Wednesday, 16 December 2015

The future of door keys?

I was pondering the future of conventional keys.

We already see cars not needing the conventional bit of cut/bent metal but using keyless access.

And I do not just mean my concerns over the ease of 3D printing an ABS "security" key. Any mechanical key can be copied.

Sadly many electronic keys can also be copied, it is just that the technology is a tad different. So where next?

One thought is proper cryptographically secure challenge/response keys using RFID and the like. Some places use these. They are ultimately secure and un-copiable.

But really, why do we even need "keys" any more, in any meaningful way - we all have smartphones. Surely unlocking a door is a simple matter of an app on your smart phone?

With any reader, the issue is, of course, the lock. You need electrically operated locks. There are several out there, even ones designed to bolt in to a euro-profile cylinder if you want.

But such a system has way more security options.

For a start, this can be local network only on the home wifi, so not reliant on the "Internet" in any way. An app can talk over the house wifi to a system that operates the lock. You need some UPS or backup power for wifi and the lock, but to be honest that is not difficult.

The data can be encrypted, and you can even use the GPS to confirm the device is really local and use finger print reader to authenticate.

From a user point of view it could be a matter of finger click on app. No need for readers or key fobs or shit at all.

Maybe "readers" and "keys" will truly become a thing of the past?

Of course it may eventually get to the point of good facial recognition and the doors you are allowed to open always are just open for you.

P.S. I love the idea that an estate agent will be totally flummoxed when selling my house that there are no actual "keys" to hand over :-)


  1. Didn't you wire-wrap some doorlock electronics with a 6502 a million years ago?

  2. No we don't all have smartphones (I don't, I don't need one, the contracts are bloody expensive, and if you don't have a contract their incessant network chatter costs you a bomb in charges anyway).

    Also, copying a front door key to give it to cleaners, relatives, or your fourteen-year-old children is a matter of a couple of quid. Buying them a smartphone is a bit different.

    That's not to say that door keys are anything but laughable: trivial security faults in front door locks have been known for at least a century, and are known by both locksmiths and criminals, but the last attempt to publicise it to other people was met with lawsuits pour discourager les autres. However... consider two problems with any replacement. Firstly, half the system is non-networked (I very much hope) and physically embedded in millions of front doors. If a security hole is found in your widely-used implementation, what exactly do you do? Secondly... door locks are really there only to give the *appearance* of security and to keep out very casual intruders. Anyone else can just break a window and get in in seconds, or jimmy one open. You can't get much more security than that without living in a windowless box, and, well... no thanks, that does not sound very appealing.

    1. The cleaners very likely already have an iphone. Wouldn't be a big surprise if the 14-year-old children also have some kind of smartphone...

      But wifi is a terrible idea. If someone wants to stop you getting in, it's trivial to jam.

    2. If I was doing this, I would add a rfid tag reader as the primary way of getting in, frankly its easier to wave my wallet at a reader than it is to use any app on my phone. And I could give out tags to people which is no less secure than giving them a key, in fact more secure because you can restrict when they will work.

      I'd still have the cool phone stuff too for showing off but I wouldn't rely on it too much because the number of times I've run out of charge on my phone, or left it at work is greater than zero :)

    3. A smartphone is far too complex a device to be involved with my domestic security. Think of all the ways it can be subverted, by design and otherwise. (Not to mention your front door key codes are probably now backed up on a Google server somewhere, ready for the first hacker who comes along.)

    4. I'm wondering about the right protocol here. Clearly you want something immune to replay attacks... perhaps something like the Yubikey, only souped-up so you get something more like the full protocol even when contactless (right now the contactless protocol does not increment the session counter, AIUI, so after 255 contactless passwords you run out of use counter bits). With the 'session counter' removed and lumped into the use counter, and the backward-compatibility bit dropped from the session counter (since we don't need it for this application, it's only for Yubikey 1 compatibility), you'd have 32 bits of use counter, more than enough for lifetimes of use: throw in a nice big per-key identity and you could make lots of keys easily and give them to people without ever needing to worry that any of *them* could make more copies (because each has its own per-key ID and requires a change to the authentication server backing the lock, to tell it about the new key: it's a new key, not a copy of an existing one). This would be more or less ideal, and much better than existing keys: the lock owner gets to dictate which keys are valid, and each key is unreplayable even by people closely monitoring it and has its own internal secret used to AES-encrypt the output (shared with the lock) so the output looks unpredictable as well.

      Downside: this device does not exist yet. :) Oh and unless you shared your secret with multiple locks (not really recommended) it's still a one-key one-lock device.

      We could definitely do *far* better than present-day locks right now with close relatives of equipment I have on my desk, only controlling a door-locking bar. The problem, of course, is convincing insurers of that... and they are not great experimentalists.

  3. There's also the insurance aspect to consider. There are two parts to this:

    First, I have to have BS-approved locks, which means "normal" locks. If I don't, my insurer would deny any claim I made. (Knowing insurers, they'd probably do that even if the claim is completely unrelated to the locks, just because they can).

    Second, if someone used one of the well-known vulnerabilities in my "normal" locks to break in, there would probably be evidence, even if I had to hire a forensic locksmith to find that evidence. In that case, I could successfully claim for the theft. But if someone hacked an electronic lock, with the right vulnerability there may be no trace (see: Heartbleed). In that case, the insurer would claim that I didn't lock the door and deny my insurance claim.

  4. I also do not have a smartphone. I find them too big and heavy to carry around in my pocket, they're stupidly large for making phone calls, and yet the screen is far too small for sensible internet usage. Instead I have a basic boring Pay As You Go GSM phone (tiny Nokia thing), and then in my bag I have an iPad Air2 with a 3/4G data SIM in it for using the internet on the move. I find this a much more functional set of equipment to carry around.

    And also, my cleaner has a back door key and her own code for the burglar alarm (which I suspect is her cash card PIN, but I can't read it out of the alarm so that's not my concern).

  5. The insurance angle is a good one - I do have the call recording when I ordered my home insurance and paid for it including my telling them I have electric locks on my study... Just in case :-)

  6. Floating magnets are the current state of the art in mechanical keys. The keys have magnets carefully engineered to float (slide freely within the key). The lock has magnetic pins as well as the normal mechanical ones, but they're set up so that during the key turning motion they need to move. The floating magnets of course, unlike a normal key or a set of lock picks, move smoothly with gravity as the key is turned, and in the process they move the lock pins correctly, and the bolt is free. A copy with no magnets fits initially, but won't turn.