When Reverse-Engineering Meets Side-Channel Analysis–Digital Lockpicking in Practice

David Oswald, Daehyun Strobel, Falk Schellenberg, Timo Kasper, Chris­tof Paar

Selected Areas in Cryptography -- SAC 2013, Springer Berlin Heidelberg, 2014, 571-588


In the past years, various electronic access control systems have been found to be insecure. In consequence, attacks have emerged that permit unauthorized access to secured objects. One of the few remaining, allegedly secure digital locking systems—the system 3060 man- ufactured and marketed by SimonsVoss—is employed in numerous objects worldwide. Following the trend to analyze the susceptibility of real-world products towards implementation attacks, we illustrate our approach to understand the unknown embedded system and its compo- nents. Detailed investigations are performed in a step-by-step process, including the analysis of the communication between transponder and lock, reverse-engineering of the hardware, bypassing the read-out protection of a microcontroller, and reverse-engineering the extracted program code. Piecing all parts together, the security mechanisms of the system can be completely circumvented by means of implementation attacks. We present an EM side-channel attack for extracting the secret system key from a door lock. This ultimately gives access to all doors of an entire installation. Our technique targets a proprietary function (used in combination with a DES for key derivation), probably originally implemented as an obscurity-based countermeasure to prevent attacks.