Archive for the 'Cryptography' Category

Apr 22

Car locking security is broken

in Cryptography, Security and side-channel. Comments Printable version Printable version

The key entry system used by Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota, Lexus, Volvo, Volkswagen, Jaguar, and probably others is broken. This system uses the encryption algorithm called KeeLoq. It is widely used for security relevant applications, e.g., in the form of passive Radio Frequency Identification (RFID) transponders for car immobilizers and in various access control and Remote Keyless Entry (RKE) systems, e.g., for opening car doors and garage doors. The COmmunication SecuritY (COSY) research group of the Ruhr-Universität Bochum has discovered a method that allows practical attacks against devices that use this algorithm. In their paper, they show that it is technically possible to clone a device that open the car or door by eavesdropping wirelesses at most two messages.

Code Hopping algorithms

The history of remote door openers begin around 1950. At this time the transmitters were extremely simple. They sent out a single signal, and the garage door opener responded by opening or closing. As this technology became fairly common, the simplicity of this system became a big problem:
a single transmitter can be used to open any garage door.

By the 1970s, garage door openers became more sophisticated. Usually an eight DIP switches was used to assign a unique code to each door. The 256 possible combinations was enough to keep several neighbors from opening each other’s doors, but not enough to provide any real security.

This is to address this need that hopping code, also known as rolling code, was invented. Each pair of device, the transmitter and the receiver, uses the same pseudo random generator, a shared secret key and a counter to derive the next message code. It is called rolling code because each time a code is emitted the code is “burned” and the counter is incremented. As a result a new code is generated, each time a message is transmitted. Of course to work, the receiver and the transmitter need to be synchronized. It might happen that the transmitter is used out of the range of the receiver because for example a kid is playing with it. This is handled by the receiver because it accepts the few next upcoming codes. This mechanism is called in KeeLoq technical documentation the opening windows

The KeeLoq algorithm

The KeeLoq algorithm, is licensed by Microchip Technology to car makers and other entities. Each KeeLoq key or key fob uses a unique value, out of billions and billions of possibilities, to unlock a car. As the WEP and the A5 algorithm, the exact algorithm was kept secret until last year, when confidential informations were leaked by a russian site.

Similarly of what happened to the WEP and the A5 algorithm when their details became public, it turn out that attack against against KeeLoq where found by the scientific community within days. KeeLoq first cryptanalysis was done by Andrey Bogdanov using sliding techniques and efficient linear approximations. Nicolas Courtois attacked KeeLoq using sliding and algebraic methods. Eli Biham, Orr Dunkelman, Sebastiaan Indesteege, Nathan Keller and Bart Preneel. published a more efficient attack based on a weakness of the protocol in the paper called “How To Steal Cars A Practical Attack on KeeLoq“.

However theses attacks were still hard to use in practice.

The paper from Cosy research group shows that using DPA (differential power analysis), it is possible with 10 traces to recover the manufacturer key. Once it is done any key from a device from the same manufacturer can be found by sniffing at most two messages. Of course performing the DPA analysis is straightforward, but it can be accomplish in matter of weeks. What can be even more concerning is that it is likely that sooner or later manufacturer keys will be leaked on the net, and once the pandora box is open…

Jan 27

E-voting benefits and challenges

in Analysis and production, Cryptography and Security. Comments Printable version Printable version

If there is one domain, where people are not ready to let computers supercede the old way, it is definitely voting. I am not saying that it is not possible, I am arguing that people don’t trust machine to handle their democracy.

E-vote will be sooner or later still adopted by every country but it is not a bad thing because when properly done it has very nice advantages.

Key advantages

The most obvious are:

  1. It is ecological: every time you vote, millions of bulletins are printed. That is an ecological waste of material and energy. So e-voting is good for environment.

    images

  2. You don’t have to count. In 2002, I accepted to count votes, because I felt that I had to do it at least one time in my life. Well that was a long night. Reading the same name again and again is so boring. It is definitely something, that I will be glad to delegate to computer.

    images (3)

  3. It is easier. Using e-voting will allow to vote from everywhere that is very handy for people that are away from their home. But it is mostly a must have for people that can’t, or have serious difficulty, to go to the voting office such as old people and sick people. It a sense e-voting will help to involve democracy, the weakest one which is something very important. Of course the system should have been easy enough

Of course theses advantages won’t bloom if the system is not secure. If you have any doubt, that the election is legit then the rest is nothing but air.

There is not yet a standard for e-voting, as AES for symmetric cryptography. However, there is many work done on the subject. One of the most important is to define what we want to achieve with an e-voting system. We call it security properties.

So even if a standard e-vote system is not yet ready, understanding the properties beyond it let you know what you can expect from it. It is like having computer spec before having the computer itself. You already know if it will be good or not.

Believe me, the properties associated with eat-voting are good, really good. I truly believe that it will help us to make a better world because it will help to protect our freedom and our opinion.

The following list of properties have been compiled, as part as survey, by Pascal Lafourcade a very good friend of mine and two master science students : Mathilde Duclos and Laure Fouard . They all work for the Verimag lab based at Grenoble (France). He gives us an impressive talk about eat-voting last week. Thanks to him for the talk and the copy of the slides.

Let’s review each property in none technical terms so you can understand what eat-voting will brings to you.

Privacy

No one except the voter should be able to determine the value of the vote cast by the voter.

images (4)

This is the base of the current democracy system. You can vote what you want and nobody could ever find out.

Receipt-Freeness

To me this is one of the most desirable property we can have.

Voter must neither be able to obtain, nor construct a receipt which can prove the content of their vote.

This property will improve the system because it prevents to things:

  1. Coercicion
  2. Vote buying

It prevents coercicion because the coercer have no way to figure out what you have voted because you can’t prove him what you have voted. Even under torture you have no possibility to prove that you say the truth making pressure useless.

lobbying2

 

Same for buying, You can’t buy vote for sure because the voter can’t prove you that he actually voted has ordered.

With the current paper based system, it is possible to coerce people. You give them two bulletins and you ask them for the remaining one after he have voted. An other technique reported by a friend is that, in some country (no name), the current leader name is on a red bulletin and the enveloppe are very thin. Therefore you actually know if the red bulletin is inside the envelope or not. That is clearly coercicion.

Having a coercicion free vote system could let us hope to deploy it where elections are doubtful to help people to express their real desires.

n-Robustness

Faulty behavior of a n-coalition of authorities can be tolerated. No coalition of voters can disrupt the election and any cheating voter will be detected.

That is a long one :)

It means that:

  1. even if one of the computer used to count vote is corrupted, it should not be able to tamper the election. I imagine here a scenario where bulletins are counted by the official government but also external observer (say the UN for instance). With this property, if the government is tampered by any means then it will be detected. This is a very good thing to have the ability to have external observers especially if you don’t trust your authority
  2. No coalition of voters can prevent the election results to be accurate. Means that the vote system is lobbying resistant
  3. If there is a cheat, it will be detected. You want to know if someone has tried to tamper the election or not and ideally who.

Verifiability

Verifiability aims at ensuring that the vote is verifiable to prevent incorrect voting results. It means that the entire voting process can be submitted to an external observer and that observer will be able to say if the vote is legit or not. A very important property in case of contestation.

loupe cv

Actually there is two kind of verifiability

Universal Verifiability

Any participant or passive observer can convince himself of the validity of individual votes and of the final tally of the election.

300px-ElectoralCollege2000-Large

If you remember how things went wrong in Florida in 2000 for US president election, then you know that is something we definitely need it.

Individual Verifiability

Every eligible voter can verify that his vote was counted.

I found out that this is an assumed property for current paper system. People believe that their vote are counted because they can follow the entire process from putting the envelop to the opening and counting vote. However, box can be switched, envelop can be switched and so on. As a magician I can tell you that there is plenty of options to do so. Thinks of using a mirror that split the box.

eticket

But what is important here is that people trust paper technique not computer. So they want to be able to check out that their e-vote was received. It is somehow similar with the plane e-ticket syndrome. People who use e-ticketing tend to verify twice because it appears more reliable than having a paper saying that you will have a seat. Which is of course not true but it is a well established believe.

Democracy

Theses properties ensure that democracy requirements are satisfied.

Eligibility

Only authorized voters are allowed to vote

If the goal is obvious the mean is not. Currently we use ID card. Well if I make a fake ID ? Who never saw a fake driver license to get beer while been in college ? E-vote means digital verification and there we have very nice option to verify more strongly who you are that a guy looking at thousand of card ID to see if one of them is fake. Verifying people ID by hand is also a great burden, so if the computer can do it for you, that can only be better because, machine dont get tiered or distracted.

whorl www.reachoutmichigan

Using biometric means seems the right things to do. For instance fingerprint can be easy to use: you just rub your finger before voting.

 

Preventing Multiple Voting

All eligible voters are allowed to cast the scheduled vote’s number (function of the election system and its part in it) and not more, such that voter has his intended power in deciding the outcome of the voting.

For instance your voting power can be based on the number of company shares you hold. Hence you want the system to enforce company share split for the vote. You also want to be sure that no one have more power than it should.

Fairness

This a very important property also:

No participant can gain any knowledge, except his vote, about the (partial) tally before the counting stage.

This will enforce privacy of course but it is also a guaranty that you can’t influence the intention of people that have not yet voted by unleashing rumors or using social dynamic. It will cut election gossip, because it will ensure that no one can have a hint before the result. Making us all equal, which is the goal of voting after all.

Problems and Future

Currently no e-voting protocol satisfies all the security properties presented above. It even appears that some properties might be incompatible. In a given formalism, which means that it might not apply in all case, privacy and receipt freeness have been proved incompatible

From a more practical point of view, it appears that some techniques proposed in theoritical papers do not scale well. The most famous example, I am aware of, is the use of mixnet to count vote results. If in theory using multiples mixnet ensure n-robustness, in practice with 3 mixnet counting 400 000 votes take several hours. From a psychological point of view this is not acceptable. People expect results as soon as the vote is closed particularly if it is a e-vote. They believe that is is only a simple count (which is far far from the truth) so the computer should be able to run it in a snap. Hence delaying results for several hours is suspicious for them. That is therefore not an option.

Other solutions than mixnet exist and in few years, e-voting will be part of our life. What I don’t know is how to convince people that the system is safe. I wonder how many people can read and understand a formal proof, probably not enough to convince the world. So one of the biggest challenge is to find a way one the system will be ready to make it accepted.

I hope that this little insight on the theoretical work beyond evoting have give you a taste of the future of evoting.

Thanks again to Pascal for his talk and see you next Sunday. I will talk about hardware this time :)

« Older Entries