KeeLoq and Side-Channel Analysis-Evolution of an Attack

Last year we were able to break KeeLoq, which is a 64 bit block cipher that is popular for remote keyless entry (RKE) systems. KeeLoq RKEs are widely used for access control purposes such as garage openers or car door systems. Even though the attack seems almost straightforward in hindsight, there where many practical and theoretical problems to overcome. In this talk I want to describe the evolution of the attack over about two years. Also, some possible future improvements using fault-injection will be mentioned. During the first phase of breaking KeeLoq, a surprisingly long time was spent on analyzing the target hardware, taking measurements and wondering why we did not succeed. In the second phase, we were able to use differential power analysis attacks successfully on numerous commercially available products employing KeeLoq code hopping. Our techniques allow for efficiently revealing both the secret key of a remote transmitter and the manufacturer key stored in a receiver. As a result, a remote control can be cloned from only ten power traces, allowing for a practical key recovery in a few minutes. With similar techniques but with considerably more measurements (typically on the order of 10,000) we can extract the manufacturer key which is stored in every receiver device, e.g., a garage door opener unit. In the third phase, and most recent phase, we were able to come up with several improvements. Most notably, we found that an SPA (simple power analysis) attack allows to recover the manufacturer key with one measurement. In the talk, we will also speculate about extensions to fault-injection and timing attacks. It is important to note that most of our findings are not specific to KeeLoq but are - in principle - applicable to any symmetric cipher with an implementation that is not sidechannel resistant.