Week of Feb. 5, 2005; Vol. 167, No. 6 , p. 86

Outsmarting the Electronic Gatekeeper: Code breakers beat security scheme of car locks, gas pumps

Peter Weiss

A team of computer scientists has unraveled the codes of tiny radio devices that protect cars from theft and prevent fraudulent gasoline purchases.

The exercise in reverse engineering by researchers at Johns Hopkins University in Baltimore and RSA Laboratories in Bedford, Mass., shows that "an attacker with modest resources—just a few hundred dollars" of off-the-shelf equipment—can crack the codes of millions of car keys and the stubby wands that trigger the pumps at ExxonMobil gas stations, the team reports in a draft article posted Jan. 28 on the Internet (http://www.rfid-analysis.org/).

"There is a practical risk here," says team member Ari Juels of RSA, the company that created an encryption technique used throughout the Internet.

The team has withheld from its article critical code-breaking details that could abet would-be hackers. The makers of products that rely on the security technology say that without those key specifics, criminals are unlikely to achieve what the Johns Hopkins-RSA team has.

"If you look at the kind of equipment and time needed by the researchers to break this, it's not what would normally be considered an attractive theft opportunity," claims J. Donald Turk of ExxonMobil in Fairfax, Va.

In any case, Juels says, the new study uncovers a preventable weakness in wireless security technologies, which are becoming more prevalent. "It's very important to ensure that we get security right in wireless devices from the very start," he says.

Led by Juels and Aviel D. Rubin of Johns Hopkins, the code crackers directed their attack specifically against a type of miniature radio transmitter-receiver, or transponder, made by Texas Instruments of Dallas. Inside the head of an ignition key, the transponder must convince the vehicle's computer that it has the correct 40-bit code before fuel will flow to the engine. The transponders allow ExxonMobil customers to buy gas by merely waving the wands in front of the pumps on the company's Speedpass system.

A typical cryptographic system contains two parts: a secret number, or key, and a procedure, or cipher, for validating the key without unveiling it. The rule among cryptographers, Juels says, is to use a big key—128 bits or more. That way, not even someone with access to the most powerful computers could test every possible key.

By using only 40 bits and relying on the cleverness of their cipher, the transponder designers went wrong, says Rubin. After breaking the cipher, which was a major challenge met by trial-and-error methods and cryptographic expertise, "we just tried all possible keys," he says.

"This is a warning that you can't take shortcuts on the design of these systems," comments Internet-security specialist Steven M. Bellovin of Columbia University.



Bono, S. . . . A. Juels, A. Rubin, et al. In press. Security analysis of a cryptographically-enabled RFID device. Preprint available at http://rfid-analysis.org/DSTbreak.pdf.

Further Readings:

2005. RFID chips in car keys and gas pump pay tags carry security risks. Johns Hopkins University news release. Jan. 29. Available at http://www.jhu.edu/news_info/news/home05/jan05/rfid.html.

For further information about the analysis, go to http://www.rfid-analysis.org/.


Steven M. Bellovin
Computer Science
454 CS Building
Mail Code 0401
Columbia University
1214 Amsterdam Avenue
New York, NY 10027

Ari Juels
Applied Research
RSA Laboratories
174 Middlesex Turnpike
Bedford, MA 01730

Aviel D. Rubin
Johns Hopkins University
3100 Wyman Park Drive
Wyman Park Building, 4th Floor
Baltimore, MD 21211

J. Donald Turk
ExxonMobil Public Affairs
Exxon-Mobil Corporation
3225 Gallows Road
Fairfax, VA 22031


From Science NewsVol. 167, No. 6, Feb. 5, 2005, p. 86.



Do you like this website? Tell your friends about it!