Lock Picking and Physical Security. Tyler Nighswander

Similar documents
Lockpicking. ), and I (Cliffe) will try to address any issues. Note that your

Worksheet - Reading Guide for Keys and Passwords

Exploiting vulnerabilities in mechanical access controls for nondestructive

Information Security

The Four Types of Locks

Register FAQ Calendar Today's Posts Search

High Insecurity Locks: What you Need to Know about Locks, Lies, and Liability. Marc Weber Tobias

CS 170 Java Tools. Step 1: Got Java?

Dreamweaver Website 1: Managing a Website with Dreamweaver

Once in BT3, click the tiny black box in the lower left corner to load up a "Konsole" window. Now we must prep your wireless card.

I made a 5 minute introductory video screencast. Go ahead and watch it. Copyright(c) 2011 by Steven Shank

Failure models. Byzantine Fault Tolerance. What can go wrong? Paxos is fail-stop tolerant. BFT model. BFT replication 5/25/18

INTRODUCTION (1) Recognize HTML code (2) Understand the minimum requirements inside a HTML page (3) Know what the viewer sees and the system uses

tostatichtml() for Everyone!

MITOCW ocw f99-lec07_300k

How to Improve Your Campaign Conversion Rates

Lecture 1: Perfect Security

Encryption I. An Introduction

Lesson 8 Transcript: Database Security

MISGUIDED GUIDE SPECS What Specifiers Want and Need

CHIPS Newsletter Vol 5 - Yahoo! Mail. Official Newsletter of

Instructions I Lost My Iphone 4 Password Yahoo

CREATING CONTENT WITH MICROSOFT POWERPOINT

Outline Key Management CS 239 Computer Security February 9, 2004

How To Factory Reset Iphone 4 When Locked Out Without A Computer

The Stack, Free Store, and Global Namespace

18-642: Security Pitfalls

Azon Master Class. By Ryan Stevenson Guidebook #8 Site Construction 1/3

Manual Restart Iphone 4s Apple Id Password >>>CLICK HERE<<<

Slide 1 CS 170 Java Programming 1

Itunes Manually Delete Songs From Iphone Not

Hey there, I m (name) and today I m gonna talk to you about rate of change and slope.

Lesson 2 page 1. ipad # 17 Font Size for Notepad (and other apps) Task: Program your default text to be smaller or larger for Notepad

P2_L6 Symmetric Encryption Page 1

How To Make 3-50 Times The Profits From Your Traffic

[PDF] Hacking: The Ultimate Beginners Guide To The World Of Hacking

OpenCanvas 1.1 Networking Tutorial

B - Broken Track Page 1 of 8

Alverton Community Primary School

What's the Slope of a Line?

Boot Camp. Dave Eckhardt Bruce Maggs

Printing & Prepress Basics

Lab 2: Conservation of Momentum

Azon Master Class. By Ryan Stevenson Guidebook #11 Squidoo Marketing

Introduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras

MITOCW watch?v=zlohv4xq_ti

GIT : BEST PRACTICES GUIDE BY ERIC PIDOUX DOWNLOAD EBOOK : GIT : BEST PRACTICES GUIDE BY ERIC PIDOUX PDF

Class #7 Guidebook Page Expansion. By Ryan Stevenson

Lesson 3 Transcript: Part 1 of 2 - Tools & Scripting

Decisions, Decisions. Testing, testing C H A P T E R 7

May 3, Chart With Purpose. TRANSCRIPTION PROVIDED BY CAPTION ACCESS, LLC

Slide 1 CS 170 Java Programming 1 The Switch Duration: 00:00:46 Advance mode: Auto

Close Your File Template

Sending secret messages with cryptography. An activity by the Australian Computing Academy

Activity Guide - Public Key Cryptography

Great Theoretical Ideas in Computer Science. Lecture 27: Cryptography

Creating A Visible Instructions Page In ICS

We ll be making starter projects for many of the examples, to get people started. Those should be appearing at

CS6501: Great Works in Computer Science

Microsoft Wireless Router Manual Linksys Password Protect

Azon Master Class. By Ryan Stevenson Guidebook #4 WordPress Installation & Setup

lundi 7 janvier 2002 Blender: tutorial: Building a Castle Page: 1

Using PowerPoint - 1

Azon Master Class. By Ryan Stevenson Guidebook #7 Site Construction 2/2

Digital Mapping with OziExplorer / ozitarget

Overview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks

Introduction to Programming

COMPUTER FORENSICS: CYBERCRIMINALS, LAWS, AND EVIDENCE BY MARIE-HELEN MARAS

Have the students look at the editor on their computers. Refer to overhead projector as necessary.

Getting Help...71 Getting help with ScreenSteps...72

UKNova s Getting Connectable Guide


6.033 Computer System Engineering

Formal Methods of Software Design, Eric Hehner, segment 24 page 1 out of 5

6.033 Computer System Engineering

Cryptography Lesson Plan

MSRPC Heap Overflow Part II

How to Secure SSH with Google Two-Factor Authentication

Introduction to Security

SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA

Introduction to Cryptography CS 136 Computer Security Peter Reiher October 9, 2014

The LinkedIn Hack: Understanding Why It Was So Easy to Crack the Passwords

In this tutorial, we are going to demonstrate how to connect the Weintek ip series HMI device with UniPi controller running Mervis.

P1_L3 Operating Systems Security Page 1

Things that go BUMP in the Night:

Quicken 2015 The Official Guide For Windows! Ebooks Free

The Hill Cipher. In 1929 Lester Hill, a professor at Hunter College, published an article in the American

CPSC 467b: Cryptography and Computer Security

Java Programming. Computer Science 112

Azon Master Class. By Ryan Stevenson Guidebook #5 WordPress Usage

104: Tips and Tricks for Creating Responsive Courses with Captivate

Halting Measures and Termination Arguments

FileWave 10 Webinar Q&A

Lecture 3 - Passwords and Authentication

Microsoft Wireless Router Manual Linksys Password Protection

Comp 11 Lectures. Mike Shah. June 26, Tufts University. Mike Shah (Tufts University) Comp 11 Lectures June 26, / 57

Assignment #4 Answers

Creating a new form with check boxes, drop-down list boxes, and text box fill-ins. Customizing each of the three form fields.

2.1 Basic Cryptography Concepts

Summary See complete responses

Transcription:

Lock Picking and Physical Security Tyler Nighswander

Lock Picking and Physical Security Tyler Nighswander

Introduction Who I am: PPP member (specializes in crypto and hardware interested in everything!) CMU student in Computer Science and Physics

Before I Start... Some of the things I'll talk about are complicated I don't speak any Korean so it is hard for me to explain things to you If something I say is not clear, stop me and ask! After I'm done talking, a few people at a time can try picking some locks I have brought. I will also be happy to answer any other questions!

Why Lockpicking Picking locks is a good lesson in how not to do security! (important to learn common mistakes so you don't do them) A system is only as strong as the weakest link (breaking into a physical server room is a great way to get access) Many relations to software security (especially cryptography, which I will talk about here)

Disclaimer Breaking into places is illegal! In some areas, having lockpicks is illegal! Please be very careful and don't do anything you shouldn't!

How locks work (Pin and Tumbler) Shear Line

How locks work (Pin and Tumbler) Shear Line

How locks work (Pin and Tumbler) Shear Line

How locks work (Pin and Tumbler) Shear Line

How locks work (Pin and Tumbler) Shear Line (wrong key)

How locks work (Pin and Tumbler) Binding pin

How locks work (Pin and Tumbler) Binding pin Can't turn the key!

Questions so far?

Lockpicking Pins are not aligned perfectly!

Lockpicking This pin will bind first Small tension force

Lockpicking Still putting tension on the cylinder, push up on that pin

Lockpicking Pin lifted to shear line, no longer bound! When this happens, the cylinder should turn a tiny bit, and you will hear a small click

Lockpicking This pin is now set This pin will bind next Small tension force

Lockpicking L shaped tool is called tension wrench, this provides the turning force on the cylinder Other tool is called the pick, use this to set the pins in the lock

Cryptography Just like in cryptography, only the key should be secret Thief may possess the lock Hacker may possess an encrypted file

Cryptography Just like in cryptography, only the key should be secret Thief may possess the lock Hacker may possess an encrypted file Unlike cryptography, finding key can usually be done in O(n) tries vs O(2 n ) Makes physical locks much less secure than digital ones!

That sounds too easy!

It can be even easier!

Raking Quickly slide across the pins while applying a small amount of tension All the pins will lift up, and as the pins fall back into place, they should get set one by one Takes practice to master, doesn't always work Usually one will make a few passes raking, and then proceed to set the pins that are left

Quickly slide out Raking

Raking

High security measures (And countermeasures)

High Security High security pins (spool, mushroom, serrated) Why are they hard to pick? How can you tell if a lock is using them? How can we defeat them?

High Security Normal pins will not let cylinder turn High security pins will let the cylinder turn, but will be set incorrectly!

High Security Best locks have two shear lines One is for control keys, the other is for normal keys Can't tell which is being set while picking the lock!

High Security Special torque wrench spins only one core

High Security In general high security just means you need a special tool to break it!

Forensics Normal usage Attempted picking Attempted raking

Forensics Physical evidence in lock is like digital evidence for computers Brute forcing leads to evidence left behind Careful checking leads to evidence of break-ins, or attempted break ins

Other bypass techniques Pick style techniques Bump keys Pick guns Impressioning Other style Shimming Destructive entry

Bump keys and Pick guns Very similar to the raking technique! Hit the pins up very quickly Try turning the cylinder at the same time Hopefully the pins will settle correctly

Impressioning Not only do you open the lock, but you actually get a key for the lock Remember, this pin is binding

Impressioning Apply a large turning force to the key

Impressioning Turning force holds pin in place

Impressioning Turning force holds pin in place Push the key up against the pin and wiggle the key: it will scratch the key's surface because the pin cannot move!

Impressioning Wherever a mark appears, that means that part of the key should be filed down

Impressioning Eventually no more scratches will appear on the key When that happens, the key should open the lock!

Cryptography Impressioning uses the lock as an Oracle Given a key and a lock, you can find out which pins are set and which are not This is like a computer which tells you which letters are wrong in a password! Oracles are a common way to reason about some cryptographic systems Padding oracles tell whether or not an encrypted string has proper encoding With a padding oracle, some crypto systems can be broken in linear time!

Other bypass techniques Pick style techniques Bump keys Pick guns Impressioning Other style Shimming Destructive entry

Other techniques Shimming Destructive entry Just break the lock/door/window!

Cryptography The other techniques are really side channel attacks In cryptography, this means attacking something other than the cryptographic algorithm itself (for example timing attacks or TEMPEST) In lock picking this usually means ignoring the lock (for example, breaking down a door) Many times these side channel attacks are the easiest to exploit, and the hardest to prevent

Other locks Tubular locks Medeco locks

Dimple pins Other locks

Your turn! I have some locks and picks, you can try opening some of the locks up here! If you have any questions, please ask them!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback