This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
This paper describes about mechanical lock security from the cryptology side and computer science perspective. Any kind of metal file, blank keys and equipments are not required such that attacker need to carry out not as expected behavior at the lock location. We focus only on the practical attacks for increasing the rights in mechanical pin tumbler locks. I hereby conclude research in this area and suggest that mechanical locks are more worthy for studying and prolonged intense look.
2. Background: Mechanical Locks
2.1. Evaluating lock security
2.2 .Pin Tumbler Lock
2.3 .Master keying
3. Rights Amplification: Reverse Engineering Master Keys
3.2. An Adaptive Oracle-Based Rights Amplification Attack
3.2.2. The Attack
3.2.3. Practical Consideration
3.3. Experimental Results
4. Counter measures
5. Conclusion and Lessons Learned
In anywhere of the country mechanical locks plays a major role and they are the most common mechanism for accessing control on doors and security containers. These mechanical locks are found majority in residences, business, college, institutions and government laboratories. These mechanical locks provide prior protection against theft and intrusion.
These mechanical locks are very important regarding their design and function which mainly influence on security. This physical security and cryptology borrow much of the rational investigation that include mechanical locksmithing.The concept of the key allows operation of a system security.
This research paper mainly examines security of common master keyed pin movable obstruction in a lock that must be adjusted to a given position as by a key before the bolt can be thrown against an insider threat model which is associated with computing systems. There are many simple attacks that render many real world lock systems which are very often susceptible to attack.
2. Background: Mechanical locks
This technology describes well about the scope of this paper. In a wide fashion speaking mechanical locks are divided in to two categories they are combination locks and keyed locks.
Combination locks are operated under secret procedures while keyed locks are operated under secret token. Combination locks are used to control the access to some of the padlocks and vaults whereas keyed locks are used for commercial doors and entrances
There are many different types of rotary tumbler locks, dimple key locks are the keyed locks that are invented and used in early ages. High security mechanical keyed lock mechanism in most of the countries is mechanical pin tumbler lock cylinder.
2.1. Evaluating lock security:
These mechanical locks must stand up to protect from threats than casual connection with communication systems.
Evaluation of this lock security mainly focuses on strength of materials, weak points, and many others. There are many standards that specify many characteristics for different types of applications, which vary depending on resources of the attacker. Security depends not only on the locks that are provided but also the conformity to fact and state
Of installing it.
It is possible that lock can be opened without the key or key can be made without basic knowledge of its parameters.
Evaluating and protecting against most of the threats focuses mainly on details of its mechanical and physical construction than on capable of being quantifiable security metrics.
This cryptology security analysis might take more abstract, excellence view of locks and their operating functionalities.
The main goal of all keyed locks is that correct key is required for its operation and that lock is to be opened only with the prior key.
2.2. Pin tumbler lock:
Pin tumbler lock is used in cylinder locks. These types of locks are designed in 19th century. In this type of lock, an outer casing has cylindrical hole in which plug is contained. In order to open the lock the plug must be rotated. The circumference of the plug is called shell. That is fixed to the door. Locking mechanism operates only when plug is rotated within shell.
Without the key in the lock, all the pin stack cuts rest within the plug. When the key is inserted into the keyway slot at the front of the plug the pin stacks are raised within them.
The plug can rotate freely only when if the key lifts every pin stack's cut to align at the ends between the plug and shell.
The end line/border is called shear line. Typically number of pins in a lock commonly ranges of four to seven, and the possible depths ranges from four to ten, depending on lock. Better quality locks have more pins and distinct cut depths on each side
Most commonly used technique for unauthorized entry is involvement of another working key
2.3. Master keying:
Master keying is nothing but it operates a set of several locks. Locks that have master key have second set of the mechanism used to operate them that is identical to all others in the set of locks
Master keyed pin tumbler locks have two shear points one for the change key and the other for master key. The main reason for practicing master keying is because of lock in a group is to be operated not only by the allotted key but also by master keys that can operate all other locks.
The simple master key method contains two cylinders on each lock, one key as individual and the other key as master key. These all approaches have both advantages and disadvantages. This master keying scheme can be used with virtually pin tumbler lock. Consider example, a lock 1has five pin stacks with four possible cut positions in each
suppose pin stacks 1 through 5 are each cut in two places,'1' and '4'.see that this lock can be opened by two keys, one with 11111 and another with 44444 bitting.Now create Lock2,this time with pin stacks 1 through 5 each cut from depth '2' and '4'.if these are the only two locks in system, keys 11111 and 22222 can be said to be change keys for lock 1,lock 2,while key 44444 is a master key that operates both locks
The maximum level master key which opens all the locks in a system is called as Top Master Key. Master keying has been understood in many ways such that master key reduces security. Main threats occur due to master keys because master keys are very valuable targets to threats causing agents. If the master key compromise then entire system undergoes compromise security is still degraded even master key is well protected.
Since mastered pin stack aligns with the shear line in several positions. This system more susceptible to unintentional key interchange.
For example shown in above figure:
In this example we have a small setup with 3 houses. Each house has its own key that can open its front door the owner can open all the doors of every house. On the other side of the chart we have family key
The familyâ€™s child key that opens front door of house along with child bicycle lock. Worker key can open only the front door of each house when the inside bolt is unlocked
In addition, my key can open master bedroom door, and can operate all the locks under my control.
3. Right amplification: Reverse-engineering master keys:
Most valuable secret in any lock system is the bitting of top-level master key (Tmk).insiders of the company who are recognized can change keys and have physical access to locks. The main purpose of assigning locks is to access their own privileges that are granted to specific locks. Security objective of the system gets compromised when the change key is converted to master key.
There are many methods are used to convert change keys into master keys with different type of technical resources available for the attacker. The simple approach to master key discovery involves decoding of an original master key by various types such as photographs, measurements, eye inspection. A good observer can recall the cut depths with good accuracy looking briefly at the key.
without access to lock's change key complete information cannot be known by master bitting.if every pin is mastered according to standard of total position progression (tpp) scheme, disaasembly of a lock will reveal 2pow(p) master keys in which p is the number of pin stacks. Cuts corresponding to its bitting can be eliminated from pin stack if the change key to a disassembled lock is available. Detachable locks are more vulnerable to these kinds of attacks, since the can be opened and stolen easily. The change key holders from top position progression-based systems may be able to manufacture a similar one master key without disassembling any locks. These Tpp-based systems are mainly employed by university students, good engineering schools. Only one change key is required to attack all standard tpp-based systems and rc-based systems.
3.2. An adaptive oracle based rights amplification attack:
Right amplification in master -keyed mechanical locks checks computer science and cryptology topics for significance in master -keyed mechanical pin tumbler locks.
Now it is time to consider lock in more abstract terms. In the cryptology perspective we observe that lock is an 'oracle' that accepts or rejects keys presented on it. Oracle mainly gives single bit answer; lock either turns open or close.
P denotes number of pin stacks of a lock, with stack p1 represents first stack and pn represents last stack. Let d represents number of key bitting depths in a pin stack in which d1 is the highest bitting and d0 is the lowest number of distinct keys is represented by d (pow (P))
3.2.2 The attack:
Total Position Progression (TPP)-based system with every pin mastered, exactly one of the D-1 test keys will operate the lock for every position. The original change key same as that of master key bitting.Once the master bitting has been determined at each p positions then the top-level master key can be cut easily. Cost of carrying the attack is less than 2 US dollars in least favorable outcome case.
3.2.3 Practical Considerations:
Attack can be classified in to many other lock schemes such as security lever lock and rotary tumbler design. It is Worthy of being treated in a particular way that even in high security pin tumbler lock designs also undergoes vulnerable to this attack.
3.3 Experimental results:
Standard master keying schemes undergoes effective attack very easily. We can ask that whether master key brought into use under this scheme is therefore vulnerable. Attack has been tested against variety of medium institutional master keyed installations which includes both house hold and educational institutions.
Locks which have a single shear line use both master key and change key has adaptive oracle attack. Attackers can exploits the fact that change key must be on the master. These extra cuts must be selected very carefully however such cut low downs the number of unique differs available in the system. Unusual-protected key designs are more difficult to get by special effort or change from commercial sources but blanks can be formed. These extra cuts must be selected very carefully since each such cut reduces the number of unique differs in the system. In real world this may not be safe counter measure on conventional locks which are having small number of pins.
5. Conclusions and lessons learned
These mechanical locks are found majority in residences, business, college, institutions and government laboratories. These mechanical locks provide prior protection against theft and intrusion. This physical security and cryptology borrow much of the rational investigation that includes mechanical locksmithing. High security mechanical keyed lock mechanism in most of the countries is mechanical pin tumbler lock cylinder. Evaluation of this lock security mainly focuses on strength of materials, weak points, and many others. There are many standards that specify many characteristics for different types of applications, which vary depending on resources of the attacker. Pin tumbler lock is used in cylinder locks. Master keyed pin tumbler locks have two shear points one for the change key and the other for master key. The simple master key method contains two cylinders on each lock, one key as individual and the other key as master key. A good observer can recall the cut depths with good accuracy looking briefly at the key. Detachable locks are more vulnerable to these kinds of attacks, since the can be opened and stolen easily. Oracle mainly gives single bit answer; lock either turns open or close. Attack can be classified in too many other lock schemes such as security lever lock and rotary tumbler design. It is Worthy of being treated in a particular way that even in high security pin tumbler lock designs also undergoes vulnerable to this attack.
I am very much thankful to everyone who supported me to complete my research paper effectively in time. Am very much grateful to my Instructor Mr. RUSSELL D PETREE gave me moral support regarding the topic. I thank him for his overall supports.