New Kind of Door Lock

There's a new kind of door lock from the Israeli company E-Lock. It responds to sound. Instead of carrying a key, you carry a small device that makes a series of quick knocking sounds. Just touching it to the door causes the door to open; there's no keyhole. The device, called a "KnocKey," has a keypad and can be programmed to require a PIN before operation -- for even greater security.

Clever idea, but there's the usual security hyperbole:

Since there is no keyhole or contact point on the door, this unique mechanism offers a significantly higher level of security than existing technology.

More accurate would be to say that the security vulnerabilities are different than existing technology. We know a lot about the vulnerabilities of conventional locks, but we know very little about the security of this system. But don't confuse this lack of knowledge with increased security.

Posted on March 22, 2006 at 5:15 AM • 48 Comments

Comments

JuergenMarch 22, 2006 5:51 AM

What they are saying is that instead of the small vulnerable keyhole, now the WHOLE DOOR is the vulnerable spot... you'll have to check your door for hidden microphones before using the "KnocKey" every time. Of course, tape recorders will have to be outlawed as they are now burglary tools ;-)

AnselmMarch 22, 2006 6:05 AM

This will presumably keep whatever is behind the door safe from everybody except Mossad agents.

LeeMarch 22, 2006 6:19 AM

@Juergen

I agree, it could be alot easier to capture the "knockey" (i dont know if they have anything to mitigate this) as opposed to someone having to actually steal or copy a physical key. Plus you have to consider how secure the small device is too. Give me a good old key any day :-)

StefanMarch 22, 2006 6:23 AM

From their site: "Both the locks and the ‘KnocKeys’ are powered by long lasting Lithium Batteries, which are included." .. f

Chris NMarch 22, 2006 6:28 AM

According to the site, the KnocKey is a glorified combination lock that an attacker can crack off-line with a recording. The token in this case doesn't act like a token since "all KnocKeys are the same." All an attacker has to do is figure out the combination of numeric-only characters. The site says that recording and playing back the knocks won't work for authentication. It sounds like it uses a type of CHAP. While a recording of the handshake won't authenticate, it could probably be used to determine the combination.

Chris HennesMarch 22, 2006 7:05 AM

@ Sandeep

It would be like port knocking if the door were invisible until you knocked at it, then the keyhole appeared. Which, admittedly, would be pretty cool. Let me know when they get *that* working...

Clive RobinsonMarch 22, 2006 7:21 AM

Question, if it relies on "Knocking" sounds, what's the likley hood of the postman (or anybody else) getting in purely by chance just by doing a n enthusiastic "Rata-tat-tat" type knock on the door...

The whole idea sounds daft, most "battery" electronic looks can be opened by a big magnet, unless the design takes it into acount, and I don't know of many that do. Basically the lock has a low powered solonoid that has a couple of bits of soft iron in it, when activated it pulls a cam or other item into alignment so that the mechanical force of the person turning the door handle is transmitted to the bolt. Other locks use a motor drive however these likewise have deficiencies and can be fairly easily bypassed.

Underwriters Laboratories (UL) have known about these problems for at least a quater of a century (to my knowledge) and probbably a lot longer, but you don't see much about it, in either the trade press or on the internet (which is surprising).

If you want to see safe front door locks, not your "pussy 5 lever mortice" go to Portugal or Italy where they have between six and 12 bolts around the whole door which are opened from a central hub. The hub contains a lock with between twenty and thirty levers. The door bolts slide into a large solid frame which is very securly fixed to the building, often the doors contain one or more layers of cutting resistant materials. Doors and locks of this type are not considered (over there) to be abnormal in any way...

DuncanMarch 22, 2006 7:23 AM

"The device can either be carried by hand or be attached to the door externally (but is not connected directly to the lock mechanism in any way)"

In the earlier case, surely it makes it just as vulnerable to steal as say, a mobile phone or an iPod.

In the latter case, wouldn't it be easier to remove the KnocKey from the door since it is no longer part of the door and just merely attached to it (and thus able to analyse it independently and increase the chances of breaking the encryption), compared to say, an ordinary conventional Yale lock?

aikimarkMarch 22, 2006 7:25 AM

According to their verbiage:
"The ‘Knock Code’ is encrypted and has billions of combinations. The lock will not open if the code is recorded and played back."

You can record the keypad combination or look at the keypad with through a heat-sensitive lens and determine which keys were pressed. As long as all keys are usable, this is a weakness.

I would think that a contact dongle (disk) would be much simpler. If combined with a touch-screen keypad that shuffled the numbers for each entry, then you might have a better system.

======================
Maxim: A lock is only as strong as the door/frame materials.

If a thief want through a door, they will likely kick it. If they can't get through the door, they will likely take out a window. If stealth is required, theives will go under the house and cut a hole in the floor.

I've thought about some kind of electro-mechanical door jam connected to a locking mechanism such as this would prevent a brute-force kicking of the door. However, you must take care that it will accept some external power source or you might have to cut down the door if the batteries weren't capable of unjamming the door. I guess it's possible to have the door knob mechanism lift the door jam off the floor instead of relying on battery power to lift the jam.

======================
There are mechanical pickproof locks as well as these fancy gadgets. Abloy developed a lock that was immune to frigid conditions in Finland. It doesn't contain any springs that might seize up in winter. After they'd deployed their locks, it became apparent that the design was also pickproof (not part of the design specs).
http://www.abloy.fi/modules/upload/show_file.cfm/9312524%20ABLOY%20CL110.pdf?file_ID=244

http://www.toool.nl/abloy.pdf
http://www.toool.nl/abloypart2.pdf
http://www.toool.nl/abloypart3.pdf
http://www.toool.nl/abloypart4.pdf

winterMarch 22, 2006 7:26 AM

like most devices that require a passcode of some sort, I imagine it is vulnerable to a "brute force" or "dictionary" attack (provided the dictionary contains words like "boot, kick, shoulder, battering ram, garbage can full of water, etc...)

Matt AMarch 22, 2006 7:35 AM

Of course, there's also the fact that if you secure your house, they're just going to break into your neighbor's anyway...

AnonymousMarch 22, 2006 7:40 AM

@Matt A: From a selfish point if view, this would be an entirely acceptable outcome.

And what would be the alternative: Lowering your house's security to the lowest standard found in the neighborhood?

periMarch 22, 2006 7:57 AM

For those who found the two paragraphs of story at the end of the link too much to read I will summarise. The key transmits a dynamic ~32 bit code. You have to enter a code each time you use it and anybody who knows your code can get a factory fresh key and enter your code to open your lock. They advertise that last bit as a feature!

For those who wanted to find more I found a link to what appears to be more information:

http://www.daesanginc.com/eng/product_doorlock.htm

Quotes:

No keyhole or contact points to open the lock, affording MAXIMUM security in a lock that cannot be picked or tampered with.

The ‘Knock Code’ is encrypted and has billions of combinations. The lock will not open if the code is recorded and played back

To open the lock, enter a code on the ‘KnocKey’ and press it to the outside of the door or lock.

All ‘KnocKeys’ are the same. If lost or stolen, simply buy another ‘KnocKey’ and enter your code

AnnieMarch 22, 2006 8:15 AM

So it is a door with a password. It has all the inherent vulnerabilities of password protection (short passkey length, post-it reminders, master passwords, etc) plus some as yet undisclosed vulnerabilities stemming from the knocking technology itself and/or any crypto involved. Is this really more secure than a "normal" lock? Is the cost balanced by such a benefit? I guess those are the more interesting issues.

questionableMarch 22, 2006 8:54 AM

Aren't lithium ion batteries prone to explosion with enough brut force or impact?

ArchangelMarch 22, 2006 9:05 AM

All knockeys are the same, just buy a new one if you lose yours, and enter your code...hmmmm.

So every knockey contains the entire set of knock codes and pins, encoded into itself. This sounds like a job for phone phreakers -- just reverse-engineer one knockey and you can open any knockey lock. Heck, just permutate the lock codes with whatever the acceptable delay is, and one will open the door.

More secure? Really?

AlekMarch 22, 2006 9:08 AM

Presumably the "code" is something not too similar to "Shave and a haircut"?

ArchangelMarch 22, 2006 9:13 AM

...
no, most criminals are not stopped by "circumvention of a technological protection measure" (nor, for that matter, are many normal people who would like to follow a hobby or academic discipline made illegal by the DMCA)

And while lockpicks and the proper use thereof are not widely employed by most B&E personnel (hence the Breaking part), and neither will this device probably be, that just leaves me referring back upwards to the "They'll break your door/go through a window/cut a hole under the house" comment (lol - cut a hole under your house - that's great!).

MadhuMarch 22, 2006 10:11 AM

aikimark is right: A lock is only as strong as the door/frame materials. Our back door was kicked in many years ago.

If all the keys are the same, why carry a physical key? The real 'key' appears to be the code. Sure, a keypad on the door might save the perpetrator the time to get a key, but what's the cost of cracking the code?

jmrMarch 22, 2006 10:16 AM

Actually, this system -could- be more secure than a simple keypad entry if properly designed.

The problem with keypad entries is the fixed nature of the keypad. It is vulnerable to photos, heat signatures, bugging, etc. It's much simpler to keep the code secret if you can enter the code in stealth on a portable device and present the device to a Challenge-Response system as a second step.

That only "solves" the authentication problem, of course, but the remaining problems of locking a door have known solutions (bolt mechanism, door strength, door installation, accessibility of other entrances).

steveMarch 22, 2006 10:28 AM

it would be interesting to know how much energy is used each time you open the door, and if it's vulnerable to a DoS attack on the battery. (there's a timer to limit the number of trials per second ?)

TimMarch 22, 2006 10:55 AM

I think if my neighborhood gets that bad, I will install 6 normal locks on my door and, like the comedianne I heard this from, I will only lock half of them.

That way, as the crook picks the locks, he/she is locking half of them...

No muss, fuss, or batteries.

Jay LevittMarch 22, 2006 10:59 AM

What I don't get is: Why advantages does this have over the existing, decades-old no-contact systems like FACScards? I can see plenty of disadvantages.

Christoph ZurniedenMarch 22, 2006 11:17 AM

OK, the exact algorithms and implementations are unknown, I wouldn't even secure the door in the shed in my backyard with the hand-driven lawn moyer in it with that kind of technique, but the idea itself is interessting.
Bits do not necessarily need to be of electromagnetiv origin, an electroacoustic source is likly comfortable. The main advantage is that it is possible to shield the electromagnetical lock inside. And it's really quiet if you use hypersonic waves (infrasonic may work too, but I'm too lazy to calculate it).
I would propose a solid algorithm for the public key exchange; OpenSSH has a nice implementation of one for example.
You have two different kind of keys than: one you have--the build-in long and/or one-time key and one you know--the PIN.

I think the design itself is quite secure, especially if used with long one-time keys.
But the actual implementation as interpolated from the handfull of information given seems to be as bad as usual.
Why? Oh, pray tell: why?
*sigh*

CZ

Dan LinderMarch 22, 2006 11:50 AM

How is this all that different from a garage door opener? Those have readily available "blank" (spare) buttons available at most hardware stores. If they set up their lock like the garage doors, then it would take access to the lock from the inside to associate a new remote opener.

I've often wondered why the big garage door opener companies don't make a retrofit door knob that uses a similar technology. Then you could give your neighbor a "key" that would work for "X days" or "Y uses". Plus you could probably program one "key" to work on multiple doors (front door, back door, garage door, neighbors door, parents door, etc).

Of course that means you loose one key you should tell your friends/family so they can revoke that key on their system but that's the price you (and they!) will pay for convenience.

On the other hand, I have been pretty lucky and haven't lost my keys since I started driving in 1987, and I would not let just any friend or family member train their key on my system either.

Dan

Clive RobinsonMarch 22, 2006 11:59 AM

@CZ

Why be so complicated, all the device probably does is either encrypt your key with the current time, or vis versa, ie it performs some time based Hash or MAC on the secret key and sends the Hash or MAC.

As long as the keypad clock stays relativly acurate (compared to the lock clock) then the system will work.

This is the way a lot of these "Two Factor" access control dongles work (with a bit of salt/chalenge).

You can also make the system more robust by encrypting say the minutes and seconds in a fixed key (common to all locks in the range) and send this first, this way the lock can sync it's self to the keypad, so you could change the "Knock code" every second.

The use of OpenSSH or any other PK system is going to need lots of CPU cycles and a high end CPU, neither of which are good for battery consumption, which likewise would not be good for this application.

aikimarkMarch 22, 2006 12:07 PM

@Archangel,

"(lol - cut a hole under your house - that's great!)"
About seven years ago, a group of burglars were using that technique to enter houses in upscale neighborhoods in the RTP area of NC. This had two advantages.

1. The burglars could gain access to the crawlspace quite easily and (very small padlocks and flimsy doors) and not expose their entry to the street.

2. The burglars could come up through a hole in a closet, and the owners might not know they'd been there, since closet contents didn't usually pose a heavy footprint on the carpet that recovered the entry hole.

==========================
@Tim

For this scheme to be an effective deterrent, the jam space needs to be protected, so that the thief can't see the position of the bolts, the strikeplate needs to be reinforced with a steel plate to overcome the weakness of the wooden frame, and locks need to be oriented both clockwise and counter-clockwise. In fact, most professionals would be able to tell the direction of these locks from the key profile and lock manufacturer.

RSaundersMarch 22, 2006 12:11 PM

@ Dan

The way a garage door opener works is a psuedo random sequence. Each time you press the button it sends the next number in the sequence. The door knows the last "good" number, and as long as the number it gets is less than N numbers further down the sequence, it accepts it. This guards against playback of recordings. It's not so good against scanning attacks, where you just send every Nth number in the sequence. It is very susceptable to listener attacks, where I listen for the number you use and then use my own knowledge of the sequence to impersonate you. It also works because your opener only knows about a small number of doors. As long as you are willing to take one dongle per door around with you, this is only worse than keys for reasons others have stated. The real advantage of this concept, but apparently not this device, is remote operation. If I don't have to take off my gloves to dig in my pocket to take out the right key to open the door, then I see a benefit. Just walking up to the door with the dongle in my pocket could unlock it, as an RF card might. This is not that solution, too bad.

aikimarkMarch 22, 2006 12:16 PM

example of door-height steel strikeplate:
http://www.asafehome.net/strike_master.html

The video shows lots of door kicking. I wish their test doorframe was as sturdy as a typical house frame. You can clearly see the test wall move. Unfortunately, the moving wall is absorbing some of the impact. But you get the general idea.

========================
There is usually a tradeoff between the security provided by a solid steel door and the beauty of a decorative door with some glass. If your fancy knock-knock (receiver) lock has a manual operation or override, then a thief merely needs to cut a hole in the glass or break the glass in order to unlock the door.

Dave AronsonMarch 22, 2006 2:41 PM

@archangel: the Breaking part of B&E refers to "breaking" (more like "going through") the building's exterior dimensions. For example, sticking your hand into an open kitchen window to steal a cooling pie, is still Breaking. (Dunno if it counts as Entering if only your hand goes in.)

Rob MayfieldMarch 22, 2006 3:06 PM

I wonder how well it works in environments where there is a high level of ambient noise, or where there is structural noise (eg wooden or steel frame house during high wind etc). It seems to me that a clever criminal could use knowledge of the tech to initiate a denial of service, with a number of possible scenarios.
Also, they say on the website it's the "safest lock" - I wonder how often people's assessment of the safety of a product intersects with their assessment of the security of a product, and I wonder how often the safety and security of products actually intersect - for a given definition of safety ...

RonKMarch 22, 2006 3:58 PM

This was up on Slashdot a while ago.

While discussing it, a relatively easy DoS attack came up. Make an armored box which listens for knocks and produces random jamming knocks which will presumably (unless the algorithm is really, really, robust against jamming) prevent the KnocKey from unlocking the door.

To make it difficult to remove the armored box, glue it to the door with steel reinforced epoxy.

AnonymousMarch 22, 2006 4:57 PM

@Clive Robinson
> Why be so complicated, all the device probably does is either encrypt your key with the current time, or vis versa, ie it performs some time based Hash or MAC on the secret key and sends the Hash or MAC.

You shouldn't be dependent on something that needs to be dependently measured like time. You would have to synchronize the time before use and that can be jammed, intercepted and/or changed. No, a full cryptograhically key exchange is needed here.

> The use of OpenSSH or any other PK system is going to need lots of CPU cycles and a high end CPU, neither of which are good for battery consumption, which likewise would not be good for this application.

That is not true anymore. OK, a full implementation of OpenSSH would be quite a bit exaggerated, but there are some key exchange algorithms optimized for embeded use and the computing power needed is very cheap these days: monetary cost and electrical power consumption are quite low, an AAA-battery will keep that US$ 2.99 thingie running for more than a year (assuming the ordered bulk is large enough and it needs the power for the actual work only).
My point is to use well known and tested algorithms and implementations and not to try to reinvent the wheel because your first wheel will almost surely be square.

BTW: the idea with the hash is not wrong, you can use a cryptographical hash to exchange keys:
Let the knockkey be 'A' and the lock be 'B', the cryptographically hashfunction hashing a string 'x' be 'hash(x)' and a random number generator with seed 's' be 'rand(s)' (seed is not used here). The sign '+' shall be an arbitrary binary operator connecting two variables 'a' and 'b' in a way such that 'a+b!=a!=b' e.g. a simple concatenation.
'A' and 'B' are able to send messages 'A(message, destiny ...)' and 'B(message, destiny ...)' respectivly. Strings within ''' are static strings or the precomputed result of a named function.

The knockkey starts with some kind of 'Hello lock, nice to meet you.'
A('Hi!',B)
The lock then generates a random number, hashes it and sends it to the key and to memory
B(hash(rand()),A, MEM)
The knockkey takes that, adds one token (which the knockkey gets from a list, which itself is decrypted by a PIN or a fixed key plus the PIN or something alike), hashes the result and sends it back to B.
A(hash(hash(key)+'B'),B)
As B knows 'B' and 'hash(key)' (but not 'key' itself, just like in /etc/passwd), B does the same as A, compares the result to the message of A and unlocks the bolt if both are equal.
B(compare(hash('hash(key)'+'MEM'),'A'), bolt)

Most of the cryptographically secure hash-functions can be build quite easily (=cheap) in hardware, the additional logic needed beside the hash and the DSP/DA-AD-controls is way underneath noise, so, yes, a simple hash is not a bad idea.
Disadvantages? Well, the usual technicalities are in no order: security of the hashing algorithm may be bad, controlling a hardware implementation is expensive, the random number generator might be bad and the memory might be readable from outside and/or later in time.

It's quite difficult to describe such a mechanism in a small HTML-textarea and a foreign language, so please ask if you think I was wrong because I certainly was ;-)

CZ

greygeekMarch 22, 2006 5:33 PM

If it's bidirectional, couldn't it be a challenge/response that was pretty good?

I'd think I would want to program a longer, permanent key into the lock, and only use the "pin" entered at the time of use as an authenticator for the user of the key.

1) User enters "pin"
2) Door knocks a challenge to the key.
3) Key uses permanent key plus "pin" plus cryptographic hash to formulate response.
4) Key knocks response.
5) Door opens (or not) depending on whether it likes the response.

RogerMarch 22, 2006 8:54 PM

This seems like a very good idea, and well implemented so far as I can tell from their specifications. Most of the criticisms various people have suggested above, have in fact already been met by the designers.

(NOTE: It very much sounds to me as if the cryptographic functionality in this device is provided by the KeeLoq protocol. Some of my comments are based on this assumption and may not be valid if it is not correct.)

== Notably good points ==

1. It seems that each knocker must be set up by programming with a 6 digit "master code", then a 4 - 6 digit user PIN is entered to unlock a door. Thus, it is two factor authentication. Yay!

2. The knocker is not just a token but also a PIN entry keypad (and code generator). Because each user gets their own and carries it around with them, this makes it much harder for an attacker to implement attacks on the PIN entry interface (e.g. prying open the cover and inserting a keylogger).

3. Uses cryptography to implement an (apparently) strong rolling code protocol for authentication.

4. Like most modern electronic locks, it has built-in key management and (in some models) auditing. However, if I read the specs right then it seems each lock can manage up to 100 different users whilst _also_ using a rolling code for _each_ user. So far as I know, this is unique.

5. From the video, it seems to be possible to enter your PIN shortly prior to unlocking the door, then activate it by pressing against the door. This feature makes it possible to avoid shoulder surfing or video photography being used to recover your PIN. However one would need to be careful with how long the device stays "armed" after entering the PIN.

6. Acoustic signalling: like RF based key systems, the lack of an exposed interface forces an attacker to concentrate on the information rather than the implementation. For example, on a keypad based system one has to worry what would happen if the attacker exposes the wires between keypad and microcontroller, and sends malformed signals along it e.g. seriously overvoltage. Additionally the exposed interface is vulnerable to vandalism which can also be used for denial-of-service attacks. An RF interface is significantly less vulnerable to these sorts of shenanigans, although not totally invulnerable. Possibly the cleverest part of the KnockKey is that it takes this sort of protection even further: very high amplitude acoustic signals _might_ damage the device, but everyone in the area is going to notice! Having a broad spectrum pulse-time modulation scheme makes it very difficult to confuse with invalid pulse timings or unexpected frequencies. Seriously out of spec frequencies are likely to be strongly attenuated by the door material anyway. In comparison to RF solutions, it is also likely that the effective interception range will be reduced; the attacker will need to mike the door specifically, rather than simply hiding a receiver somewhere nearby. Another advantage of acoustic signalling is the possibility to signal through heavy metal barriers (e.g. safe doors, vault doors) without needing to anywhere weaken the barrier with a signal path.

7. Seems to be quite inexpensive compared to most electronic locks.

8. Only judging from an external photograph here, but it looks like the strike positively engages a notch in the retaining bolt (thus giving good resistance to forcing) and throws downward (thus probably not being vulnerable to the electromagnet attack). It also appears that when locked, the strike bolt is completely concealed, surrounding entirely by the casing and the heavy steel retaining bolt, which itself is completely surrounding by the casing. This makes it fairly resistant to physical assault from the INSIDE as well. (It seems it comes in both deadlock and non-deadlock versions.)

9. The combination of "master code" and PIN is a minimum of 10 digits. If it can be taken literally, the video seems to indicate that a code takes about 1 second to transmit, so even without rate limiting a 10 digit key will take an infeasible amount of time to brute force.

10. It deliberately forces the administrator to change default keys on set up. Yay!

== Questionable points ==

1. They don't state what cryptographic algorithm is used to generate the rolling codes. From the description, it sounds a lot like they have used KeeLoq, which is a great _protocol_, but usually implemented with a secret proprietary block cipher _algorithm_.

2. PINs are allowed to be as short as 4 digits (or as long as 6). It seems they are somehow combined with a 6 digit "master key" before use, but no information is given on the device's resistance to reverse engineering. If an attacker manages to extract the master key from a legitimate knocker, captures the master key by some other method, or obtains a knocker and is allowed access to it for an extended period, then a 4 digit PIN without rate limiting is rather weak. It could be brute forced in 8 minutes on average. Even 6 digit PINs would take about 6 days on average. With this sort of system it is of course fairly easy to severely limit brute forcing through a combination of rate limiting and auditing, however the description does not make any mention of rate limiting. I would like to see it added, if not already present, to further reduce the risk of reverse engineering the master key.

3. Although the knocker has a feature which enables one to avoid shoulder surfing attacks, this isn't mentioned at all. For most users, shoulder surfing will probably continue to be a serious vulnerability.

4. The version in which the knocker is left attached to the door seems rather pointless to me. It eliminates most of the advantages of the idea, apart from not needing to drill holes through a door. I would certainly restrict its use to monitored areas.

5. (This bit has quite a few assumptions about the protocol.) The maximum length of the master key is too short. The maximum total keyspace seems to be a 6 digit master key and a 6 digit PIN (approximately 40 bits). In addition, if this is KeeLoq or works in the same way, there is also a 16 bit internal counter. The output from one knock is probably 32 bits (guessing, both from resemblance to KeeLoq, and claims of "billions of knock sequences".) That means that an attacker who records a knock sequence, and then (having obtained the KeeLoq algorithm by some means) attempts to brute force the keyspace off-line by trial decryptions, _cannot_ get the answer from one intercepted successful knock. But how many does he need? Unless the resynch protocol is triggered (which it usually isn't), the next successful knock must decrypt to one of 16 possible values after decryption by the same trial key (assuming the upper 16 bits of the plaintext are fixed, as is usually the case, but need not be here.) Thus, 2**-28 of trials keys will pass a second knock by chance, thus leaving ~4000 trial keys. A third knock will eliminate all but the correct one. Thus with a 6 digit user PIN and knowledge of the secret cipher algorithm, an attacker can break the system using 3 intercepted ciphertexts, ~2**41 encryptions and negligible memory, which is not a very serious obstacle today. With 4 digit user PIN, it is proportionately easier. (Note that the maximum keysize of the KeeLoq algorithm itself is 64 bits, so it is possible that there is additional keying information already embedded in the device -- enough, in fact, to make brute forcing the algorithm significantly harder than kicking the door in -- but as this data does not need to be entered into a replacement knocker, it must be the same for all of them and so will eventually be discovered.)

== Answers to specific objections ==

1. No, you cannot simply record the code and play it back. It specifically says that it uses a "rolling code", which is designed to defeat just such an attack.

2. No, stealing the knocker alone does not let you break in.

3. Yes, of course you can bypass the lock's security by attacking the physical fabric of the door, frame, or surrounding walls etc. But that is true for any lock, and thus not a criticism of the lock so much as a reminder of the necessity for whole-of-system design. To the extent that it is relevant to the lock design, THIS lock looks like it has been designed in a way that makes it easier rather than harder to secure the rest of the system, i.e. it doesn't weaken the fabric of the door, it works just as well with very heavy doors and probably with doors with extra cladding, and it positively engages with the frame. The lack of a need to position a keyhole, and the mechanical simplicity of the engagement with the bolt, would make it fairly simple to adapt to more powerful boltwork if desired (as in fact appears to have been done in the S&G safes).

4. No, not all electric strikes are vulnerable to the electromagnet attack (i.e. throwing the bolt by attaching a powerful electromagnet outside the door, thus entirely bypassing the lock's logic). A couple of designs were found to be vulnerable, and the manufacturers in true locksmithing tradition tried to suppress the information instead of fixing the problem, which caused a bit of a fuss among computer security types. However, the attack simply doesn't work on most electric strikes, and from an admittedly very superficial examination it doesn't look like it would work in this case.

5. The fact that S&G incorporate an override code in the version they put in some safes, doesn't mean there's a backdoor. Remember, each lock can manage up to 100 user accounts, so all S&G has to do is add a "field serviceman" user account. They could even have a different one for each customer, to minimise exposure. If you read the manual, you will see it is probably possible for the user to delete this account if they want to, although I imagine most commercial users are more worried about the considerable cost of getting their safe forced if they forget the PIN.

6. No, every knockkey does not contain the entire set of codes and PINs, encoded into itself. When you buy a replacement, it contains a default master key (which it forces you to change immediately) and no user PINs at all. To use it, the system administrator must enter the 6 digit master key. Your user PIN (apparently) does not get stored in it at all, but is entered each time you want to open a lock.

7. "Is this really more secure than a normal lock?" Yes. There is absolutely no question that for the great majority of lock users, _any_ electronic lock, even a moderately badly implemented one, is more secure than a "normal" (i.e. mechanical) lock. This is because of the small fraction of break-ins which involve defeating the lock, most come about from a failure of key management, and key management for electronic locks is enormously easier than for mechanical locks. Of those that don't fall under key management failures, most rely on applying violence to the exposed interface -- something which this lock simply does not have. Other than that, this system appears to be based on a system which is already being used to secure luxury cars, and has been found in practice to be far more secure than mechanical locks. The only caveats are that they seem to be using a master key which is rather shorter than the maximum permitted (which does worry me somewhat), and they use a novel signalling interface (but one which seems to be more secure than the current standard version, rather than less secure).

Bruce SchneierMarch 23, 2006 7:33 AM

"While discussing it, a relatively easy DoS attack came up. Make an armored box which listens for knocks and produces random jamming knocks which will presumably (unless the algorithm is really, really, robust against jamming) prevent the KnocKey from unlocking the door.

"To make it difficult to remove the armored box, glue it to the door with steel reinforced epoxy."

With a tube of steel-reinforced epoxy, I've got a great attack against a conventional key mechanism without any box requirement -- so the new lock wins there.

derfMarch 23, 2006 10:03 AM

Why worry about the door? I'm sure there's a window to break or a wall to drive through.

Most company datacenters are surrounded by mainly drywall, so the hardened door is just for show anyway.

Your security really just depends on how determined the thief wants to be.

ArchangelMarch 23, 2006 8:46 PM

Roger and CZ,

Nice analysis.

----
Bruce,

I think the steel-reinforced epoxy wins, there. Now *that's* the ultimate in door security measures, for values of security approximating 'not accessible except to authorized users', and values of authorized user approximating 'equipped with demolition gear'. :D

TankMarch 23, 2006 10:50 PM

A lockpicking group here made short work of another electronic lock...
http://www.toool.nl/index-eng.php

That one used encryption and authentication of keys. The solution was to buy a very powerful magnet and attach it to the lock. Very interesting videos.

TankMarch 24, 2006 9:02 AM

"While discussing it, a relatively easy DoS attack came up. Make an armored box which listens for knocks and produces random jamming knocks which will presumably ... prevent the KnocKey from unlocking the door."

When dealing with physical security you really dont have to get too bogged down in technical details.

ie. How much money, time, expertise needs to be expended on creating that device when it will only be useful against only one type of lock which currently 0 people use...

...compared to the cost of a load of horse shit dumped against the door which is just as effective in denial of service for an entry regardless of lock type.

definitely not time basedMarch 26, 2006 10:27 PM

Whatever it uses, it's definitely not using a time-based crypto, since those types of devices need to be synched before use ... and the claim is that the 'key' can be replaced if you lock yourself out and lose it.

Clive RobinsonMarch 27, 2006 8:55 AM

@Tank

As I mentioned further up this blog page a lot of "secure electronic locks" (not just the Winkhaus blue chip lock with embeded battery) suffer from this problem with magnets...

It is a problem that has been well known for well over a quater of a centry by the US Insurance funded UL (Underwriters Laboratories) but they do not appear to be worried by it (ie they do not advertise the information to consumers or other interested parties).

There is actually a fairly simple solution to it if you are thinking of designing an electronic lock (with embeded battery). I have mentioned it before in earlier posts to Bruce's Blogs (where you can also find my EMail address ;)

RogerApril 12, 2006 8:28 PM

@Clive Robinson:

Re: mag field attack on electric locks:

I was just thinking about this the other day, and it occurs to me that there are at least 7 approaches. Some must be designed into the lock, but others can even be retrofitted by the end-user. Of course if the end-user does such a modification, it would be a good idea to obtain a suitable magnet and check to see if the hardening worked. Anyway, my thoughts:

1. Distance. The force from a dipole field on an induced dipole generally drops as a quite high power of distance (often 1/r^6 or 1/r^7, depending on geometry), so slightly increasing the standoff can have a dramatic effect. As a lock manufacturer, this can be achieved by designing the lock so that the solenoid is on the side furthest from the threat. Interestingly however this also allows a lock end-user to upgrade an existing, vulnerable lock by mounting the lock on a stand-off block of some kind. A disadvantage is that this approach only works from one side of the door.

2. Shielding. By making the lock casing, or better yet the entire door, from a high permeability material (e.g. Permalloy) the manufacturer may prevent the field from reaching the solenoid. Also the lock end-user may upgrade an existing vulnerable lock by fitting a plate of soft iron (or better, Permalloy) between the lock body and door. Or better yet, by making a box to completely surround the casing. This approach means that electric locks used to secure safes are probably not vulnerable at all.

3. Direction of operation. When an object is placed in a dipole field and has a dipole induced in it, the force lies in the direction of the field intensity gradient. By and large, this is _toward_ the magnet. Thus locks in which the bolt is thrown at right angles to the plane of the door will be less vulnerable than those which move toward the door, while those which throw _away_ from the door will be least vulnerable. Best of all would be interlocking two part bolts which have to move in two opposite directions at once. This technique will be more useful if there is also a reasonable degree of standoff, since it will then be more difficult for the attacker to significantly alter the relative direction of the magnet. This technique is mainly useful to manufacturers, although an existing end-user could use this approach to upgrade an existing vulnerable lock by making an new mounting bracket which alters the orientation of the whole lock. However this will likely be much more complicated than a simple standoff.

4. Additional components. An additional ferromagnetic sear could be place in the lock in such a way that when the normal solenoid (lying between sear and bolt) is activated, the sear is pressed away, but an external field (operating on bolt and sear in the same direction) causes them to bind together and prevent the bolt from moving. Electrically adept end-users could also use this approach to upgrade an existing vulnerable lock by adding a field sensor (e.g. Hall effect chip) to control a secondary bolt, which holds the door locked when a strong field is detected. Alternatively, the Hall chip could simply trigger a burglar alarm (since the required field strengths are very high, the risk of a false alarm should be quite low.)

5. Extraneous forces. Fields acting on dipoles generally induce significant torques as well as linear forces. The bolt could be designed so that it jams securely in place when subject to a torque. Such a feature would need to be designed in by the manufacturer.

6. More complex mechanisms. A bolt does not have to be thrown by a simple solenoid. It might be operated by a stepper motor, for example. (With a stepper motor, there are effectively two or more coils which must be alternately energised with a precise phase relationship. A static field will do nothing, while an AC field impressed on both coils which just make the rotor vibrate in situ.)

7. Concealed location. It will be very difficult for the attacker to achieve the necessary field strengths over a large area. As such, locks in which the strike mechanism cannot be easily located from the "insecure side" are slightly less vulnerable.

BenNovember 3, 2006 5:19 AM

This locking device is unsafe anyone could record you locking sound and they are into ur house also what if the batries run out batteries in the transmiter. You wont be able to get into your house till you get new batteries. Its a good idea but i think the deisgner needs to think more about the security aspect of it.:) But i rly like it the thought it new and great gold star to the designer for the idea.

RogerNovember 3, 2006 9:07 PM

@Ben:
> This locking device is unsafe anyone could record you locking sound

It uses a rolling code. That is, a new knock code is generated every time, using a cipher. Previous knocks are automatically rejected, so recording them achieves nothing unless you are able to break the cipher. We are not able to judge the strength of this cipher because it is a secret proprietary one, however it appears to be the same one commonly used to protect luxury cars.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..