Abstract:

KeeLoq remote keyless entry systems are the dominant scheme for access control purposes such as garage door openers or car access systems.
We demonstrate how real-world implementations of the KeeLoq crypto system can completely be broken with differential power analysis (DPA). 
DPA belongs to a class of attacks which allows the extraction of a secret cryptographic key from a target device by observing its power 
consumption. In our case, DPA allows for efficiently revealing both the secret key of a remote transmitter and the manufacturer key stored 
in a receiver. A remote control can be cloned from only ten power traces, allowing for a practical key recovery in few minutes. We can also 
extract the manufacturer key, which is typically identical for each receiver of a given manufacturer. Once we have extracted the manufacturer 
key we can clone transmitters by merely eavesdropping and get access to "protected" areas. This key cloning without physical access to the 
device has serious real-world security implications. Another consequence of our finding are denial-of-service attacks on KeeLoq access 
control systems. The proposed attacks have been verified on several commercial realizations of KeeLoq.
One particularly worrisome aspect of our attack is that is most likely applicable even if KeeLoq would be replaced by cryptographically 
stronger algorithms such as AES or 3DES, as long as the implementation is not protected against side-channel attacks.
Joint work with Thomas Eisenbarth, Timo Kasper and Amir Moradi.

Bio:

Christof Paar has the Chair for Communication Security at Ruhr University Bochum, Germany. From 1994 to 2001 he was professor at WPI, MAs. 
He co-founded, with Cetin Koc, the CHES (Cryptographic Hardware and Embedded Systems) workshop series. Christof’s research interests 
cover fast software and hardware realizations of cryptographic algorithms (including lightweight and high-speed cryptography), RFID security, 
physical security, secure ad-hoc networks, and cryptanalytical hardware. He also works on real-world applications of embedded security, 
e.g., in cars, consumer devices, and RFID. He is co-founder of escrypt – Embedded Security Inc., a leading consultancy.  Christof has over 80 
peer-reviewed publications in embedded security and holds several patents. He has taught extensively in industry, including courses at GTE, 
NASA, Motorola Research, and Philips Research. He is currently a visiting research professor at UMass Amherst.