13 - Lock Picking & Master Keying.pdf

(3944 KB) Pobierz
Cryptology and Physical Security: Rights Amplification in
Master-Keyed Mechanical Locks
Matt Blaze
AT&T Labs – Research
mab@crypto.com, mab@research.att.com
15 September 2002 – PREPRINT: This paper can be found at
http://www.crypto.com/papers/mk.pdf
Abstract
This paper describes new attacks for amplifying rights in mechanical pin tumbler locks. Given
access to a single master-keyed lock and its associated change key, a procedure is given that allows
discovery and creation of a working master key for the system. No special skill or equipment, beyond a
small number of blank keys and a metal file, is required, and the attacker need engage in no suspicious
behavior at the lock’s location. Countermeasures are also described that may provide limited protection
under certain circumstances.
1 Introduction
In the United States and elsewhere, the mechanical pin-tumbler lock is the most common mechanism for
access control on medium- and high- security doors and containers. They are found in (and guard the
entrances to) virtually every residence, commercial business, educational institution, and government facility
in the country.
The most basic design goal of these locks is that a correct key is required for operation; ideally, it
should not be possible to operate a lock without possession of the key. (This is rarely achieved in practice
due to limitations on manufacturing tolerance and precision, but that is not critical for the purposes of this
discussion). Among the first security parameters for discussing locks, therefore, is the number of possible
unique keys (called
differs
in the terminology of the trade), which gives the probability that a randomly
cut key will operate a given lock and an upper bound on the resources required to find a working key by
exhaustive search. On typical locks, there are between several thousand and several million possible distinct
keys. While this may seem small by computational security standards, mechanical locks perform on a more
human scale. Testing a key against a lock is an “online” operation requiring seconds, not microseconds, and
carries at least some risk of discovery if the lock is not one to which the attacker has legitimate access.
Computer security and cryptology borrows much of its terminology and philosophy from mechanical
locksmithing. The concept of a “key” as a small secret that allows access or operation, the notion that system
security should be designed to depend only on the security of keys, and even the reference to attackers as
“intruders,” can all be traced back to analogies in physical security that long predate computers and modern
cryptology.
Conversely, the design of mechanical locks could well be informed by analysis techniques developed for
computer security and cryptology. For example, formal notions of the computational complexity and other
resources required to attack a system could be applied to the analysis and design of many aspects of me-
chanical locks. In general, however, these concepts have not enjoyed widespread adoption by locksmiths or
1
Figure 1: A pin tumbler lock cylinder.
Left:
The cylinder face. Note the
keyway,
which is cut into the
plug,
which in turn sits inside the
shell. Right:
Side view, with part of the shell and plug cut away to expose the
six
pin stacks.
Note the border between the plug and shell, which forms the
shear line,
and the
cuts
in each
pin stack resting within the plug.
lock designers. Computer security specialists, for their part, are often surprisingly unskeptical in evaluating
claims of physical security.
This paper examines the security of the common master-keyed pin tumbler lock against an insider threat
model more commonly associated with computing systems: unauthorized
rights amplification.
As we shall
see, this threat can also be quite serious in physical security systems.
1.1 Pin Tumbler Locks
A full description of pin tumbler lock design is well beyond the scope of this paper. For an excellent
discussion of lock design and security issues, the reader is referred to [1]. For the purposes of consistent
terminology, a brief overview follows.
The modern pin tumbler lock is quite simple, dating back to ancient Egypt but not commercially mass-
produced until the middle of the 19th century. The basic design consists of a rotatable cylinder tube, called
a
plug,
that operates the underlying locking mechanism. Around the circumference of the plug is a
shell,
which is fixed to the door or container. Rotation of the plug within the shell operates the locking mechanism.
In the locked state the plug is prevented from rotating by a set of movable
pin stacks,
typically under spring
pressure, that protrude from holes in the top of the opening in the shell into corresponding holes drilled into
the top of the plug. Each pin stack is
cut
in one or more places perpendicular to its length. See Figure 1.
(In practice, the cuts are produced by stacking pin segments of particular sizes, not by actually cutting pins;
hence the term “pin stack.”)
With no key in the lock, all the pin stack cuts rest within the plug. When a key is inserted into the
keyway
slot
at the front of the plug, the pin stacks are lifted within the plug and shell. The plug can rotate freely only
if the key lifts each pin stack to align their cuts at the border between the plug and shell, called the
shear
line.
See Figure 2. The plug will be blocked from rotating if any pin stack is lifted either not far enough
(with the cut still in the plug below the shear line) or too far (with the cut pushed above the shear line and
into the shell); all cuts must be at the shear line. See Figure 3. The height of a key under each pin stack
position is called its
bitting;
the bitting of a key is the “secret” needed to open a lock. A key that is bitted to
the wrong height in even one pin position will not allow the lock to operate.
Generally, a lock manufacturer will chose from among only a small number of standard bitting heights
at each pin position. This allows keys to be described concisely: typically, the bitting is written starting
from the shoulder (handle) of the key to the tip, giving the standard height number at each position. So a
2
Figure 2: Pin tumbler lock with a correct key inserted.
Left:
The correct key lifts the pin stacks to align the
cuts at the shear line.
Right:
With all of the cuts at the shear line, the plug can rotate freely within the shell.
Here the plug has been turned slightly toward the camera, so that the tops of the pins in the plug are visible.
Figure 3: A lock with an incorrect key. Observe that while three of the pin stacks’ cuts are at the shear line,
two stacks have the cut too high and one stack has the cut too low.
3
Figure 4: A master keyed pin tumbler lock.
Left:
Each of the six pin stacks has two cuts.
Right:
With the
correct
change key
inserted, one of the cuts on each pin stack is aligned at the shear line. Observe that the
other cut is sometimes above and sometimes below the shear line.
key for a five pin lock denoted “12143” would be cut to height “1” nearest the shoulder, and proceeding
toward the tip cut at heights “2,” “1,” “4” and “3.” (The exact specifications of the heights and positions for
different locks are widely known in the trade and could be discovered easily by disassembling a sample lock
or measuring a small number of cut keys.) Typically, the number of pins is in the range of four to seven, and
the number of possible heights ranges from four to ten, depending on the lock manufacturer. Better quality
locks employ more pins and use more distinct bitting heights on each.
Locks can usually be defeated in various ways, although a discussion of lock picking and other bypass
techniques that require specialized skills or tools is beyond the scope of this paper. In practice, even very
modest pin-tumbler locks are often sufficiently secure (or offer the perception of being sufficiently secure)
to discourage the more casual would-be intruder from attempting entry without a key. Probably the most
commonly used techniques for unauthorized entry, aside from brute force, involve procuring a working key.
1.2 Master Keying
Complicating the analysis of pin tumbler lock security is the fact that, especially in larger-scale installations,
there may be more than one key bitting that operates any given lock. The most common reason for this
phenomenon is the practice of
master keying,
in which each lock in a group is intended to be operated by its
own unique key (the
change key
in trade parlance) as well as by “master” keys that can also operate some or
all other locks in the system.
Master keying in pin tumbler locks can be accomplished in several ways, with the earliest systems dating
back over 100 years. The conceptually simplest master key method entails two cylinders on each lock, one
keyed individually and the other keyed to the master bitting; a mechanical linkage operates the lock when
either cylinder is turned. Other master keying schemes employ an independently keyed
master ring
around
the lock core, and still others depend on only a subset of pin positions being used in any given lock. All
of these approaches have well-known advantages and disadvantages, and are not considered in this paper.
Most importantly, these schemes require the use of special locks designed specifically for master keying.
The most common master keying scheme – the subject of consideration of this paper – can be used
with virtually any pin tumbler lock. Recall that in a pin tumbler lock, each pin stack is cut in one place,
defining a specific distance that the stack must be lifted by the key bitting to align with the shear line. In the
conventional pin tumbler mastering scheme, some or all pin stacks are cut in more than one place (typically
in two places), allowing additional bittings that align such pins. See Figure 4.
Consider for example, a lock
A,
which has five pin stacks with four possible cut positions in each.
4
Suppose pin stacks 1 through 5 are each cut in two places, corresponding to bittings “1” and “4”. Observe
that this lock can be opened by at least two keys, one with bitting 11111 and another with bitting 44444.
We could create a second lock
B,
this time with pin stacks 1 through 5 cut at depth “2” and depth “4”. This
lock can be operated by keys cut 22222 and 44444. If these are the only two locks in the system, keys cut
11111 and 22222 can be said to be the change keys for locks
A
and
B,
respectively, while a key cut 44444 is
a master key that operates both.
There are a number of different schemes for master keying; the subject is surprisingly subtle and com-
plex, and the trade has developed standardized practices in recent years. For an excellent treatment, the
reader is referred to [2].
For the purposes of our discussion, it is sufficient to note that modern master systems fall into two broad
categories:
Total Position Progression (TPP)
and
Rotating Constant (RC).
In TPP schemes, every pin stack
has a single separate master cut, which is never used in that position on any change keys. In RC schemes,
change keys do share the master bitting for a fixed number of pin stack positions, although the positions will
vary (rotate) from lock to lock. Both these schemes can implement a directed graph with several levels of
master keys: “sub-master” keys that open a subset of locks in the system and “grand master” keys that open
more
1
. The highest-level master key, which opens all locks in a multi-level system, is sometimes called the
Top Master Key (TMK).
The astute reader will note that master keying of conventional locks reduces security in several important
ways. Because each mastered pin stack aligns with the shear line in several positions, mastered systems are
more susceptible to unintentional
cross keying,
in which keys from the same or other systems will operate
more locks than intended. For the same reason, mastered locks tend to be more vulnerable to outsider bypass
methods such as picking and impressioning. These weaknesses can be mitigated to some extent through
careful planning, improved mechanical construction, and the use of additional pin stacks and possible pin
heights.
In this paper, however, we introduce new methods for discovering the master key bitting in conventional
pin-tumbler systems given access to a single change key and its associated lock. No special skills or tools are
required on the part of the attacker, nor is it necessary to disassemble any lock or engage in any inherently
conspicuous or suspicious activity. We also suggest countermeasures that can frustrate these attacks to at
least some extent under certain circumstances.
2 Rights Amplification: Reverse-Engineering Master Keys
Clearly, the most valuable, sensitive secret in any lock system is the bitting of the top-level master key
(TMK). Insiders who possess legitimate change keys and have physical access to locks are a particularly
serious threat in master keyed systems. The primary purpose of assigning locks unique change key bittings
is to allow operating privileges to be granted to only specific locks; if a change key can be converted into
a master key, a major security objective of the system is compromised. In the terminology of computer
security, master key systems should resist unauthorized
rights amplification.
Unfortunately, in general they
do not.
2.1 Background
Several time-honored methods convert change keys into master keys, with different techniques applicable
depending on the particular system and resources available to the attacker.
There are also
Selective Key
systems, in which any lock can be keyed to operate with an arbitrary subset of keys, using
techniques similar to master keying, and
Maison Key
schemes, in which certain locks are keyed to all keys in a group. We do not
consider such systems here.
1
5

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin