Security Analysis of an Open Car Immobilizer Protocol Stack

Stefan Tillich, Marcin Wojcik

Research output: Other contribution


Openness is a key criterion of security algorithms and protocols which enable them to be subjected to scrutiny by independent security experts. The alternative "methodology" of secret proprietary algorithms and protocols has often ended in practical breaks, e.g. of the MIFARE Oyster cards for public transport or the KeeLoq remote control systems. Open evaluation is common for general applications of security, e.g. the NIST competitions for selection of the Advanced Encryption Standard (AES) and the Secure Hash Algorithm 3 (SHA-3). Nowadays an increasing number of embedded security applications apply the principle of open evaluation as well. A recent example is the specification of an open security protocol stack for car immobilizer applications by Atmel, which has been presented at ESCAR 2010. This stack is primarily intended to be used in conjunction with automotive transponder chips of this manufacturer, but could in principle be deployed on any suitable type of transponder chip. In this paper we analyze the security of this protocol stack. We were able to uncover a number of potential security vulnerabilities, for which we suggest fixes.
Original languageEnglish
Number of pages7
Place of PublicationInvited paper at WESS 2012 (no peer review, pending inclusion in formal proceedings)
Publication statusIn preparation - 11 Oct 2012


  • Security
  • car immobilizer
  • protocols
  • openness
  • analysis


Dive into the research topics of 'Security Analysis of an Open Car Immobilizer Protocol Stack'. Together they form a unique fingerprint.

Cite this