timo kasper - Academia.edu (original) (raw)
Papers by timo kasper
... counter value. The transmitter is authenticated if the received discrimination value is ident... more ... counter value. The transmitter is authenticated if the received discrimination value is identical to the one stored in the receiver and the counter fits in a window of valid values. Three windows are defined for the counter. If the ...
We introduce low-cost hardware for performing non-invasive side-channel attacks on Radio Frequenc... more We introduce low-cost hardware for performing non-invasive side-channel attacks on Radio Frequency Identification Devices (RFID) and develop techniques for facilitating a correlation power analysis (CPA) in the presence of the field of an RFID reader. We practically verify the effectiveness of the developed methods by analysing the security of commercial contactless smartcards employing strong cryptography, pinpointing weaknesses in the protocol and revealing a vulnerability towards side-channel attacks. Employing the developed hardware, we present the first successful key-recovery attack on commercially available contactless smartcards based on the Data Encryption Standard (DES) or Triple-DES (3DES) cipher that are widely used for security-sensitive applications, e.g., payment purposes.
We investigated a real-world contactless payment application based on mifare Classic cards. In or... more We investigated a real-world contactless payment application based on mifare Classic cards. In order to analyze the security of the payment system, we combined previous cryptanalytical results and implemented an improved card-only attack with customized low-cost tools, that is to our knowledge the most efficient practical attack to date. We found several flaws implying severe security vulnerabilities on the system level that allow for devastating attacks including identity theft and recharging the amount of money on the cards. We practically verify and demonstrate the attacks on the commercial system.
We present the first simple power analysis (SPA) of software implementations of KeeLoq. Our attac... more We present the first simple power analysis (SPA) of software implementations of KeeLoq. Our attack drastically reduces the efforts required for a complete break of remote keyless entry (RKE) systems based on KeeLoq. We analyze implementations of KeeLoq on microcontrollers and exploit timing vulnerabilities to develop an attack that allows for a practical key recovery within seconds of computation time, thereby significantly outperforming all existing attacks: Only one single measurement of a section of a KeeLoq decryption is sufficient to extract the 64 bit master key of commercial products, without the prior knowledge of neither plaintext nor ciphertext. We further introduce techniques for effectively realizing an automatic SPA and a method for circumventing a simple countermeasure, that can also be applied for analyzing other implementations of cryptography on microcontrollers.
We analyze the relevant candidates in phase 3 of the eSTREAM project with respect to side channel... more We analyze the relevant candidates in phase 3 of the eSTREAM project with respect to side channel analysis in a theoretical approach.
Datenschutz Und Datensicherheit - Dud, 2008
Durch Automatisierung gelangt immer mehr Komfort in unseren Alltag. Ein System, das in den vergan... more Durch Automatisierung gelangt immer mehr Komfort in unseren Alltag. Ein System, das in den vergangenen Jahren rasante Verbreitung gefunden hat, sind Funktüröffner. Garagentor, Haustür und Auto entriegeln sich auf Knopfdruck aus mehreren Metern Entfernung. Wie sicher aber sind diese Verfahren? Die Autoren entwickelten einen erfolgreichen Seitenkanalangriff auf Funktüröffnersysteme.
ISO 14443 compliant smartcards are widely-used in privacy and security sensitive applications. Du... more ISO 14443 compliant smartcards are widely-used in privacy and security sensitive applications. Due to the contactless interface, they can be activated and read out from a distance. Thus, relay and other attacks are feasible, even without the owner noticing it. Tools being able to perform these attacks and carry out security analyses need to be developed. In this contribution, an implementation of a cost-effective, freely programmable ISO 14443 compliant multi function RFID reader and fake transponder is presented that can be employed for several promising purposes.
Since the introduction of the Machine Readable Travel Do- cument (MRTD) that is also known as e-p... more Since the introduction of the Machine Readable Travel Do- cument (MRTD) that is also known as e-passport for human identifi- cation at border control debates have been raised about security and privacy concerns. In this paper, we present the first hardware implemen- tation for cracking Basic Access Control (BAC) keys of the e-passport is- suing schemes in Germany and the
IEEE Transactions on Computers, 2008
Cryptanalysis of ciphers usually involves massive computations. The security parameters of crypto... more Cryptanalysis of ciphers usually involves massive computations. The security parameters of cryptographic algorithms are commonly chosen so that attacks are infeasible with available computing resources. Thus, in the absence of mathematical breakthroughs to a cryptanalytical problem, a promising way for tackling the computations involved is to build special-purpose hardware exhibiting a (much) better performance-cost ratio than off-the-shelf computers. This contribution presents a variety of cryptanalytical applications utilizing the Cost-Optimized Parallel Code Breaker (COPACOBANA) machine, which is a highperformance low-cost cluster consisting of 120 field-programmable gate arrays (FPGAs). COPACOBANA appears to be the only such reconfigurable parallel FPGA machine optimized for code breaking tasks reported in the open literature. Depending on the actual algorithm, the parallel hardware architecture can outperform conventional computers by several orders of magnitude. In this work, we will focus on novel implementations of cryptanalytical algorithms, utilizing the impressive computational power of COPACOBANA. We describe various exhaustive key search attacks on symmetric ciphers and demonstrate an attack on a security mechanism employed in the electronic passport (e-passport). Furthermore, we describe time-memory trade-off techniques that can, e.g., be used for attacking the popular A5/1 algorithm used in GSM voice encryption. In addition, we introduce efficient implementations of more complex cryptanalysis on asymmetric cryptosystems, e.g., Elliptic Curve Cryptosystems (ECCs) and number cofactorization for RSA. Even though breaking RSA or elliptic curves with parameter lengths used in most practical applications is out of reach with COPACOBANA, our attacks on algorithms with artificially short bit lengths allow us to extrapolate more reliable security estimates for real-world bit lengths. This is particularly useful for deriving estimates about the longevity of asymmetric key lengths.
Over the last two decades FPGAs have become central components for many advanced digital systems,... more Over the last two decades FPGAs have become central components for many advanced digital systems, e.g., video signal processing, network routers, data acquisition and military systems. In order to protect the intellectual property and to prevent fraud, e.g., by cloning an FPGA or manipulating its content, many current FPGAs employ a bitstream encryption feature. We develop a successful attack on the bitstream encryption engine integrated in the widespread Virtex-II Pro FPGAs from Xilinx, using side-channel analysis. After measuring the power consumption of a single power-up of the device and a modest amount of off-line computation, we are able to recover all three different keys used by its triple DES module. Our method allows extracting secret keys from any real-world device where the bitstream encryption feature of Virtex-II Pro is enabled. As a consequence, the target product can be cloned and manipulated at will of the attacker. Also, more advanced attacks such as reverse engineering or the introduction of hardware Trojans become potential threats. As part of the side-channel attack, we were able to deduce certain internals of the hardware encryption engine. To our knowledge, this is the first attack against the bitstream encryption of a commercial FPGA reported in the open literature.
This paper deals with security threats concerning RFID and other wireless devices. We focus on ea... more This paper deals with security threats concerning RFID and other wireless devices. We focus on eavesdropping and introduce a portable setup for monitoring the communication of active RFIDs in practice. We then investigate an active RFID tag operating at 433 MHz in order to determine how much its specified coverage can be extended in the context of attacks. Assuming an adversary with limited know-how and funds, we conduct all analyses solely with commercially available low-cost and easy-to-use equipment. By performing practical experiments we demonstrate that the ranges can be increased up to a factor of eight and thereby prove that this type of RFID is vulnerable to certain attacks from a distance. Our results can be applied to other wireless devices, e.g, remote controls for remote keyless entry systems.
Last year we were able to break KeeLoq, which is a 64 bit block cipher that is popular for remote... more Last year we were able to break KeeLoq, which is a 64 bit block cipher that is popular for remote keyless entry (RKE) systems. KeeLoq RKEs are widely used for access control purposes such as garage openers or car door systems. Even though the attack seems almost straightforward in hindsight, there where many practical and theoretical problems to overcome. In this talk I want to describe the evolution of the attack over about two years. Also, some possible future improvements using fault-injection will be mentioned.
Different types of implementation attacks, like those based on side channel leakage and active fa... more Different types of implementation attacks, like those based on side channel leakage and active fault injection, are often considered as separate threats. Countermeasures are, therefore, often developed and implemented accordingly. However, Amiel et al. showed that an adversary can successfully combine two attack methods to overcome such countermeasures. In this paper, we consider instances of these combined attacks applied to RSA and elliptic curve-based cryptosystems. We show how previously proposed countermeasures may fail to thwart these attacks, and propose a countermeasure that protects the variables in a generic exponentiation algorithm in the same scenario.
We present a unified framework for advanced implementation attacks that allows for conducting aut... more We present a unified framework for advanced implementation attacks that allows for conducting automated side-channel analysis and fault injection targeting all kinds of embedded cryptographic devices including RFIDs. Our proposed low-cost setup consists of modular functional units that can be interchanged, depending on the demands of a concrete attack scenario. We give details of customized modules for the communication with many types of embedded devices and other modules that allow to inject various types of faults. An FPGA-based approach enables very accurate timing and flexible adaption to any extension module. The corresponding data acquisition system for side-channel attacks makes precise power and EM analyses possible. Our setup facilitates the promising combination of active and passive techniques, which is known to render many established security countermeasures ineffective. We introduce several methods for the automatic profiling of cryptographic devices and model their behaviour both with respect to side-channel analysis and fault injection. To demonstrate the capabilities of our framework, we perform the first practical full key-recovery on a cryptographic contactless smartcard employing Triple-DES reported in the literature and inject multiple faults in a widespread microcontroller. We thereby disprove the common belief that highly sophisticated and expensive equipment is required to conduct such attacks. Rather, we illustrate a cost-effective setup that can be tailored to any desired type of security evaluation or penetration test.
We introduce low-cost hardware for performing non-invasive side-channel attacks on Radio Frequenc... more We introduce low-cost hardware for performing non-invasive side-channel attacks on Radio Frequency Identification Devices (RFID) and develop techniques for facilitating a correlation power analysis (CPA) in the presence of the field of an RFID reader. We practically verify the effectiveness of the developed methods by analysing the security of commercial contactless smartcards employing strong cryptography, pinpointing weaknesses in the protocol, and revealing a vulnerability towards side-channel attacks. Employing the developed hardware, we present the first successful key-recovery attack on commercially available contactless smartcards based on the Data Encryption Standard (DES) or Triple-DES (3DES) cipher that are widely used for security-sensitive applications, e.g., payment purposes.
KeeLoq remote keyless entry systems are widely used for access control purposes such as garage op... more KeeLoq remote keyless entry systems are widely used for access control purposes such as garage openers or car door systems. We present the first successful differential power analysis attacks on numerous commercially available products employing KeeLoq code hopping. Our new techniques combine side-channel cryptanalysis with specific properties of the KeeLoq algorithm. They allow for efficiently revealing both the secret key of a remote transmitter and the manufacturer key stored in a receiver. As a result, a remote control can be cloned from only ten power traces, allowing for a practical key recovery in few minutes. After extracting the manufacturer key once, with similar techniques, we demonstrate how to recover the secret key of a remote control and replicate it from a distance, just by eavesdropping on at most two messages. This key-cloning without physical access to the device has serious real-world security implications, as the technically challenging part can be outsourced to specialists. Finally, we mount a denial of service attack on a KeeLoq access control system. All proposed attacks have been verified on several commercial KeeLoq products.
Since the introduction of the Machine Readable Travel Document (MRTD) that is also known as e-pas... more Since the introduction of the Machine Readable Travel Document (MRTD) that is also known as e-passport for human identification at border control debates have been raised about security and privacy concerns. In this paper, we present the first hardware implementation for cracking Basic Access Control (BAC) keys of the e-passport issuing schemes in Germany and the Netherlands. Our implementation was designed for the reprogrammable key search machine COPACOBANA and achieves a key search speed of 228 BAC keys per second. This is a speed-up factor of more than 200 if compared to previous results and allows for a runtime in the order of seconds in realistic scenarios.
We present the first simple power analysis (SPA) of software implementations of KeeLoq. Our attac... more We present the first simple power analysis (SPA) of software implementations of KeeLoq. Our attack drastically reduces the efforts required for a complete break of remote keyless entry (RKE) systems based on KeeLoq. We analyze implementations of KeeLoq on microcontrollers and exploit timing vulnerabilities to develop an attack that allows for a practical key recovery within seconds of computation time, thereby significantly outperforming all existing attacks: Only one single measurement of a section of a KeeLoq decryption is sufficient to extract the 64 bit master key of commercial products, without the prior knowledge of neither plaintext nor ciphertext. We further introduce techniques for effectively realizing an automatic SPA and a method for circumventing a simple countermeasure, that can also be applied for analyzing other implementations of cryptography on microcontrollers.
... counter value. The transmitter is authenticated if the received discrimination value is ident... more ... counter value. The transmitter is authenticated if the received discrimination value is identical to the one stored in the receiver and the counter fits in a window of valid values. Three windows are defined for the counter. If the ...
We introduce low-cost hardware for performing non-invasive side-channel attacks on Radio Frequenc... more We introduce low-cost hardware for performing non-invasive side-channel attacks on Radio Frequency Identification Devices (RFID) and develop techniques for facilitating a correlation power analysis (CPA) in the presence of the field of an RFID reader. We practically verify the effectiveness of the developed methods by analysing the security of commercial contactless smartcards employing strong cryptography, pinpointing weaknesses in the protocol and revealing a vulnerability towards side-channel attacks. Employing the developed hardware, we present the first successful key-recovery attack on commercially available contactless smartcards based on the Data Encryption Standard (DES) or Triple-DES (3DES) cipher that are widely used for security-sensitive applications, e.g., payment purposes.
We investigated a real-world contactless payment application based on mifare Classic cards. In or... more We investigated a real-world contactless payment application based on mifare Classic cards. In order to analyze the security of the payment system, we combined previous cryptanalytical results and implemented an improved card-only attack with customized low-cost tools, that is to our knowledge the most efficient practical attack to date. We found several flaws implying severe security vulnerabilities on the system level that allow for devastating attacks including identity theft and recharging the amount of money on the cards. We practically verify and demonstrate the attacks on the commercial system.
We present the first simple power analysis (SPA) of software implementations of KeeLoq. Our attac... more We present the first simple power analysis (SPA) of software implementations of KeeLoq. Our attack drastically reduces the efforts required for a complete break of remote keyless entry (RKE) systems based on KeeLoq. We analyze implementations of KeeLoq on microcontrollers and exploit timing vulnerabilities to develop an attack that allows for a practical key recovery within seconds of computation time, thereby significantly outperforming all existing attacks: Only one single measurement of a section of a KeeLoq decryption is sufficient to extract the 64 bit master key of commercial products, without the prior knowledge of neither plaintext nor ciphertext. We further introduce techniques for effectively realizing an automatic SPA and a method for circumventing a simple countermeasure, that can also be applied for analyzing other implementations of cryptography on microcontrollers.
We analyze the relevant candidates in phase 3 of the eSTREAM project with respect to side channel... more We analyze the relevant candidates in phase 3 of the eSTREAM project with respect to side channel analysis in a theoretical approach.
Datenschutz Und Datensicherheit - Dud, 2008
Durch Automatisierung gelangt immer mehr Komfort in unseren Alltag. Ein System, das in den vergan... more Durch Automatisierung gelangt immer mehr Komfort in unseren Alltag. Ein System, das in den vergangenen Jahren rasante Verbreitung gefunden hat, sind Funktüröffner. Garagentor, Haustür und Auto entriegeln sich auf Knopfdruck aus mehreren Metern Entfernung. Wie sicher aber sind diese Verfahren? Die Autoren entwickelten einen erfolgreichen Seitenkanalangriff auf Funktüröffnersysteme.
ISO 14443 compliant smartcards are widely-used in privacy and security sensitive applications. Du... more ISO 14443 compliant smartcards are widely-used in privacy and security sensitive applications. Due to the contactless interface, they can be activated and read out from a distance. Thus, relay and other attacks are feasible, even without the owner noticing it. Tools being able to perform these attacks and carry out security analyses need to be developed. In this contribution, an implementation of a cost-effective, freely programmable ISO 14443 compliant multi function RFID reader and fake transponder is presented that can be employed for several promising purposes.
Since the introduction of the Machine Readable Travel Do- cument (MRTD) that is also known as e-p... more Since the introduction of the Machine Readable Travel Do- cument (MRTD) that is also known as e-passport for human identifi- cation at border control debates have been raised about security and privacy concerns. In this paper, we present the first hardware implemen- tation for cracking Basic Access Control (BAC) keys of the e-passport is- suing schemes in Germany and the
IEEE Transactions on Computers, 2008
Cryptanalysis of ciphers usually involves massive computations. The security parameters of crypto... more Cryptanalysis of ciphers usually involves massive computations. The security parameters of cryptographic algorithms are commonly chosen so that attacks are infeasible with available computing resources. Thus, in the absence of mathematical breakthroughs to a cryptanalytical problem, a promising way for tackling the computations involved is to build special-purpose hardware exhibiting a (much) better performance-cost ratio than off-the-shelf computers. This contribution presents a variety of cryptanalytical applications utilizing the Cost-Optimized Parallel Code Breaker (COPACOBANA) machine, which is a highperformance low-cost cluster consisting of 120 field-programmable gate arrays (FPGAs). COPACOBANA appears to be the only such reconfigurable parallel FPGA machine optimized for code breaking tasks reported in the open literature. Depending on the actual algorithm, the parallel hardware architecture can outperform conventional computers by several orders of magnitude. In this work, we will focus on novel implementations of cryptanalytical algorithms, utilizing the impressive computational power of COPACOBANA. We describe various exhaustive key search attacks on symmetric ciphers and demonstrate an attack on a security mechanism employed in the electronic passport (e-passport). Furthermore, we describe time-memory trade-off techniques that can, e.g., be used for attacking the popular A5/1 algorithm used in GSM voice encryption. In addition, we introduce efficient implementations of more complex cryptanalysis on asymmetric cryptosystems, e.g., Elliptic Curve Cryptosystems (ECCs) and number cofactorization for RSA. Even though breaking RSA or elliptic curves with parameter lengths used in most practical applications is out of reach with COPACOBANA, our attacks on algorithms with artificially short bit lengths allow us to extrapolate more reliable security estimates for real-world bit lengths. This is particularly useful for deriving estimates about the longevity of asymmetric key lengths.
Over the last two decades FPGAs have become central components for many advanced digital systems,... more Over the last two decades FPGAs have become central components for many advanced digital systems, e.g., video signal processing, network routers, data acquisition and military systems. In order to protect the intellectual property and to prevent fraud, e.g., by cloning an FPGA or manipulating its content, many current FPGAs employ a bitstream encryption feature. We develop a successful attack on the bitstream encryption engine integrated in the widespread Virtex-II Pro FPGAs from Xilinx, using side-channel analysis. After measuring the power consumption of a single power-up of the device and a modest amount of off-line computation, we are able to recover all three different keys used by its triple DES module. Our method allows extracting secret keys from any real-world device where the bitstream encryption feature of Virtex-II Pro is enabled. As a consequence, the target product can be cloned and manipulated at will of the attacker. Also, more advanced attacks such as reverse engineering or the introduction of hardware Trojans become potential threats. As part of the side-channel attack, we were able to deduce certain internals of the hardware encryption engine. To our knowledge, this is the first attack against the bitstream encryption of a commercial FPGA reported in the open literature.
This paper deals with security threats concerning RFID and other wireless devices. We focus on ea... more This paper deals with security threats concerning RFID and other wireless devices. We focus on eavesdropping and introduce a portable setup for monitoring the communication of active RFIDs in practice. We then investigate an active RFID tag operating at 433 MHz in order to determine how much its specified coverage can be extended in the context of attacks. Assuming an adversary with limited know-how and funds, we conduct all analyses solely with commercially available low-cost and easy-to-use equipment. By performing practical experiments we demonstrate that the ranges can be increased up to a factor of eight and thereby prove that this type of RFID is vulnerable to certain attacks from a distance. Our results can be applied to other wireless devices, e.g, remote controls for remote keyless entry systems.
Last year we were able to break KeeLoq, which is a 64 bit block cipher that is popular for remote... more Last year we were able to break KeeLoq, which is a 64 bit block cipher that is popular for remote keyless entry (RKE) systems. KeeLoq RKEs are widely used for access control purposes such as garage openers or car door systems. Even though the attack seems almost straightforward in hindsight, there where many practical and theoretical problems to overcome. In this talk I want to describe the evolution of the attack over about two years. Also, some possible future improvements using fault-injection will be mentioned.
Different types of implementation attacks, like those based on side channel leakage and active fa... more Different types of implementation attacks, like those based on side channel leakage and active fault injection, are often considered as separate threats. Countermeasures are, therefore, often developed and implemented accordingly. However, Amiel et al. showed that an adversary can successfully combine two attack methods to overcome such countermeasures. In this paper, we consider instances of these combined attacks applied to RSA and elliptic curve-based cryptosystems. We show how previously proposed countermeasures may fail to thwart these attacks, and propose a countermeasure that protects the variables in a generic exponentiation algorithm in the same scenario.
We present a unified framework for advanced implementation attacks that allows for conducting aut... more We present a unified framework for advanced implementation attacks that allows for conducting automated side-channel analysis and fault injection targeting all kinds of embedded cryptographic devices including RFIDs. Our proposed low-cost setup consists of modular functional units that can be interchanged, depending on the demands of a concrete attack scenario. We give details of customized modules for the communication with many types of embedded devices and other modules that allow to inject various types of faults. An FPGA-based approach enables very accurate timing and flexible adaption to any extension module. The corresponding data acquisition system for side-channel attacks makes precise power and EM analyses possible. Our setup facilitates the promising combination of active and passive techniques, which is known to render many established security countermeasures ineffective. We introduce several methods for the automatic profiling of cryptographic devices and model their behaviour both with respect to side-channel analysis and fault injection. To demonstrate the capabilities of our framework, we perform the first practical full key-recovery on a cryptographic contactless smartcard employing Triple-DES reported in the literature and inject multiple faults in a widespread microcontroller. We thereby disprove the common belief that highly sophisticated and expensive equipment is required to conduct such attacks. Rather, we illustrate a cost-effective setup that can be tailored to any desired type of security evaluation or penetration test.
We introduce low-cost hardware for performing non-invasive side-channel attacks on Radio Frequenc... more We introduce low-cost hardware for performing non-invasive side-channel attacks on Radio Frequency Identification Devices (RFID) and develop techniques for facilitating a correlation power analysis (CPA) in the presence of the field of an RFID reader. We practically verify the effectiveness of the developed methods by analysing the security of commercial contactless smartcards employing strong cryptography, pinpointing weaknesses in the protocol, and revealing a vulnerability towards side-channel attacks. Employing the developed hardware, we present the first successful key-recovery attack on commercially available contactless smartcards based on the Data Encryption Standard (DES) or Triple-DES (3DES) cipher that are widely used for security-sensitive applications, e.g., payment purposes.
KeeLoq remote keyless entry systems are widely used for access control purposes such as garage op... more KeeLoq remote keyless entry systems are widely used for access control purposes such as garage openers or car door systems. We present the first successful differential power analysis attacks on numerous commercially available products employing KeeLoq code hopping. Our new techniques combine side-channel cryptanalysis with specific properties of the KeeLoq algorithm. They allow for efficiently revealing both the secret key of a remote transmitter and the manufacturer key stored in a receiver. As a result, a remote control can be cloned from only ten power traces, allowing for a practical key recovery in few minutes. After extracting the manufacturer key once, with similar techniques, we demonstrate how to recover the secret key of a remote control and replicate it from a distance, just by eavesdropping on at most two messages. This key-cloning without physical access to the device has serious real-world security implications, as the technically challenging part can be outsourced to specialists. Finally, we mount a denial of service attack on a KeeLoq access control system. All proposed attacks have been verified on several commercial KeeLoq products.
Since the introduction of the Machine Readable Travel Document (MRTD) that is also known as e-pas... more Since the introduction of the Machine Readable Travel Document (MRTD) that is also known as e-passport for human identification at border control debates have been raised about security and privacy concerns. In this paper, we present the first hardware implementation for cracking Basic Access Control (BAC) keys of the e-passport issuing schemes in Germany and the Netherlands. Our implementation was designed for the reprogrammable key search machine COPACOBANA and achieves a key search speed of 228 BAC keys per second. This is a speed-up factor of more than 200 if compared to previous results and allows for a runtime in the order of seconds in realistic scenarios.
We present the first simple power analysis (SPA) of software implementations of KeeLoq. Our attac... more We present the first simple power analysis (SPA) of software implementations of KeeLoq. Our attack drastically reduces the efforts required for a complete break of remote keyless entry (RKE) systems based on KeeLoq. We analyze implementations of KeeLoq on microcontrollers and exploit timing vulnerabilities to develop an attack that allows for a practical key recovery within seconds of computation time, thereby significantly outperforming all existing attacks: Only one single measurement of a section of a KeeLoq decryption is sufficient to extract the 64 bit master key of commercial products, without the prior knowledge of neither plaintext nor ciphertext. We further introduce techniques for effectively realizing an automatic SPA and a method for circumventing a simple countermeasure, that can also be applied for analyzing other implementations of cryptography on microcontrollers.