Design of password generator based on KEELOQ code hopping technology

alexa

Design of password generator based on KEELOQ code hopping technology [Copy link]

IntroductionPassword-based access control systems are very common today, but the level of security they provide is often overestimated. Increased communication transmission speeds and system computing power increase the risk of malicious attacks or "password scanning". Password theft can occur when using unsecured transmission methods. For example, a typical modem connection over a telephone line is not ideal for using fixed passwords. Code hopping technology uses a sequence to change the access password each time it is used. In this way, even if a large number of previously used passwords are known, the new password cannot be predicted. Generating such a sequence requires the use of a reliable encryption engine. Microchip offers a variety of encoders based on KEEL0Q code hopping technology, which makes it easier to generate code hopping remote control. This article uses Microchip's PICl2C508 microcontroller and HSC300 encoder to design a password generator that is installed between the keyboard and the PC. A 5-pin plug is connected to the PC and powers the device, while the keyboard plug is inserted into the 5-pin socket. The PC and keyboard are connected by clock and data lines, allowing the keyboard to operate normally. When transmitting information to the Internet, this password generator creates a "super password" for universal access control security login. 1 Password Generator Composition and Working Principle 1.1 Keyboard Data Reception and Transmission The standard 5-pin shielded connector currently used is shown in Figure 1. It includes a clock line, a data line, a ground line, and a +5 V power line, which can realize bidirectional data transmission between the keyboard and the PC. Usually, data transmission from the keyboard to the PC is completed by pressing a key or releasing a key. However, some configuration data (i.e., repetition, delay, and rate) may be transmitted in the reverse direction. For example, during the system boot process, the keyboard uses an open collector driver to drive the clock line. The PC can disable the keyboard by keeping the clock line at a low level. If the PC keeps the data line at a low level while the clock line is at a high level, the computer sends a request to send signal and the keyboard enters the receive mode. The keyboard is allowed to send data only when the clock line and the data line are at a high level at the same time. 1.2 Password Generator Hardware Composition The password generator hardware schematic diagram is shown in Figure 2. When SO is activated, PICl2C508 receives new information generated by HCS300 encoder. PICl2c508 will then send the correct sequence of key presses and key releases to PC by emulating the keyboard. To prevent the keyboard from interpreting this transmission as a "request to send" from the PC, the keyboard is isolated from the clock and data lines during the transmission. To simplify the circuit, a standard 4-way bidirectional CMOS switch 4066 is used to switch the password generator or the connection between the keyboard and the PC line. The HCS300 encoder is designed to be part of the password generator or removable like a key, allowing easy replacement with different encoders with different encryption keys or serial numbers. Both HCS300 and PICl2C508 use 8-pin SOIC packages, consume very low current, and can generate the clock used to operate the password generator internally, with the power consumption as low as possible so that the transmission line will not be overloaded. In addition, the size is as small as possible and the number of components is as small as possible, so as to use a smaller package as much as possible. Ideally, the entire circuit is placed in the small gap between the two connectors. Except for a pair of resistors for pulling up the clock and data lines, no other components are needed to implement a fully functional code-hopping password. 1.3 Software Design The software consists of three code segments: ◆ The receiving subroutine for the HCS300 encoder. ◆ The keyboard simulation subroutine. ◆ The main loop program. The receive subroutine for the HCS300 encoder (RECEIVE subroutine) collects the first 64 data bits sent by the HCS300 and fills them into an 8-byte buffer. The last two data bits are ignored because they do not contain useful information for this application. The keyboard emulation subroutine implements the transmission of key scan codes according to the IBM-PC/AT keyboard protocol. When the CMOS switch connects the PC to the keyboard clock and data lines, the main loop program continuously samples the LED output lines to detect whether the HCS300 is activated. When the LED line goes low, the CMOS switch is activated to isolate the clock and data lines from the keyboard, and the RECEIVE subroutine is called. The software is developed in a minimalist form, and some optimization measures can be taken. For example, the PIC12C508 can be put into a "sleep" state to further reduce power consumption. The encoder may be removed, so the connection/activation of the encoder should be properly detected. Since there is no decryption process, there is no other way to know whether the transmission operation has failed. The second password word can only be compared with the first password word received to confirm whether a transmission error has occurred. 2 Encryption principle The encoder HCS300 uses KEELOQ hopping code technology to make the data sent by the encoder unique each time. The encoder transmission consists of two parts: the first part is called the "hopping code part", which changes and is encrypted each time the encoder is activated; the second part is the non-encrypted part of the transmitted data, mainly including the encoder serial number, which is used by the decoder to identify it. The composition of the password is as follows: The hopping code includes functional information, identification value and a synchronization counter. Before sending this information, it must be encrypted by an encryption algorithm. The encryption algorithm uses a 64-bit encryption key. If one bit in the encrypted data changes, it will cause an average of half of the bits in the output data to change. In this way, the hopping code will change completely each time it is sent, making it unpredictable. The decoder uses the synchronization information to determine whether the transmission is valid or a repetition of the previous transmission. The previous password will be rejected to prevent the password from being stolen. The HSC300 encoder sends 2 overflow bits to expand the range of the synchronization counter value from 65,536 to 196 608 button presses. The fixed code portion of the data sent by the HCS300 encoder includes 4 bits of functional information and 2 status bits. The 2 status bits indicate whether a repeat transmission has occurred and whether the battery voltage is too low. The HCS300 encoder has the ability to send a fixed seed, which is programmed into the encoder when it is first initialized, along with the counter value, key, serial number and other information. The HCS30C has a 32-bit seed. The receiving application (software running on the server) performs some simple decoding and verification steps, and the hopping code can be used to verify access to a large number of electronic services. The fixed unencrypted part of the code can be used to identify the user and the activated function in the encoder. Conclusion The password generator designed in this article uses the hopping code technology based on KEELOQ. It is small in size and low in power consumption, and is particularly suitable for creating a "super password" for general access control security login when transmitting information to the Internet. Practice has proved that this encryption method is very reliable.

yangs155

Good stuff, worth learning, thank you for sharing! :)