[kj4ips]

Tons of the rolling key systems on the market are based on KeyLoq, and keyloq is a fairly well designed system with a big lynch pin.

It has something called a 'manufacturer key', which needs to be available to any device that allows field pairing of remotes. If that manufacturer key is known, it only takes two samples from an authenticator to determine the sequence key.

Absent the manufacturer key, jamming+replay attacks work, but brute forcing a sequence key is generally prohibitively costly.

However, since any receiver that supports field programming needs the magic "manufacturer key", one could purchase such a unit, and may be able to extract said key.

[userbinator]

They could've designed a system that doesn't require a fixed secret master key, but instead generates a unique random key for each receiver and requires a physical connection between the fob and the receiver (located inside the locked part of the car) to pair them. Of course such a generic system would be against manufacturer's interests in controlling the repair and aftermarket industry.

[phire]

You don't even need a physical connection.

As long as you have two-way wireless communication (which any keyless entry/start system does), then you can simply do a Diffie-Hellman key exchange during the pairing process.

Diffie-Hellman is designed for exactly this usecase, allowing two parties to derive a shared secret key over a public channel without exposing it.

[tux1968]

That allows the conversation to proceed in secret from listeners, but it provides no authentication to ensure that only legitimate parties are involved. The reason for physical contact is to "prove" that you are legitimately in control of the vehicle, not a random passerby.

[kube-system]

Physical possession isn't enough to prove someone is legitimately in control of the vehicle, though. If a physical connection under the dash will hand out the key, you can bust the window, and get the key.

Part of the utility of the baked-in manufacturer key is that it is unable to be extracted by thieves.

[userbinator]

Clearly it isn't "unable to be extracted" as the other comments here have remarked.

Having to break into the vehicle already raises the bar significantly and makes the security equivalent to a physical lock.

[wat10000]

It works well enough to just require some action to be taken on both ends. Push a button on the opener (or an already-paired remote), then pair the remote while the opener is in the pairing state. It’s possible for a passerby to intercept, but they’d have to have very good timing.

[tux1968]

Pressing a button on the opener is physical contact. That's the entire idea that the OP was trying to relay, that you need some physical way to prove that you're eligible to pair. Not that the key itself had to be hard-wired for the process to proceed.

[exe34]

> requires a physical connection between the fob and the receiver (located inside the locked part of the car) to

that sounds pretty clear to me that the connection isn't the human holding both buttons here.

[phire]

I'm not sure you should be that concerned about man-in-the-middle attacks.

If someone does successfully MITM while walking by the key is going to stop working as soon as they are out of range, and you will notice.

I'm just wanting a system that could be implemented with the hardware that's already there. I guess you could use the RFID chip that most keyless start cars already have as a secondary channel. Still Not 100% secure, but the MITM device would need to be physically in your car to intercept the pairing request, and at that point you have bigger problems.

[tux1968]

Sorry, I didn't mean to make it sound like the problem was MITM. The issue is initiating a pairing request, you can't allow just any key to request it, that allows bad actors to pair a key with your car.

While I worry that it's not really secure enough, the OP was suggesting that physical contact is a way to "prove" that you are indeed eligible to pair, by excluding everyone who lacks physical contact.

[phire]

Modern cars already have a complex sequence to enter pairing mode.

You need to press buttons inside the car, buttons on the currently paired key (to prove possession of that) and buttons on the key you want to pair with.

So a passer by would have to press a button on their fob at just the right moment. Then when you go to test your new key fob, it wouldn't work, so you would pair again until it was your key that was paired.

[exe34]

you can press a button in the car, you don't need a cable.

[jandrese]

In theory, but since this attack has to happen at the time of pairing and leaves evidence--the key you are trying to pair doesn't work afterward--I don't think this is a realistic concern.

[amy_petrik]

>In theory, but since this attack has to happen at the time of pairing and leaves evidence--the key you are trying to pair doesn't work afterward-

You're assuming the goal is to discretely enter the vehicle and leave no trace. If we consider the Kia challenge [https://en.wikipedia.org/wiki/Kia_Challenge] then the goal is to take possession of the vehicle in an immediate and opportunistic fashion. If the possession fails and the key FOB now stops working, whatever, not the thiefs care. If the possession works, now there's a sweet car to abuse. Or, in the case of a crime syndicate, a sweet car to take to the chop shop.

This type of attack is not to mention a simple relay attack. If radio waves of a home (say near the front door, where the keys are stored) are relayed to another location (the car, 30 feet away), then the exact crypto and protocol is irrelevant, the car "sees" the real life actual FOB as nearby. That's another attack used in the wild.

[aDyslecticCrow]

I think you're overcomplicating it. The primary purpose of field programming is manufacturing logistics. Produce a billion identical devices with identical firmware, and then pair the key once to the car.

So it just needs to block rewrites, and the risk of any security barrier breach is negligible since it's done in factory.

[tenacious_tuna]

> The primary purpose of field programming is manufacturing logistics

Or if I lose my car key

[numpad0]

I think this is technically correct but a bit confusing, since "pairing" processes usually require user actions at both ends. A keyhole that reprograms to any key from the outside makes little sense.

[conradev]

A PAKE scheme with a passcode communicated out of band during pairing feels more appropriate to make sure no one is snooping.

A one-time out of band authentication (usually some form of trusted physical interaction) is key if you don’t want to trust intermediaries.

[theamk]

Given how bad the "single master key" idea is, even simple update like "transmit secret key in the open, but with reduced power, during paring mode", would be a great improvement.

It'd instantly mean there is 0% chance of someone figuring the key based on day-to-day operation.

[garaetjjte]

>If that manufacturer key is known, it only takes two samples from an authenticator to determine the sequence key.

Not if seed with appropriate length is used. Though I don't know how common that is, back in 2008 authors noted that "We would like to mention that none of the real-world KeeLoq systems we analyzed used any seed" (https://www.iacr.org/archive/crypto2008/51570204/51570204.pd..., section 4.3)

[nroets]

Correct. While the original KeeLog cipher is most likely no longer secure, Microchip moved on to AES.

KeeLoq is also used for garage door openers.

Some KeeLoq receivers have a "learning mode" where it adds the next KeeLoq transmitter it hears provided it uses the same manufacturer key.

Learn mode is activated either with a button often on the PCB or with a "master" transmitter.

https://en.wikipedia.org/wiki/KeeLoq