The (in)security of proprietary cryptography

Proprietary cryptography is a term used to describe custom encryption techniques that are kept secret by its designers to add additional security. It is questionable if such an approach increases the cryptographic strength of the underlying mathematical algorithms. The security of proprietary encryption techniques relies entirely on the competence of the semi-conductor companies, which keep the technical description strictly confidential after designing. It is difficult to give a public and independent security assessment of the cryptography, without having access to the detailed information of the design. Proprietary cryptography is currently deployed in many products which are used on a daily basis by the majority of people world-wide. It is embedded in the computational core of many wireless and contactless devices used in access control systems and vehicle immobilizers. Contactless access control cards are used in various security systems. Examples include the use in public transport, payment terminals, office buildings and even in highly secure facilities such as ministries, banks, nuclear power plants and prisons. Many of these access control cards are based on proprietary encryption techniques. Prominent examples are the widely deployed contactless access control systems that use the MIFARE Classic, iClass and Cryptomemory technology. A vehicle immobilizer is an electronic device that prevents the engine of the vehicle from starting when the corresponding transponder is not present. This transponder is a wireless radio frequency chip which is typically embedded in the plastic casing of the car key. When the driver tries to start the vehicle, the car authenticates the transponder before starting the engine, thus preventing hot-wiring. According to European Commission directive (95/56/EC) it is mandatory that all cars, sold in the EU from 1995 onwards, are fitted with an electronic immobilizer. In practice, almost all recently sold cars in Europe are protected by transponders that embed one of the two proprietary encryption techniques Hitag2 or Megamos Crypto. In this doctoral thesis well-known techniques are combined with novel methods