Electronic locks and Crypto/Hardening?

It's hard finding anyone who has this information. (Which is a good illustration of why security-through-obscurity is not always a Bad Thing.)

Most electronic locks don't actually require a lot of crypto. They're generally challenge-and-response systems, and as long as the system has basic provisions to prevent exhaustively searching the key space to reconstruct that table this is likely to be Good Enough for all practical purposes. The important thing is making sure that the transformation from challenge to response isn't blatently trivial.

All are designed so that brute-force attack is more likely to kill the lock than to open it. That's relatively trivial to achieve; it's basic fail-secure.

Higher-end ones consider Tempest issues as well. Realistically, that's overkill for most applications.

Your concerns in electronic locks are more often basic reliability and mechanical strength than crypto/electronic security.

that tends to make me nervous, because it says to me that all it would probably take is someone serious enough to do some real reverse engineering.

the more paranoid side of me tends to think that since nobody knows much, someone has already figured out a class break, and is keeping it secret.

same principle as making sure the garage door opener isn't using an 8 bit value so you can sweep for the 256 possible values in five seconds, I assume. Only with crypto added.

The important thing is making sure that the

good deal.

I assume the government drives the demand for these.

makes sense. sorry, I guess I fell into the "when your only tool is a hammer, everything looks like a nail" deal.

good to know that they are taking solid design principles into consideration, though.

I'm not an expert, just a tinkerer.

The security of the electronic lock depends on a lot of things. You have the physical device, the technique used to enter the code, the default codes and other issues. Crypto doesn't come into play on most of them.

The best installations will use an input method that is not easily snooped, either via a shrouded keypad or keypads that scramble the numbers. They will also have a lockout interval after too many tries, accompanied by an alarm. This can backfire, but it's part of the fail-secure philosophy. Audit logs should be configured to print out or store remotely.

The best installations also require two or more items for authentication, I.E a card and a pin, or a thumb-print and voice print, etc.

Good installations will use tamper proof wiring and tamper proof lock.

If radio or infrared is used to tranmit codes, it should be encrypted in some way.

Just proximity card or just a wireless transmitter is not very secure, as it can be easily stolen/borrowed or even spoofed.

An alarm should be used in conjunction with electronic locks, just as they should with mechanical locks. Access Control VS Detection.

Hope that helps you out some. There are lots of good electronic locks in the market. Schlage, Marks, Doorking, Dynalock, Omnilock and many others make electronic stand-along locks.

Daniel

I am not a big fan of electronic safe locks. My biggest issue with them is their reliability. They seem to have a rather high premature failure rate and they don't usually allow the locksmith many options to open them even one last time before drilling the safe.

You probably don't need a whole lot of crypto in the design as they have time delays for subsequent opening attempts, and to my knowledge there is no way to read the electronics on the inside of the lock from the outside.

I think however they do suffer from a weakness, but I certainly am not going to discuss this speculation.

Since these are closed systems why or how would you use an encryption system?

It's not really the same principle. It is simpler to intercept the communication from a remote garage door opener, it's also simpler to attempt to brute force it (in the electronic security sense of the term, not the crowbar sense). With most electronic locks you have to physically swipe a card or enter a code. You are typically limited in the number of bad attempts. Granted if the electronics in question are not shielded well enough the system could be vulnreable to Van Eck phreaking or a tempest attack. More practical concerns are likely the amount of force needed to physically compromise the door/jamb and the tendency of people to share security codes or leave their cards unattended. Also the degree of access or lack thereof to the wiring from the access control module to the locking solonoid(s) or mechanism. At least one La Gard electronic safe lock is vulnerable to this type of defeat. I won't mention the model number here.

The DOD lock programs specifications for locks to secure containers and vault doors protecting classified information can be found here:

The Kaba-Mas X-09 and CD-X09 are the only two combination locks regardless of type that I am aware of meeting the specification.

The main DOD lock program page may have some other information you might find of use. It is here:

I assumed they would use some form of crypto, for security on the electronic parts of the key.

This is what I get for reading too fast, I thought you were talking about safe locks.

Are you talking about a swipe card based system or a keypad system?

Or smartcard, or Dallas chip, or other forms of token? Or fingerprint or other forms of biometric? Or...

"Electronic locks" covers a lot of ground.

hardware, non-biometric.

Yes with regard to an electronic lock which is simply keypad operated as many are I'm not really sure what the purpose of encryption would be. Now if we are talking about encrypting the information on a mag stripe that makes more sense.

Well one good reason to forget about the retinal scan is that down-sized employees absolutely refuse to turn in their retinas when they are discharged.

Not much of a problem when their downsizing employer deactivates them from the system before they are done cleaning out their desks.

Never watched "Judge Dread"? (yuck)

The nice thing about biometric systems is that they can be quickly reprogrammed if the employees refuse to turn in their retinas. Many of the commercial systems are networked to allow immediate updates when an employee is discharged.

Don't forget, a good biometric system will also require a token of some sort that CAN be confiscated. That can be a swipe card, key, transponder, etc. Those are systems where the retinal scan acts as much like a PIN.

Daniel