Cryptology and Physical Security: Rights Amplification in Locks

Matt Blaze

Computer security and cryptology takes much of its basic philosophy and language from the world of mechanical locks, and yet we often ignore the fact that physical security systems can suffer from many of the same kinds of attacks that plague computers and networks. This talk examines mechanical locks from a computer scientist's viewpoint. We describe attacks for amplifying rights in mechanical pin tumbler locks. Given access to a single master-keyed lock and its associated change key, a procedure is given that allows discovery and creation of a working master key for the system. No special skill or equipment, beyond a small number of blank keys and a metal file, is required, and the attacker need engage in no suspicious behavior at the lock's location. We end with future directions for research in this area, and the suggestion that mechanical locks are worthy objects of our attention and scrutiny.

Gates 4B (opposite 490), 02/14/2003 (FRIDAY!), 4 PM