Electronic door locks are commonly used at hotels, exhibitions or public facilities. A basic prerequisite for a working functionality is the connection from the lock to a network. But not every environment can provide such a prerequisite. Therefore an offline-operational solution for an electronic lock is required.
Electronic Offline Lock Setup
To ensure the security of the concept electronic offline lock, we will assume that the internal memory is only accessible through the, in the project used protocol. An assurance against hardware manipulation is not possible through this project.
To gain access rights for maintenance work an admin identity needs to be transmitted to the smart card. The Id will be transferred and ensured through a passphrase.
Plaintext: meister1
Hex: 6d 65 69 73 74 65 72 31 (6d65697374657231)
- Complete encryption of command and response APDU to protect against APDU sniffing
- Attack scenarios: see https://www.blackhat.com/presentations/bh-usa-08/Buetler/BH_US_08_Buetler_SmartCard_APDU_Analysis_V1_0_2.pdf
- Communication between wrapper and smart card will be encrypted
- Nonce generation against replay attacks. For every request a new random nonce will be generated
- Result: continuous changing of the encrypted message even if the message is not altered
- Command nonce / response nonce size is 2 bytes (for readability in the project) and randomly generated
-
DES symmetric, CBC, NO PAD, 64 Bit Data Length
-
Init Vector 00 00 00 00 00 00 00 00
-
Off card: gets symmetric key from wrapper during runtime (stored in memory not in source code)
-
On card: gets symmetric key during production
- For simplification purposes key is declared as a constant (in real life key is stored in smart card ROM)
- Plaintext: sosecure
- Hex: 73 6f 73 65 63 75 72 65 (736f736563757265)
- Generate response nonce
- Request encrypted command nonce from smart card (smart card stores nonce for the coming request)
- Encrypt --> [Command Nonce][Response Nonce][Command APDU]
- Transmit encrypted byte array
- Receives encrypted byte array
- Decrypt --> [Command Nonce][Response Nonce][Command APDU]
- Compare received command nonce with stored one
- If equal than process request else throw an error
- Dump old command nonce
- When command APDU is processed encrypt byte array [Response Nonce][Response APDU]
- Transmit encrypted byte array
- Receive encrypted response byte array
- Decrypt response byte array --> [Response Nonce][Response APDU]
- Compare received response nonce with stored one
- If equal than process response APDU else throw an error
- Dump old Response Nonce
This is a study project, so please don't expect to much comfort.