You might have seen the term KeeLoq rolling code or hopping code in reference to transmitters and receivers. But what does it mean and how does it work?
Przewiń, aby dowiedzieć się więcej
KeeLoq rolling code, sometimes also known as hopping code, is commonly used as a security measure for encrypting radio frequency transmission. It can be found in a wide variety of contexts such as garage door openers, access control systems, keyless car entry, automatic gate triggers, and more.
Rolling code works by preventing the transmission from being recorded and saved, then replayed later to trick the receiver into unlocking the door or barrier.
Transmitted code functions like a password. When activated, a transmitter generates and sends a signal containing the password to its paired receiver. The receiver analyses the password to see if it is acceptable. If accepted, the receiver then triggers a relay, allowing the door or barrier to be unlocked and opened.
In a fixed code system, the password never changes. This leaves the system vulnerable to attack, as if someone was able to find out the password, they could use it to gain access without authorisation. Rolling code significantly reduces the risk of unauthorised entry because the password changes every time it is used.
Rolling code transmission systems use methods of encrypting the data that allow the transmitter and the receiver to share passwords, but which make it considerably more difficult for an attacker to discover them. KeeLoq® is a proprietary block cypher that is one of the most commonly used encryption methods for radio frequency transmission.
KeeLoq hopping code utilises a 66-bit transmission code, of which 32 bits are encrypted. In the encrypted section alone, there are almost 4 billion possible code combinations, which would take approximately 17 years to fully scan. The transmitted passwords cannot be re-used regularly, to prevent interception and unlawful access. Once a passcode has been used, it will not be valid again until approximately 65,000 other valid codes have been used. In normal usage scenarios, it would take more than 20 years for a code to become valid again.
In order for rolling code to work, the transmitter and receiver need to synchronise their code generation. If they don’t, the random password sent from the transmitter would not match the random password expected by the receiver. As such, the term random is slightly misleading here. In reality, the transmitter and the receiver use Pseudo Random Number Generators (PRNGs) to produce a series of passcodes that are seemingly random to outsiders and therefore unpredictable to attackers.
The PRNG is an algorithm which ensures that the series of numbers generated by both the transmitter and the receiver is identical. That way, whenever a passcode is produced by the transmitter, it will match the one generated by the receiver and allow access. The sequence of codes is therefore not truly random; both the transmitter and the receiver must start from the same seed code in order to synchronise properly.
A passcode is generated every time the button on the transmitter is pressed, even if it is out of range of the receiver. If it is out of range, the receiver does not generate a code – therefore leaving the transmitter and the receiver unsynchronised.
To overcome this limitation, the receiver stores a list of the upcoming passwords pre-determined by the PRNG. In KeeLoq hopping code, the list is up to 1,000 future passwords. Once the transmitter comes back into range of the receiver and the button is pressed, the receiver can still identify the code as one of the upcoming passwords and allow access. The ‘missed’ codes that were generated by the transmitter while it was out of range are simply invalidated and the codes are synchronised once again.
KeeLoq also benefits from additional synchronisation security measures. If the transmitter button is pressed 16 or more times whilst out of range of the receiver, the receiver will not unlock the door or barrier on the first press of the button once back in range. Re-synchronisation will only occur when the receiver is sent two consecutive matching codes from the list of valid future codes. In a typical system, if the transmitter button is pressed a few thousand times while out of range, it will be permanently locked out of the receiver and must be manually re-synchronised.