256, etc.)

▪ We know enough about crypto so we know that nobody alone ever knows enough about crypto

▪ Currently collecting ideas in our Wiki / Mailing list to build first implementation on r0ket

▪ Contact us if you're interested in working on and/or using this!

OHM2013


mh & Ray

Page 55


Thank you for your attention!

▪ Questions?

▪ Contact: [email protected] / [email protected]

▪ TOSL: http://tosl.org

▪ Subscribe to our mailing list! Tell us why you find TOSL interesting, and how you would like to contribute to the project!

mailto:[email protected]

http://tosl.org/

Documents

OHM2013 No More Lockpicking - The Open Source Locktheopensourcelock.huebler.org/.../No_More_Lockpicking_OHM2013.pdf · OHM2013 No More Lockpicking. Making The Open Source Lock. mh