1

I think the title question speaks for itself, but here are the details:

You have 4 bits for the buttons, 16 bits for the counter, and a fix 16 bit ID. The transmitter would send out these bits plus an extra 32 bit word read from a ROM addressed by the counter. The reciever would look up the address in its own ROM and check if the two noise words match. Of course the counter must increase too.

You could even overwrite the noise every time the reciever and transmitter are physically connected. Not even your chip manufacturer would have an access.

So the question is: why does Microchip's KeeLoq technology bother so much to work with algorithms?

Thanks Miklos

Miklos Bence
  • 11
  • 3
  • Actually you can add a timestamp to the counter bits to address the ROM to avoid replay attacks. Or use the noise bits as keys to encrypt the whole thing. Possibilities are limitless. There is no way to crack noise. – Miklos Bence Mar 13 '14 at 11:02
  • How is the 'noise' being generated? A pre-shared key needs to be complex enough to increase the effort to brute force. – schroeder Mar 19 '14 at 23:13
  • Thank you Schroeder for your answer!

    How is the 'noise' being generated?

    I would say by sampling thermal noise, but actually it does not even have to be real perfect noise. It could be a long set of pre-shared 32 bit passwords of almost any kind as well. All we need is that you cannot guess the upcoming next 32 bits. This is not a situation where you have an encrypted file to break. Here half the 'file' is already used and is of no use anymore, while the other half is still unknown. Thanks again Miklos

     – Miklos Bence Mar 20 '14 at 12:58
  • But that's why we use complex algorithms ... It is far easier to create mathematically testable results with math... – schroeder Mar 20 '14 at 14:14
  • Please think of my question as 'Why not use pre-shared disposable passwords?' – Miklos Bence Mar 20 '14 at 18:33
  • Then what you've described is a persistent 'session key' scenario. The key is renewed when reader and token sync and persists until the next sync. Once you go down that road, then you need to combat cloning, which means encryption of the session key, and that adds computational time and delay in response. That is why active encryption like that isn't widely used. – schroeder Mar 20 '14 at 18:41
  • I am not sure I understand you. By 'wireless entry system' I meant a key fob for cars. The task is to authentically ID yourself before the reciever. An attacker can have access to the pre-shared passwords only when he has physical access to your fob's memory or to the recieves's memory in the car. But then it is too late anyway. And even then it is very hard to read out the content of a microcontroller's inner RAM if the code-protection bit has been set. Therefore I dont think there is a need to encypt anything. – Miklos Bence Mar 21 '14 at 23:25
  • I am speaking of compact chips with a loop antenna. I agree that if two desktop computers were to communicate securely then the session key scenario would not work because the keys would have to be encrypted and then we are not one step ahead at all. But you cant infect a transmitter-only key fob with a virus secretly. It simply has no input other than its buttons. – Miklos Bence Mar 21 '14 at 23:35
  • Once you transmit, you announce. The transmitted signal can be duplicated (cloned). – schroeder Mar 22 '14 at 23:17

0 Answers0