Idea: The Open Source Lock

[snr_yoda]

What about a type of scanner, much like a bar code at the market? Have that on the side of the key so that 1) The key will work the pins, taking care of one lock then 2) The key is then scanned to make sure that it is correct, taking care of a second lock? That way it will minimize it's ability of being picked with said second lock.

[n2oah]

You guys need to think of a lock with no exposed hardware. It would be completely on the other side of the door, or built in the door. Maybe cermaic plates over the hardware if it were in the door. Multi-point locking bolts, too.

[mh]

You guys need to think of a lock with no exposed hardware. It would be completely on the other side of the door, or built in the door. Maybe cermaic plates over the hardware if it were in the door. Multi-point locking bolts, too.

You could do that with existing technology that's used for safes - you can even replace the safe lock electronics if you don't trust the manufacturer.

However I still like the idea of a lock that can be used as a replacement for "what's already there", w/o the need to modify the whole door.
I believe that concept will lead to a lot of real-world installations.

Cheers,
mh

[mh]

What about a type of scanner, much like a bar code at the market? Have that on the side of the key so that 1) The key will work the pins, taking care of one lock then 2) The key is then scanned to make sure that it is correct, taking care of a second lock? That way it will minimize it's ability of being picked with said second lock.

A lot of such concepts exist, such as the ASSA CLIQ and many more.
(I remember BKS doing that in 1995, having a normal 5 pin tumbler lock with a 6th pin added and controlled by a magnet. I never tried to bypass it but thought that this single 6th pin might have been a bit weak against brute force.)


That would mean mechanics AND electronics must both open (vs. the mechanics OR electronics 'over-ride' idea that was also discussed).


Sure that could be done, but I think it's simply way more complicated, plus the space used for a mechanical locking mechanism could otherwise be used for very strong drill protection. But yes, it's a possibility.

[n2oah]

mh, that is true. However, you are opening up your lock to numerous flaws in the design of door hardware, and that's a huge problem, because the hardware is also attacked.

[TOWCH]

So interior boltwork? People will think you're crazy, and I don't think it would fly with a wife or other feminine living partner, but definately hardcore. Add a full sized glass relocker and a time lock and you can start start taking deposits.

Wireless is good, but it has to be able to hold up to the entire exchange being passively recorded and analyzed. So easy to do, it just has to be assumed to be happening constantly.

You could get two wifi capable linux palm computers, have the interior one locked down with all services but wifi and SSH disabled, have it hooked up to the boltwork motors with the control script's permissions set at root only, and then have it autorun on successful login. To key in, login to the SSH prompt as root.

Man in the middle vulnerable? I don't know. Cryptoanalysis? I hope not for the sake of the internet.

[mh]

mh, that is true. However, you are opening up your lock to numerous flaws in the design of door hardware, and that's a huge problem, because the hardware is also attacked.

I'm not too worried about the surrounding hardware around a Euro cylinder, as there is a lot of good stuff readily availbale on the market, including "interior boltwork"
see e.g. http://www.vogtmann.at/images/BalkenschlossNeu.jpg

Cheers,
mh

[n2oah]

Ah, then I don't see much being wrong with using a euro cylinder, as long as it's break-secure.

[mh]

Ah, then I don't see much being wrong with using a euro cylinder, as long as it's break-secure.

Right.
Also, good hardware (strong "escutcheon plates", etc.) is designed so that there is no physical access to the Euro cylinder (except to the keyway of course). Have a look at the hardware in the middle of the picture that was linked above.

Such hardware is one concept of protecting a Euro cylinder from beeing broken off (1),
"break-secure" is another concept (2).

The term "break-secure" usually refers to the concept of designing-in weak spots, so that a lock breaks at these defined positions and remains still closed.
An example that's interesting in many ways would be this:
http://www.toool.nl/blackbag/?p=42

IMHO after breaking it's then far less secure than before, so for my own doors, I go with concept (1).

Cheers,
mh

[n2oah]

However, you must still remember that escutheons can be peeled off of the door, exposing the cylinder to snapping.

[jhl]

Preventing someone drilling through the optical guide would not be hard - either use an optical fiber, and some sort of complex hardened barrier, or use internal mirrors and fill it with clear resin.

Either way, a non-straight optical path would be one solution.

Even easier would be simply to place the LED/photodetector pair at the front of the keyway with a small window, and put the anti-drill protection behind them. Someone can mash the interface if they try hard enough but it won't open the lock. Same as exposed keypads on safes - the actual brain is in a much safer location.

[mh]

Even easier would be simply to place the LED/photodetector pair at the front of the keyway with a small window, and put the anti-drill protection behind them. Someone can mash the interface if they try hard enough but it won't open the lock. Same as exposed keypads on safes - the actual brain is in a much safer location.

That's right (although there are even safe locks that require no hole in the door at all and actually 'knock' on the door )

However, safe lock manufacturers (hopefully) have very good experts on protecting their circuit from electric energy that exceeds all expected levels in term of voltage, current, frequency, etc.
That's very difficult to achieve,
and I have no idea how I could be really certain that a circuit cannot be manipulated that way.
Therefore the optical transmission idea.

Cheers,
mh

[jhl]

However, safe lock manufacturers (hopefully) have very good experts on protecting their circuit from electric energy that exceeds all expected levels in term of voltage, current, frequency, etc.
That's very difficult to achieve,
and I have no idea how I could be really certain that a circuit cannot be manipulated that way.
Therefore the optical transmission idea.

With appropriate digital design practices, and handy things like high-voltage protected optocouplers on the "brain board", you could run wires to the front without any danger of anything short of lock destruction (which is going to be possible with any lock design, ever).

External power inputs would need to be heavily filtered to prevent things like differential power analysis.

[greyman]

Hello mh, nice post. (I'm back from my holiday now!)

You say the main idea is to have a lock that satisfies requirements (1) to (3). Item (4) seems to propose that electronic is the way to go. Item (5) then says it should be programmable so as to accept people's software.

Your machine is sounding a lot like an unhackable, physically strong computer attached to a door!

Do you think it should have an actual physical key, ie a separate one, or just a sensor or code-entry device?

I would think that it would be better not to have a keyway at all, or even an obviously visible sensor. As for codes, what is wrong with something like PGP where you get a public and secret key. Something like this would be not practical to hack.

cheers

greyman

[mh]

Hi greyman, good to see you back!

I would think that it would be better not to have a keyway at all, or even an obviously visible sensor. As for codes, what is wrong with something like PGP where you get a public and secret key. Something like this would be not practical to hack.

As usual, there are many different solutions for the same problem

My particular flavor of the problem includes that I would like to use the solution myself, to replace the Euro cylinder on my front door.
(And I think that application could be useful for many other users - especially those who could contribute to such project )

Other solutions would include a motor-driven system, just like the ELV KeyMatic, and that's fine, too - but (1) I don't fully trust the Keeloq system inside the KeyMatic (so I would have to replace it), and (2) it's probably more expensive, and (3) my wife doesn't like its look on the inside of the door...

In terms of the "codes" - yep, the stuff with signing random values that was mentioned before is indeed something very similar to PGP, maybe with other encryption algorithms.


Currently I'm playing around with the Texas Instruments MSP430 microprocessor - they have a $20+shipping starter kit, it's the size of a USB stick, and it might very well work fine as a key. At the same time that processor has very little power consumption, and would probably work with a standard CR2032 lithium cell for quite a long time.

But the best part is their cheap offer for starter kits - if that could indeed be converted to a key (or lock) electronics platform, the project could find more contributors more easily.

Cheers,
mh