spamalytics

1
Reconsidering Physical Key Security
Teleduplication via Optical Decoding
Benjamin Laxton Kai Wang Stefan Savage UC
San Diego




2
First credits

• What happens when the vision faculty go on
  sabbatical

Kai Wang
Benjamin Laxton
2
3
Key issues

• The worlds most pervasive form of access control
• Assumes key and lock share a secret (bitting
  code)
• Problem bitting code is a secret you show in
  public
• Problem 2 it has become easy to capture this
  secret

4
Quick review how physical locks work
courtesy Matt Blaze
5
Bitting codes

• A key can be precisely described with a discrete
  code
• Cuts at regular intervals (4-6 cuts)
• Depth of cuts quantized in standard fashion
  (typically 6-9 bins)
• 4-6 digits sufficient to describe most keys

6
4
6
7
8
6
Lock bypass via manipulation
Bumping
Picking Raking
7
Lock bypass via surreptitious duplication
Decoding
Field casting
8
The power of decoding
6
4
6
7
8



64678
Key replica
KeyBlank
Code key cutting machine
9
(No Transcript)
10
(No Transcript)
11
5
3
3
8
6
12
Optical decoding

• Decode keys semi-automatically from photographs
• Without help from vendor
• Traditional computer vision problem (photometry)
• Normalize for scale and rotation

13
Sneakey

• Reference key measured at key control points
• User supplies correspondences between target key
  and reference image
• Image normalized (homographic transform), cut
  locations identified and cut depths measured (n
  guesses)

14
Basic experiments

• Perspective tests
• Close up, high-resolution shots (Kwikset,
  Schlage)
• Varied rotation into and out of camera plane

Horizontal axis
Vertical axis
Kwikset
Schalge
15
Basic experiments

• Cell phone tests
• Motorola A1200 cell phone camera
• 6-12 inches standoff (Kwikset, Schlage)
• Key flat on surface (optimal)

16
Distance decoding (telephoto)

• Optical issues
• Diffraction limit light scattering due to
  self-interference
• Sensor resolution how small angle is subtended
  by individual pixel sensor
• Pragmatic issues
• Focal length (8 foot telescope isnt very
  stealthy)
• Focusing (field of view issues)
• Camera shake (shutter, hand, wind)
• Cost (CA 10B in the hole)

17
Distance experiments

• Level capture
• Camera setup 35, 65, 100ft from target key
• Key (on key ring) at 90 degrees to café table
  (Kwikset)

18
35ft
65ft
100ft
19
Distance experiments

• Level capture
• Camera setup 35, 65, 100ft from target key
• Key (on key ring) at 90 degrees to café table
  (Kwikset)
• Hero results
• 200 ft away, 77 feet above ground (roof), to
  surface key
• Key stationed as before

20
Wheres the Key?
74753 (3rd guess)
21
Should I really worry about this?

• Answer 1 no, no one cares about my stuff
  anyway I leave a copy of my key under the front
  doormat
• Answer 2 yes, there are eyes everywhere and I
  need to keep the NSA from copying my key
• Answer 3 maybe, but at least ask your teenage
  son/daughter not to post pictures of your keys

22
Users dont understand risks
23
Users dont understand risks
24
Users dont understand risks
25
Users dont understand risks
26
Users dont understand risks
27
Users dont understand risks
28
Discussion

• Pretty easy to do optical decoding w/modest
  technology
• Public secrets are a bad idea maybe time for a
  redesign?
• Clearly possible to do high-security keys (see
  Marc Tobias)
• We out did an ok job at this, but can do much
  better
• Line-based modeling instead of point based
  modeling
• Better geometry model key edge
• Feature consistency checking (MLE)
• Super-resolution extra resolution from video
• What if this is a real threat for you?
• Hide your key
• Joint Physical/EM secrets

29
Questions?
30
High-security keysexample Medeco
Courtesy Marc Weber Tobias