Idea: The Open Source Lock

[Shrub]

Ive not seen a unsnappable euro yet but i dont have many exotic brands around here, technique or rather poor technique can damage even the easiest locks to break or the hardest cases to bend,

Regards a lock body?

Off the top of my head as we are inventing here and maing a new type of lock? how about a slot that takes a simular thing to a memory card, on the memory card you could either have a software keyor hardware key, personally i like the hardware key as softawre keys have the issue of brute force,

A simple stamp sized card thats slotted into a connector behind a sprung weather flap sounds good to me right now with a new type of mech in the door,

[raimundo]

Marlok has a digital code along the key, that is read by shineing red light through it. there are three line of red dots, along the key length, this could be a start for your key, I mean an idea to take off from, and as far as any battery I think you should try something else, like the dial spin generator in some of the mas hamilton x series locks, or a piezo electric source operated by the turning handle.

[mh]

Very cool idea. but a smaller version of what you are describing is already on the market.

http://www.videx.com/products/listing.html

Very cool little locks, if anyone has one ide lock to have a play with one as ive seen an iPod mod which i think could be used to bypass these. i dont say any more as...

You're right, Videx is similar, but: nobody knows if they are designed properly ('closed source'), they might have vulnerabilities or even built-in backdoors.

There's an electronic circuit in them, that is powered from the key, and that decides whether or not the clutch mechanism is engaged.
Applying high voltage to the contacts will probably render them unusable ('break to secure'),
other more smart attacks might exist, such as you described,
and given the small size, I doubt that they present much protection against destructive entry.

So - The Open Source Lock should of course be much better

Cheers,
mh

[JackNco]

That could be done with a modified SD card hooked up to a gumstick Computer. then have the serial operate a latch. but i would never want a computer in charge of my home security.

[raimundo]

Dont put the lock on the door, put the strike plate on the door and build the lock into a strong door frame with a hand hole so that to put the key in, you have to put your hand into that recess and perhaps apply the key to the keyhole in an upward direction just to make it difficult to get to by manipulators.

[JackNco]

have you ever read up on the MegaSquirt project? its a DIY ECU for a car. they produce the blank circuit board and sell the products you need to put it together then you solder it up your self and program it your self or use ECU maps other people have made and uploaded.

The best option for this lock may be a way of retrofitting an existing lock with the components. if you would realistically like to give it a go?

All the best.

[mh]

Regards a lock body?

Off the top of my head as we are inventing here and maing a new type of lock? how about a slot that takes a simular thing to a memory card, on the memory card you could either have a software keyor hardware key, personally i like the hardware key as softawre keys have the issue of brute force,

A simple stamp sized card thats slotted into a connector behind a sprung weather flap sounds good to me right now with a new type of mech in the door,

Sure, there are way better concepts than Euro cylinders.
Look at U.S. style deadbolts,
or the Swiss oval locks;

even the Euro cylinder was modified some years ago by BKS; they replaced the hole by 2 dimples and made sash locks that would grip the cylinder at these dimples. Didn't seem to be successful in the market, though.


Regarding this project proposal, I thought that in oder to have something that could be brought into reality, such project would need quite a few supporters (as in: computer security specialists, mechanical engineers, etc., not all of them are necessarily lockpicking enthusiasts),
and it's unlikely that they would all be willing to modify their doors.

Hence the idea to make something that many people could use more easily - in this part of the world that would be a standard format Euro cylinder.

[TOWCH]

Very cool idea. but a smaller version of what you are describing is already on the market.

http://www.videx.com/products/listing.html

Very cool little locks, if anyone has one ide lock to have a play with one as ive seen an iPod mod which i think could be used to bypass these. i dont say any more as...

1 - Its advanced material
2 - i have no idea if it woudl work without testing it
3 - If it does work ide love to be the first 2 publish it.

All the best

I've been thinking the same thing :twisted: but: http://www.peiferlock.com/cyberlock/

check out slide 7.

Maybe that's like Mul-T-Lock being bump proof or master locks being pick resistant.

[JackNco]

3V and will take a taser hit. im sure i can crack one of these

[mh]

I've been thinking the same thing but: http://www.peiferlock.com/cyberlock/

check out slide 7.

Maybe that's like Mul-T-Lock being bump proof or master locks being pick resistant.

Thanks for finding a picture of the inside of a Cyberlock again.

It's a very interesting system design, incl. concepts for emergency services, etc.

But - how would that little thing provide more than 2 minutes of drill resistance?

The Open Source Lock on the other hand should be reasonably secure against destructive entry. Therefore the 'lots of metal and other stuff' idea...

Cheers,
mh

[TOWCH]

TOWCH,
I like the 2-part concept, as you described, together with a decoy;
that would be a nice option if it fits the door.
For my door, I'm looking for a manually operated Euro cylinder, that will move an existing multi-point locking system - pretty high torque required.

Concealing the key as something else is a nice idea, too. However it somehow conflicts with the concept of Open Source that specifically does NOT rely on so-called 'security by obscurity'.

About the authorization method; I thougt of rolling codes, too - the part I don't like about it that someone with brief access to the key could 'steal' an access code that would work until the key is used the next time.

Of course that could be done with challenge-response-methods and "cellphone-in-the-middle", too,
but adding time constraints would make such attacks very difficult; after all, most ready-to-use radio links have a considerable transmission delay.

Plus, one could add a keypad or other push-keys-in-a-sequence-type authorization methods to the key.

Cheers,
mh

So we want a key that will tamper evidently resist attempts at duplication given physical access, AND relying on the availability of a lock and key for studying purposes to the attacker. I've always thought building locks around a key was the logical way to approach lock design.

I really like the idea of a fiber optic strand keyway, and LED key so I'll run with that. So that leaves the issue of inherant security of the challenge response.

I'm not a hundred percent on rolling code systems but I'll take a shot at designign a secure one. So lets do a double rolling code. The key consists of a flash memory chip, a microcontroller, the necessary support circuitry, battery, an LED, and a photoresistor. Lock control circuitry is similar.

This format kinda illustrates the concept

Code: Select all

Challenge|Response

Key                                 
--------
#1
Auth
01100          11001
#1
I'm ready
00010
#1
Secret
11111          00000

#2
Auth
10101          00001
#2
I'm ready
10101
#2
Secret
01101          10100

Lock
--------
#1
Auth
01100          11001
#1
I'm ready
00010
#1
Secret
11111          00000

#2
Auth
10101          00001
#2
I'm ready
10101
#2
Secret
01101          10100


You do the exchange in two steps. Authentication, and vital key exchange. The time between the start of authentication and the completion of the vital key exchange cannot be longer than the bare minimum needed with the key, or the lock goes in to a penalty timeout of 30 minutes, and the lock moves to the next set of keys. I don't want to deal with the headache of what the lock/key should do in the event of someone tampering with them, but there should be a secure solution to that problem. If the key starts the exchange in response to a pin on the lock face depressing a recessed button on the key face, tampering should be the only cause of problems.


Authentication:
Key spits a challenge to the lock. Lock grabs next up number, spits back response. Key verifies response, if correct, sends the "I'm ready" number.

Secret Key exchange:
lock recieves I'm ready number, lock spits a challenge to the key, key grabs next up number, spits out the response. Lock verifies response, if the codes match, you're in.

I don't know if this is how car rolling code sysems already work, but if it is, I don't understand how anything could be compromised. Timing the exchange seems like it would secure everything.

[hurri]

Nice one guys...but...one of the most important rules in lockpicking is that every lock can be opened with alternative methods...why would you like to do a lock that you can't open using lock picks?..i realise that technology has evolved but as long as you have a key or a code to open it...it can be picked...if not by lockpickers maybe by hackers...
my opinion...

[morphje]

I'm seeing one big problem here and that's mechanical backup.

I know it's not meant to be on this opensource lock. But what if the power fails, the microchip gets damaged, the battery dies or some other technological disaster.

Truth to be told, i still would prefer my trusty old mechanical nino cylinder in my door. (or if i could pay for it, a nice zeiss ikon). As long as those no-good wannabee locksmiths don't spray wd-40 into my locks (yes it has happened to me, i could shoot the dog at the time), those mechanical locks should work for days to come.

futhermore i doubt the current day micros would have enough crypto power on board, unless you spend a lot of money. I'm thinking AVR attiny25 kind of power, because those are small enough to fit inside keys and cheap enough for a doable opensource design.

[digital_blue]

The issue of mechanical backup is an important one. It is all well and good to design a hyper-secure lock, but it has to be functional as well.

And, of course, if you put a mechanical backup in the the lock, you are open to physical bypass issues.

I'm just throwing out a couple ideas here, but I know that often times in systems like this the "key" does not actually have a power source. It draws power from the lock. Handy, 'cause you never have to replace a battery in the key.

However, what if the lock itself had no power source and drew it's power from the key? No worries of power failures at that point. If your battery dies in your key, at least it's a simple matter to change it and you're back in.

Admittedly, I've spent almost no time studying electronic access controls, so this may be common practice for all I know. But it seems like it would be a better system to me.

db

[UWSDWF]

power from the key is how Videx system works