Re: AES MAC security question

From: Mike Amling (nospam_at_nospam.com)
Date: 07/04/05

  • Next message: Rein Anders Apeland: "Re: AES MAC security question" 
    Date: Sun, 03 Jul 2005 22:20:26 GMT

    Rein Anders Apeland wrote:
    > Hi all.
    >
    > I am working on a remote keyless entry system, e.g. for
    > use with car immobilizers. The car owner carries a
    > key-sized RF transmitter, a fob, and the car has the
    > receiver. The RF packet has the following fields:
    >
    > - Unique transmitter ID
    > - Sequence counter
    > - Command
    > - MAC
    >
    > The transmitter IDs are unique from the car manufacturer.
    > The sequence counter is incremented with every message transmitter,
    > so that the car reject repeated commands. The command itself
    > could be 'lock', 'unlock', 'panic' and so on. Not important.
    >
    > I am planning on using AES for generating the MAC, since for other
    > reasons the transmitter software already implements AES for other
    > puproses, and I cannot affort an increase in code size for adding
    > e.g. a secure hash algorithm for use as a MAC.
    >
    > Since the RF packet is so small that it fits inside one AES block,
    > I am thinking of padding the packet to full 128 bits, encrypt it
    > and then truncate the result to e.g. 32 bits and use that as a MAC.
    > Bacause of the low bandwidth of the system, I believe truncating is
    > ok in this case.

       What protects against a man-in-the-middle attack?

    > My questions are:
    >
    > - Is this a good solution, given that I would like to use AES ?
    >
    > - Since very few bits change from message to message,
    > would this solution leak too much information on the
    > encryption key if an attacker snaps several RF packets?
    >
    > - Alternatives?
    >
    > I also thought of extending each of the three fields by padding or
    > repeating to 128 bits and use AES-CBC-MAC, but I don't know if that
    > helps at all.
    >
    > And finally, if you want to know, all fobs have different encryption
    > keys, and the receiver/car has a list of ID/key pairs of accepted fobs.

      Is your method of adding a new remote-keyless-entry-key for a
    receiver/car better than the current method for getting a conventional
    remote to work on a particular car?

    --Mike Amling

  • Next message: Rein Anders Apeland: "Re: AES MAC security question"

    Relevant Pages

    • Re: AES MAC security question
      ... > Since the RF packet is so small that it fits inside one AES block, ... Listen out for the Transmitter ID when the car is parked. ... unique and random set of key Variables it should not cost ...
      (sci.crypt)
    • Re: [fw-wiz] Firewalls that generate new packets..
      ... Here's the lame analogy I use to explain it to management. ... I leave my packet (car) at the airport. ... Some firewalls, after receiving a packet, generate a new ...
      (Firewall-Wizards)
    • Re: another day, another way to more oil
      ... a car with a diesel engine, a stainless steel tank, a ... packet of this modified yeast as a starter... ...
      (rec.autos.driving)
    • Re: Sovietologist to the Bridge, bitte
      ... I can confirm that leaving a packet of caramel digestives in the car for a week is a bad idea as they fuse into a solid cylinderical lump, which is an abstartd to separate again without making mucho crumbs. ...
      (uk.rec.sheds)
    • Re: remote entry -key fob programming
      ... It's not the fob that's programmed. ... If I took the fob of car no. 1 and followed the ... The RKE system and transmitter use a rolling code method for transmitting ... initial sequence code at the time of transmitter programming. ...
      (rec.autos.makers.chrysler)
    • Quantcast