Hacking Electronic Safes
Nice attack against electronic safes:
Plore used side-channel attacks to pull it off. These are ways of exploiting physical indicators from a cryptographic system to get around its protections. Here, all Plore had to do was monitor power consumption in the case of one safe, and the amount of time operations took in other, and voila, he was able to figure out the keycodes for locks that are designated by independent third-party testing company Underwriter’s Laboratory as Type 1 High Security. These aren’t the most robust locks on the market by any means, but they are known to be pretty secure. Safes with these locks are the kind of thing you might have in your house.
Anura • August 12, 2016 7:16 AM
I wonder how you can design these to prevent side channel attacks. My first thought would be salted hash, but the hash can still be recovered, and with a six digit numeric code it won’t take long to brute force, especially since you would want a very long battery life for something like this which limits the use of key stretching algorithms. I don’t know a lot about electronic circuitry, but it seems to me that if you can design it to store both the hash and the one’s complement of the hash, and then compare them both in parallel, then the power consumption should not vary.