![Page 1: Fast, Furious and Insecure - CHES · 2018-09-18 · Fast, Furious and Insecure Lennert Wouters, Eduard Marin, Tomer Ashur, Benedikt Gierlichs and Bart Preneel Lennert Wouters, Eduard](https://reader033.vdocuments.us/reader033/viewer/2022060322/5f0d63a47e708231d43a1c71/html5/thumbnails/1.jpg)
Fast, Furious and Insecure
Lennert Wouters, Eduard Marin, TomerAshur, Benedikt Gierlichs and Bart Preneel
Lennert Wouters, Eduard Marin, TomerAshur, Benedikt Gierlichs and Bart Preneel COSIC
an imec research group at KU Leuven
![Page 2: Fast, Furious and Insecure - CHES · 2018-09-18 · Fast, Furious and Insecure Lennert Wouters, Eduard Marin, Tomer Ashur, Benedikt Gierlichs and Bart Preneel Lennert Wouters, Eduard](https://reader033.vdocuments.us/reader033/viewer/2022060322/5f0d63a47e708231d43a1c71/html5/thumbnails/2.jpg)
2
The Tesla Model S key fobTI TMS37F128
MSP430
(MCU)
TMS37126
(transponder)
X-ray picture
No firmware readout
protection
SPI
COSIC
an imec research group at
![Page 3: Fast, Furious and Insecure - CHES · 2018-09-18 · Fast, Furious and Insecure Lennert Wouters, Eduard Marin, Tomer Ashur, Benedikt Gierlichs and Bart Preneel Lennert Wouters, Eduard](https://reader033.vdocuments.us/reader033/viewer/2022060322/5f0d63a47e708231d43a1c71/html5/thumbnails/3.jpg)
• 40-bit key DST40 cipher [1]
• 40-bit challenge and 24-bit response
3
Findings
[1] Steve Bono, Matthew Green, Adam Stubblefield, Ari Juels, Aviel D. Rubin and Michael Szydlo
In Proceedings of the USENIX Security Symposium (2005), vol. 31, pp. 1–16.
COSIC
an imec research group at
![Page 4: Fast, Furious and Insecure - CHES · 2018-09-18 · Fast, Furious and Insecure Lennert Wouters, Eduard Marin, Tomer Ashur, Benedikt Gierlichs and Bart Preneel Lennert Wouters, Eduard](https://reader033.vdocuments.us/reader033/viewer/2022060322/5f0d63a47e708231d43a1c71/html5/thumbnails/4.jpg)
• 40-bit key DST40 cipher [1]
• 40-bit challenge and 24-bit response
• No mutual authentication
3
Findings
[1] Steve Bono, Matthew Green, Adam Stubblefield, Ari Juels, Aviel D. Rubin and Michael Szydlo
In Proceedings of the USENIX Security Symposium (2005), vol. 31, pp. 1–16.
COSIC
an imec research group at
![Page 5: Fast, Furious and Insecure - CHES · 2018-09-18 · Fast, Furious and Insecure Lennert Wouters, Eduard Marin, Tomer Ashur, Benedikt Gierlichs and Bart Preneel Lennert Wouters, Eduard](https://reader033.vdocuments.us/reader033/viewer/2022060322/5f0d63a47e708231d43a1c71/html5/thumbnails/5.jpg)
• 40-bit key DST40 cipher [1]
• 40-bit challenge and 24-bit response
• No mutual authentication
• Time-Memory Trade-Off Table
• Key recovery in ~2s on a Raspberry Pi
3
Findings
[1] Steve Bono, Matthew Green, Adam Stubblefield, Ari Juels, Aviel D. Rubin and Michael Szydlo
In Proceedings of the USENIX Security Symposium (2005), vol. 31, pp. 1–16.
COSIC
an imec research group at
![Page 6: Fast, Furious and Insecure - CHES · 2018-09-18 · Fast, Furious and Insecure Lennert Wouters, Eduard Marin, Tomer Ashur, Benedikt Gierlichs and Bart Preneel Lennert Wouters, Eduard](https://reader033.vdocuments.us/reader033/viewer/2022060322/5f0d63a47e708231d43a1c71/html5/thumbnails/6.jpg)
4
Proof of Concept attack
COSIC
an imec research group at
![Page 7: Fast, Furious and Insecure - CHES · 2018-09-18 · Fast, Furious and Insecure Lennert Wouters, Eduard Marin, Tomer Ashur, Benedikt Gierlichs and Bart Preneel Lennert Wouters, Eduard](https://reader033.vdocuments.us/reader033/viewer/2022060322/5f0d63a47e708231d43a1c71/html5/thumbnails/7.jpg)
5
COSIC
an imec research group at
![Page 8: Fast, Furious and Insecure - CHES · 2018-09-18 · Fast, Furious and Insecure Lennert Wouters, Eduard Marin, Tomer Ashur, Benedikt Gierlichs and Bart Preneel Lennert Wouters, Eduard](https://reader033.vdocuments.us/reader033/viewer/2022060322/5f0d63a47e708231d43a1c71/html5/thumbnails/8.jpg)
5
COSIC
an imec research group at
![Page 9: Fast, Furious and Insecure - CHES · 2018-09-18 · Fast, Furious and Insecure Lennert Wouters, Eduard Marin, Tomer Ashur, Benedikt Gierlichs and Bart Preneel Lennert Wouters, Eduard](https://reader033.vdocuments.us/reader033/viewer/2022060322/5f0d63a47e708231d43a1c71/html5/thumbnails/9.jpg)
5
COSIC
an imec research group at
![Page 10: Fast, Furious and Insecure - CHES · 2018-09-18 · Fast, Furious and Insecure Lennert Wouters, Eduard Marin, Tomer Ashur, Benedikt Gierlichs and Bart Preneel Lennert Wouters, Eduard](https://reader033.vdocuments.us/reader033/viewer/2022060322/5f0d63a47e708231d43a1c71/html5/thumbnails/10.jpg)
• First notified Tesla on 31/08/2017
6
Responsible disclosure
COSIC
an imec research group at
![Page 11: Fast, Furious and Insecure - CHES · 2018-09-18 · Fast, Furious and Insecure Lennert Wouters, Eduard Marin, Tomer Ashur, Benedikt Gierlichs and Bart Preneel Lennert Wouters, Eduard](https://reader033.vdocuments.us/reader033/viewer/2022060322/5f0d63a47e708231d43a1c71/html5/thumbnails/11.jpg)
• First notified Tesla on 31/08/2017
• Tesla vehicles produced from June onwards use a new key fob
6
Responsible disclosure
COSIC
an imec research group at
![Page 12: Fast, Furious and Insecure - CHES · 2018-09-18 · Fast, Furious and Insecure Lennert Wouters, Eduard Marin, Tomer Ashur, Benedikt Gierlichs and Bart Preneel Lennert Wouters, Eduard](https://reader033.vdocuments.us/reader033/viewer/2022060322/5f0d63a47e708231d43a1c71/html5/thumbnails/12.jpg)
• First notified Tesla on 31/08/2017
• Tesla vehicles produced from June onwards use a new key fob
• OTA update includes a Pin to Drive feature and the ability to disable PKE
6
Responsible disclosure
COSIC
an imec research group at
![Page 13: Fast, Furious and Insecure - CHES · 2018-09-18 · Fast, Furious and Insecure Lennert Wouters, Eduard Marin, Tomer Ashur, Benedikt Gierlichs and Bart Preneel Lennert Wouters, Eduard](https://reader033.vdocuments.us/reader033/viewer/2022060322/5f0d63a47e708231d43a1c71/html5/thumbnails/13.jpg)
• First notified Tesla on 31/08/2017
• Tesla vehicles produced from June onwards use a new key fob
• OTA update includes a Pin to Drive feature and the ability to disable PKE
6
Responsible disclosure
COSIC
an imec research group at
![Page 14: Fast, Furious and Insecure - CHES · 2018-09-18 · Fast, Furious and Insecure Lennert Wouters, Eduard Marin, Tomer Ashur, Benedikt Gierlichs and Bart Preneel Lennert Wouters, Eduard](https://reader033.vdocuments.us/reader033/viewer/2022060322/5f0d63a47e708231d43a1c71/html5/thumbnails/14.jpg)
7
More information
• esat.kuleuven.be/cosic/cosic-cryptography-blog/
• Poster sessions
• @CosicBe or @LennertWo
• WIRED article
• Live demo?!
COSIC
an imec research group at
![Page 15: Fast, Furious and Insecure - CHES · 2018-09-18 · Fast, Furious and Insecure Lennert Wouters, Eduard Marin, Tomer Ashur, Benedikt Gierlichs and Bart Preneel Lennert Wouters, Eduard](https://reader033.vdocuments.us/reader033/viewer/2022060322/5f0d63a47e708231d43a1c71/html5/thumbnails/15.jpg)
COSIC \n an imec research group at KU Leuven8