We have only Microchip’s word for it, but as they refuse to provide details, I can only assume the system is not, in fact, as secure as they (and you) would have us believe.
My point, in response to Chronos is that adding two way encryption (a) significantly complicates the system and (b) probably weakens the security rather than enhances it.
The present system can be made arbitrarily robust because you can make the keycode as long as you like and the pseudorandom number generator as big as you like. The limit of this is the one time pad. There is just no way that this sytem can be cracked.
Now implement a back door so that dealers can open cars for users who lost their keys or de-sync’d their transmitters and you have a weakness which is exploitable. And once you have that weakness built into the system it makes no sense to build it stronger than reasonably necessary.
So, yes, the system is not as robust as it may be. But that is not the point I made. The point I made is that two way encryption adds great complexity without adding security and very probably weakening the system.
Many beginners might think encrypting twice always adds strength but this is not the case and in many cases it weakens the system. Here we have a case where I believe the pseudo one time patch is stronger than anything else.
If someone wants to argue the contrary I’ll be happy to hear arguments.
OK, here’s one way the pseudo-one time pad is weaker than the two-way communicator: If I get ahold of the remote away from the car, I can press the button a few times next to a receiver and grab the next few codes, and then leave the remote right where I found it with the owner none the wiser. I can’t do that with the encryption method, since the only secret information is the private encryption key, and that’s never broadcast.
First of all, no decent encryption is weakened by being encrypted again, because if it were, then the first thing an attacker would do with an encrypted text is to just encrypt it again. Second, even if it were true, I have no idea what relevance that would have to my proposal, since I’m only encrypting once and decrypting once.
Could you care to describe how the encryption in any way weakens the system?
That gives you no useful information whatsoever (except that if you have the remote you can open the car – which is the whole point of the remote and which you could do with any remote).
Again, you are missing the point that no secret is needed because there is no need to keep the codes secret because they are immediately discarded and nothing can be discovered from the old code about the new code. That is the basis of the whole concept as implemented.
Sometimes things are not as they seem. I remember reading (maybe in the code book by Singh) several examples of cedes being weakend by being encrypted twice because that introduced redundancy. Each code needs to be studied independently. But the obvious case is the Enigma where encoding a second time with the same key gives you the original cleartext directly. And I think the allies during WWII would have considered Enigma a “decent” encryption (even though it is outdated today).
My comment was not supposing you would encrypt twice but to show that sometimes adding things which you would at first blush think were good might turn out to be bad.
As i said, I think in the best of cases it adds nothing because the present system can be made as strong as you want and unbreakable (without counting back doors, stolen keys etc, to which no system is immune) but by adding encryption, while adding no further security, you are adding complexity and cost unnecessarily which can lead to malfunction more easily. You would need a much more complex remote, with more processing power. And it adds nothing.
To simplify my reasoning: each successive code is random and cannot be guessed by knowing the previous codes. The only way to know the next code is to have access to the seed (the key) but, obviously, if you have access to the key you can get in in any case.
That’s the simple analysis. Encryption adds nothing. Now, you can’t say “well, suppose you have a really shitty pseudo random number generator and really good encryption…” because that is not a fair comparison.
The present system can easily be made as strong as you like with little complication, just by adding bits. The howstuffworks article says 40 bits are used. Suppose the next 256 (8 bits) codes are accepted, that means that the chance of guessing a valid code by chance is one in 2.3^10. Implement gradual increasing delays as wrong codes come in and there is no way in the world this system can be broken.
Again, the weakness comes from the people. If the guy at the dealer or the factory knows the backdoor and reveals it there is no system in the world which will prevent that.
The Enigma system (which was neither a single cyphertext system nor a single type of machine) had some significant cryptographic weaknesses which, combined with knowledge of key settings or a small amount of plaintext message, could be readily broken even using the primitive electromechanical computers of the time. Comparing even the more capable plugboard Enigma systems to a modern public-private key digital encryption system is like comparing a crossbow to an LGM-118A Peacekeeper ICBM. Enigma and similar systems are laughably insecure by any modern cryptographic standard.
And encryption is useful for more than just concealing data; PGP/GPG and derivatives are routinely used to digitally sign plaintext data in order to assure the end user that the data has not been adulterated in transmission. Similarly with a keycode system encryption can be used to assure that the handshake is secure, even though the signal itself it is available for all to see.
Stranger
I already said that. What I am also saying is that I have read in some books about cryptography that encrypting twice can weaken rather than strengthen the encryption. And it makes sense to me even if it is not obvious at first sight. I am not comapring Enigma to anything, I am using it as a proof of concept.
I am very familiar with PGP which I have used for many years now and which I use daily. But that does not answer the question: How does encryption improve the present system of electronic car locks? Because sliced bread is also very useful for making sandwiches and I hope no one will deny that but how is that relevant to the question I asked? Please explain it, don’t just say it is so.
No, that means that I can open the car without the remote, because I have the next few codes the lock is going to expect. You don’t get much of a bigger violation of security than that. Further, the dealer backdoor is only needed in your scheme to cover for the possibility of the remote and lock getting too far out of synch: If you remove that possibility, then you don’t need the dealer’s backdoor any more.
Your system also has the vulnerability that you need a pseudorandom number generator which can produce unpredictable digits so long as the initial seed isn’t known, even when an arbitrary set of previous outputs is known. That’s a very tall order to fill: Usually, pseudorandom number generators produce sequences of numbers by using each number in the sequence as the key to produce the next one. Unless you have some specific algorithm in mind that meets these criteria, and that algorithm has been proven to be secure? My proposal doesn’t have this problem at all, because, since there’s no need for synchronization, I can use a true random number generator.
In short, I know how secure my system is, since it’s composed entirely of off-the-shelf algorithms which have been studied in great detail. Can you say the same of yours?
Well, the way I see it, the whole system in both cases is based on the remote not being compromised. If the remote is compromised then whoever has the remote can open the car. You introduce the variant that the bad guy, rather than just open the car with the remote, can copy the codes and use them later (but before the remote is actually used again by the owner). I suppose it is theoretically a valid vulnerability although in the real world I do not think it merits much concern. Interesting idea though.
No, the backdoor is needed also when customers lose or destroy their remotes. I believe a back door is commercially necessary and that no automaker would sell a car without a means of easily getting in if the customer’s remote stopped working because it went in the washer with the pants. But that is a different discussion.
As I said, the whole discussion involves pseudo random number generator and encryption either theoretically perfect or both of the same quality. If you compare a bad pseudo random number generator with good encryption then that’s not a fair comparison. Pseudo random number generators can be made as good as you want and beyond all practical needs for such an application. In practical terms I believe the present system is good beyond any practical needs and that any vulnerabilities introduced by having back doors exist regardless of the system.
In other words, it does not matter how strong the front door is if you have a vulnerable back door. If I want to steal a car it is easier for me to find the back door than to try to break the front door. The system is as weak as the weakest link. Given that the back door is incredibly weak, seeing how it can be opened by thjousands of people already, it does not make sense to build a more robust front door.
Now, in a different situation, say the code which would open the door to the gold at Forth Knox, which would have no back door and which would be had by only a few individuals, then yes, I agree that encryption is better.
By the way, it would be interesting to know what happens in real life when you lose the remote. You call the dealer and give them the VIN. What happens next?
The problem, as I see it, is that, not only do you need a new remote but both the remote and the vehicle need to be re-seeded and synchronized. So I suppose there is some way to do that by just standing outside the car with the proper gear.
If the password was constant and encrypted and could be changed by the user then this problem would not arise because the user could just program a new remote with his old password. This would add the complexity of adding two way encryption and of allowing the user to program the password but it would obviate the need for a back door when the user loses the physical remote (although the back door is still needed if the user loses the password). It seems there is a balance between security and having a back door.
It seems that car manufacturers for now have decided one way rolling codes offer sufficient security. This might change if they decide to implement things like being able to communicate with your vehicle using your blackberry or mobile phone. it would be interesting to have a vehicle which to be operated needed continuing validation every few minutes from the owner’s blackberry, whether in the car or thousands of miles away. That way the owner could always know where the vehicle is and could stop operation at any time.
The overall scheme used with the Enigma encoder was not a “strong” encryption scheme. (I’m using strong in the strict cryptographic sense which is a measure of the randomness of the resultant message.) Enigma relied on having a large number of permutations to prevent cracking by brute force attack; however, with certain configurations of the encoder and particular settings of the plugboard discernible patterns could readily be found in the encrypted text. The “unsteckered” commercial Enigma could actually be broken by hand, and the military versions of Enigma were broken largely because of a methodological error, to wit the use of a keycode group that preceded each individual message that was encrypted using the daily key and repeated, which provided a crib that allowed for generally easy cracking of the message cypher.
In contrast, a modern asymmetric cryptographic system using a sufficiently large key size is essentially unbreakable by any unaided analytical attack in any reasonable amount of time, even allowing for a vast future increase in computation capability. This is because the resultant encryption scheme is an essentially random number (a number formed from an algorithm using two very large pseudoprime numbers) but not requiring a shared private key like a one-time-pad cypher that could be intercepted or duplicated. A scheme like the RSA system or similar systems allows communication between parties who have no shared private keys, and there is no way to back out the private key from shared public keys; in fact, it isn’t even possible to decrypt a message by having the sender’s private and public keys; the message has to be decoded using the receiver’s private key. Nor is it effectively possible to weaken the message by a second encryption pass, since the key has no repetition of the preceding key.
With all due respect, you may have read a few books on encryption but you don’t seem to understand the fundamentals of the methodologies, specifically, what made the Enigma-based systems weak, and why modern encryption algorithms and encoders don’t suffer from those weaknesses (though they do potentially have others, as listed above).
The same way a digital signature on an electronic document or e-mail does; it provides a robust, effectively unique, non-repeatable confirmation signal. It’s like having your locks changed every time you leave your car. Even if someone steals the keys out of your pocket, by the time they get to the car the combo has changed, and in a way that isn’t predictable just by seeing the shared key.
Stranger