SECURITY ANALYSIS OF VARIOUS HASH ALGORITHMS FOR AUTHENTICATION UNDER HARDWARE CONSTRAINED ENVIRONMENT

Protecting passwords is now a big challenge because users want to do all types of work online via user-friendly devices such as mobile, tablets etc. Now, It is difficult to implement the secure heavy weight algorithms such as AES, RSA etc. in hardware constrained devices. It has been observed that users want all types of security services in an online public environment. Authentication is the first and foremost step to enhance security. Various applications are available for real time authentications such as keyless car entry and opening home-doors through security algorithms under remote keyless entry System (RKES). Now, it is the demand of the time to implement the lightweight security algorithms without compromising the security. In order to fulfill this challenge, this paper proposed a strong model for enhancing authentication security. In this work, strong authentication techniques are implemented with the light weight algorithms. This model received good comparison results.

Fast, Furious and Insecure: Passive Keyless Entry and Start Systems in Modern Supercars

The security of immobiliser and Remote Keyless Entry systems has been extensively studied over many years. Passive Keyless Entry and Start systems, which are currently deployed in luxury vehicles, have not received much attention besides relay attacks. In this work we fully reverse engineer a Passive Keyless Entry and Start system and perform a thorough analysis of its security.Our research reveals several security weaknesses. Specifically, we document the use of an inadequate proprietary cipher using 40-bit keys, the lack of mutual authentication in the challenge-response protocol, no firmware readout protection features enabled and the absence of security partitioning.In order to validate our findings, we implement a full proof of concept attack allowing us to clone a Tesla Model S key fob in a matter of seconds with low cost commercial off the shelf equipment. Our findings most likely apply to other manufacturers of luxury vehicles including McLaren, Karma and Triumph motorcycles as they all use the same system developed by Pektron.

Dismantling the AUT64 Automotive Cipher

AUT64 is a 64-bit automotive block cipher with a 120-bit secret key used in a number of security sensitive applications such as vehicle immobilization and remote keyless entry systems. In this paper, we present for the first time full details of AUT64 including a complete specification and analysis of the block cipher, the associated authentication protocol, and its implementation in a widely-used vehicle immobiliser system that we have reverse engineered. Secondly, we reveal a number of cryptographic weaknesses in the block cipher design. Finally, we study the concrete use of AUT64 in a real immobiliser system, and pinpoint severe weaknesses in the key diversification scheme employed by the vehicle manufacturer. We present two key-recovery attacks based on the cryptographic weaknesses that, combined with the implementation flaws, break both the 8 and 24 round configurations of AUT64. Our attack on eight rounds requires only 512 plaintext-ciphertext pairs and, in the worst case, just 237.3 offline encryptions. In most cases, the attack can be executed within milliseconds on a standard laptop. Our attack on 24 rounds requires 2 plaintext-ciphertext pairs and 248.3 encryptions to recover the 120-bit secret key in the worst case. We have strong indications that a large part of the key is kept constant across vehicles, which would enable an attack using a single communication with the transponder and negligible offline computation.