Dismantling DST80-based Immobiliser Systems

Authors

  • Lennert Wouters imec-COSIC, KU Leuven Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium
  • Jan Van den Herrewegen School of Computer Science, University of Birmingham, UK
  • Flavio D. Garcia School of Computer Science, University of Birmingham, UK
  • David Oswald School of Computer Science, University of Birmingham, UK
  • Benedikt Gierlichs imec-COSIC, KU Leuven Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium
  • Bart Preneel imec-COSIC, KU Leuven Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium

DOI:

https://doi.org/10.13154/tches.v2020.i2.99-127

Keywords:

Vehicle immobilisers, Digital Signature Transponder, DST80, key diversification, side-channel attacks

Abstract

Car manufacturers deploy vehicle immobiliser systems in order to prevent car theft. However, in many cases the underlying cryptographic primitives used to authenticate a transponder are proprietary in nature and thus not open to public scrutiny. In this paper we publish the proprietary Texas Instruments DST80 cipher used in immobilisers of several manufacturers. Additionally, we expose serious flaws in immobiliser systems of major car manufacturers such as Toyota, Kia, Hyundai and Tesla. Specifically, by voltage glitching the firmware protection mechanisms of the microcontroller, we extracted the firmware from several immobiliser ECUs and reverse engineered the key diversification schemes employed within. We discovered that Kia and Hyundai immobiliser keys have only three bytes of entropy and that Toyota only relies on publicly readable information such as the transponder serial number and three constants to generate cryptographic keys. Furthermore, we present several practical attacks which can lead to recovering the full 80-bit cryptographic key in a matter of seconds or permanently disabling the transponder. Finally, even without key management or configuration issues, we demonstrate how an attacker can recover the cryptographic key using a profiled side-channel attack. We target the key loading procedure and investigate the practical applicability in the context of portability. Our work once again highlights the issues automotive vendors face in implementing cryptography securely.

Downloads

Published

2020-03-02

Issue

Section

Articles

How to Cite

Dismantling DST80-based Immobiliser Systems. (2020). IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020(2), 99-127. https://doi.org/10.13154/tches.v2020.i2.99-127