Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks
In the United States and elsewhere, mechanical locks are the most common mechanisms for access control on doors and security containers. They are found in (and guard the entrances to) the vast majority of residences, commercial businesses, educational institutions, and government facilities, and often serve as the primary protection against intrusion and theft.
The modern pin tumbler lock is quite simple, dating back to ancient Egypt but not commercially massproduced until the middle of the 19th century. The basic design consists of a rotatable cylinder tube, called a plug, that operates the underlying locking mechanism.
Complicating the analysis of pin tumbler lock security is the fact that, especially in larger-scale installations, there may be more than one key bitting that operates any given lock. The most common reason for this phenomenon is the practice of master keying, in which each lock in a group is intended to be operated not only by its own unique key (the change key in trade parlance) but also by “master” keys that can also operate some or all other locks in the system
Several time-honored methods convert change keys into master keys, with different techniques applicable depending on the particular system and resources available to the attacker. The simplest approach to master key discovery involves direct decoding of an original master key, e.g., from visual inspection, photographs, photocopies, or measurement.
Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks examines mechanical lock security from the perspective of computer science and cryptology. It focuses on new and practical attacks for amplifying rights in mechanical pin tumbler locks. Given access to a single master-keyed lock and its associated key, a procedure is given that allows discovery and creation of a working master key for the system. No special skill or equipment, beyond a small number of blank keys and a metal file, is required, and the attacker need engage in no suspicious behavior at the lock’s location.
Countermeasures are also described that may provide limited protection under certain circumstances. The guide is concluded with directions for research in this area and the suggestion that mechanical locks are worthy objects for study and scrutiny.
Following topics are covered in this guidebook:
- Introduction
- Background: Mechanical Locks
- Evaluating Lock Security
- The Pin Tumbler Lock
- Master Keying
- Rights Amplification: Reverse-Engineering Master Keys
- Background
- An Adaptive Oracle-Based Rights Amplification Attack
- Notation
- The Attack
- Practical Considerations
- Experimental Results
- Countermeasures
- Conclusions and Lessons Learned
- Acknowledgments
- References
