Projects per year
Abstract
AUT64 is a 64-bit automotive block cipher with a 120-bit secret key used in a number of security sensitive applications such as vehicle immobilisation and remote keyless entry systems. In this paper, we present for the first time full details of AUT64 including a complete specification and analysis of the block cipher, the associated authentication protocol, and its implementation in a widely-used vehicle immobiliser system that we have reverse engineered. Secondly, we reveal a number of cryptographic weaknesses in the block cipher design. Finally, we study the concrete use of AUT64 in a real immobiliser system, and pinpoint severe weaknesses in the key diversification scheme employed by the vehicle manufacturer. We present two key-recovery attacks based on the cryptographic weaknesses that, combined with the implementation flaws, break both the 8 and 24 round configurations of AUT64. Our attack on eight rounds requires only 512 plaintext-ciphertext pairs and, in the worst case, just 237.3 offline encryptions. In most cases, the attack can be executed within milliseconds on a standard laptop. Our attack on 24 rounds requires 2 plaintext-ciphertext pairs and 248.3 encryptions to recover the 120-bit secret key in the worst case. We have strong indications that a large part of the key is kept constant across vehicles, which would enable an attack using a single communication with the transponder and negligible offline computation.
Original language | English |
---|---|
Pages (from-to) | 46-69 |
Number of pages | 24 |
Journal | IACR Transactions on Cryptographic Hardware and Embedded Systems |
Volume | 2018 |
Issue number | 2 |
DOIs | |
Publication status | Published - 8 May 2018 |
Event | Conference on Cryptographic Hardware and Embedded Systems 2018 - Amsterdam, Netherlands Duration: 9 Sept 2018 → 12 Sept 2018 |
Keywords
- Automotive security
- Hardware and software reverse engineering
Fingerprint
Dive into the research topics of 'Dismantling the AUT64 Automotive Cipher'. Together they form a unique fingerprint.Projects
- 1 Finished
-
Academic Centre of Excellence in Cyber Security Research - University of Birmingham
Engineering & Physical Science Research Council
1/07/17 → 30/06/23
Project: Research Councils