Remote Keyless Entry (REK)
Il CSEC QP-RKI(Remote Keyless Identification) – Algoritmo di Identificazione ed Autenticazione
The CSEC QP-RKI algorithms, initially developed for a project known as “Muncher” are a suite of identification algorithms which can act both as OTP (One Time Password) and CBI (Challenge Based Identification).
The development of this suite of proprietary algorithms began in 2008 inside a joint effort project by Università degli Studi di Roma Tor Vergata – Centro Vito Volterra, the Tokio University of Science, and several international and italian industrial partners.
The objective was the development of a new cryptographic algorithm aimed specifically at personal identification and authentication tasks, it would have to be compatible both with USB and RFID devices, and double in the Small Payments scenario, on to the automotive market, and more generally at the security devices market.
The initial motivation for the investment this research was based on was the obsolescence of several proprietary algorithms, by Texas Instruments (TI) Digital Signature Transponder (DST) Plus, based on 40 bit cryptographic keys, which were programmable both locally or via RF commands.
In its interaction with a reader device, a DST emits a 24bit identification signal (Set in-factory)m and then authenticates itself with a challenge based method. The reader initiates the protocol by transmitting a 40 bit challenge. The DST encodes this challenge with its own Key and then sends a 24bit response. It is therefore only the security of the Key which protects the DST from cloning or simulations.
But this 24/40 bit solution is now obsolete, given the rise in easily available computational power, making brute-force attacks feasible and convenient.
The Muncher algorithm, by comparison, is revolutionary, as it is resistant to statistical, algebrical, and crypt analytical attacks. In its standard implementation, it uses a 128bit key to send 80bit messages.
The Muncher algorithm, is also highly scalable, and even though it is a very complex algorithm, it’s basic instructions can be run on 8 bit processors. It can also be scaled upward easily, and on 32bit systems it can use 256bit keys, and can even be used to produce cryptographically hardened 256bit hashes.
The Muncher algorithm is especially suited to electronic key scenarios, small security devices which incorporate an authentication mechanism and which can be deployed on smart cards, RFID, and a number of other setups. Just like a regular key these devices can prove identity, or access to various kinds of services.
Identification can be handled as OTP or CBI
OTP based identification. In this mode the user has a personal PIN (Personal Identification Number), which authenticates him as owner of the device. Once the user has entered his PIN, the device will show a string of numbers which will be a valid access code. If it were to be stolen, it would soon be known, as it is a physical object, and the Keys it produces can be invalidated, whereas a Password can be stolen and used for a long time before it’s breach becomes evident.
CBI based identification. In this mode, after a first level of identification occurs, during the access request by the device, the access controller sends a signal (Challenge) to which the device must answer a specific signal depending on the Challenge, that only it can produce correctly. This is a second level of confirmation of the identity and of the authorization of the user.
Since electronic keys are usually small and have very limited computing power, only specifically designed algorithms can run on them efficiently.
CSEC QP-RKI is an identification/authentication algorithm. Both the strength of the cryptographic keys and the complexity of the communication protocols have ample margins of personalization and can be changed very easily. The creation and processing of the cryptographic keys is also very fast.
It’s typical use scenario is in Strong Authentication Devices.
Muncher is an almost unique algorithm, and it’s flexibility allows for implementation in several key areas and prompts for further development with industrial partners.
These algorithms, in various configurations and implementations, can be deployed in specifically engineered products to adapt to the specific needs of our clients.
The Muncher algorithm, has been written in C to be compatible both with Windows and Linux environments and is based on an instruction set available on most 8 bit processors.