Rolling code

"hopping code" redirects here. For other uses, see frequency-hopping spread spectrum.

A rolling code (or sometimes called a hopping code) is used in keyless entry systems to prevent replay attacks, where an eavesdropper records the transmission and replays it at a later time to cause the receiver to 'unlock'. Such systems are typical in garage door openers and keyless car entry systems.

Techniques

Application in RF remote control

A rolling code transmitter is useful in a security system for providing secure encrypted radio frequency (RF) transmission comprising an interleaved trinary bit fixed code and rolling code. A receiver demodulates the encrypted RF transmission and recovers the fixed code and rolling code. Upon comparison of the fixed and rolling codes with stored codes and determining that the signal has emanated from an authorized transmitter, a signal is generated to actuate an electric motor to open or close a movable component.

Rolling code vs. fixed code RF remote control

Remote controls send signals in code. When the sending code is the same as the code which is expected by the receiver, then the receiver will actuate the relay, unlock the door, or open the barrier. Remote controls with a fixed code always send the same fixed code. Remote controls with a rolling code (or hopping code) always send out a different code from the one previously sent.

KeeLoq

HCS301 chip from an Audi A6 keyless entry remote, which uses a rolling code system
Main article: KeeLoq

The Microchip HCS301 was once the most widely used system on garage and gate remote control and receivers. The chip uses the KeeLoq algorithm. The HCS301 KeeLoq system transmits 66 data bits.

Vulnerabilities

A rolling code transmitted by radio signal that can be intercepted can be vulnerable to falsification. In 2015, it was reported that Samy Kamkar had built an inexpensive electronic device about the size of a wallet that could be concealed on or near a locked vehicle to capture a single keyless entry code to be used at a later time to unlock the vehicle. The device transmits a jamming signal to block the vehicle's reception of rolling code signals from the owner's fob, while recording these signals from both of his two attempts needed to unlock the vehicle. The recorded first code is forwarded to the vehicle only when the owner makes the second attempt, while the recorded second code is retained for future use. Kamkar stated that this vulnerability had been widely known for years to be present in many vehicle types, but was previously undemonstrated.[2] A demonstration was done during DEF CON 23.[3]

References

  1. Microchip (2001), HC301 KeeLoq Code Hopping Encoder (PDF), Microchip Technology Inc., DS21143B
  2. Thompson, Cadie (2015-08-06). "A hacker made a $30 gadget that can unlock many cars that have keyless entry". Tech Insider. Retrieved 2015-08-11.
  3. Kamkar, Samy (2015-08-07). "Drive It Like You Hacked It: New Attacks and Tools to Wirelessly Steal Cars". DEF CON 23. Retrieved 2015-08-11.

External links

This article is issued from Wikipedia - version of the Friday, August 21, 2015. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.