And another thing! The French Patent office many years ago ceased allowing patents on keys that did not have a movable element, which led to the development of many keys that cannot be readily duplicated without access to either the restricted blanks or very serious equipment & knowhow with which to make the blanks. These systems remain well outside the realm of 3D printing. DOM Saturn[0], Mul-T-Lock Interactive (and up), Vachette Radial[2] and a handful of others.[3]
Mechanical locks are far from dead, but I'd love if someone reading this took it as a challenge to reproduce keys with movable components. I'm a big proponent of pushing these systems and finding ways to circumvent them, using any technology available. I just don't like it when the response is to throw the baby out with the bathwater.
You can make a electronic bump key that will open most doors for <$100, most buildings have windows (cover them in duct tape to break without noise), and even the wire mesh in the walls of a "secure" building can be cut with thermite. If you want real physical security you're going to need much harder materials: steel, titanium, tungsten, concrete.
This comment captures the security problem well.
> "[Locks] are more of a tamper-evident seal, or a delay tactic. The issue with bumping, picking, carding, and 3d-printing is how it invalidates the current approaches towards those two aspects."
However, of those options, 3D-printing is clearly the worst. Bump keys and carding latches takes seconds, picks minutes, and 3D printers hours. It seems that the only situation this method would be useful is with advance access to a key, a radial-pin lock, and a free 3D printer.
Human behavior toward keys makes mechanical locks insecure. We've been able to reproduce keys, even fairly complex ones, well before 3D printers came along. Get a clean enough impression/scan/photograph and we can make it happen, perhaps 3D printing is seen as making it more accessible to the general population.
I'm about to go on a whole thing here, so let me first say that I am excited about their work and I have personally been pushing for years to see more high security key printing happening (see Nirav Patel's Abus Plus key printing[0])
What I take umbrage with is the idea that this development is going to be the death of mechanical locks. Even the suggestion that it _should_ be the death of mechanical locks. In the Forbes article [1] One of the students behind this work suggested that his goal was the elimination of mechanical locks:
"If we show that mechanical locks are vulnerable to key duplication just by having a handful of numbers you can download off the internet, hopefully they'll be phased out more quickly," says Van Albert.
What this fails to address is that the cuts on your key are supposed to be a secret, and your behavior toward your keys should be the same as your behavior toward a password. You don't pass it around and you are very careful about who you trust it with.
I also dislike the characterization of the discovery of the "numbers" in the main and sidebar bittings. That information has been publicly available and the suggestion that they "reverse-engineered" (from their abstract submitted to defcon)[2] the lock is a bit dramatic. Better, I think, to say that they "read the documentation."
Obviously I have a chip on my shoulder when it comes to mechanical security, but I am confident saying that any call for the blanket abolition of mechanical locks is short-sighted and narrow-minded. This could have been an amazing opportunity to address human behavior as it relates to mechanical security, but instead it was wasted on the age-old call for the death of locks. There remain myriad places where a traditional lock is still required, there are myriad populations who are not able to sustain electronic locks.
If the day does come when mechanical locks can be left to the dust of history, it will be more likely the result of dramatic shifts in society than in technology. It will be the death of all locks, not just mechanical ones.
While not the same authors as the guys in question, I also gave a talk on key duplication at DEF CON this year. My two main points:
1) A difference in scope means a difference in kind. Using a service such as KeysDuplicated (formerly Shoosl[1]) from your mobile phone enables opportunities. These opportunities break previous assumptions in the security threat model but can also lead to new business opportunities (see for instance Prim[2] - a laundry service that will come into your home if you send them a photo of your key; they will then find and do your laundry.)
2) The huge missing element here, which has been a necessity in computer security for years, is monitoring. For many, many people, replacing the lock or installing an alarm may not be an option. My company makes a device that fits over your lock and alerts you when someone uses a key (or bumps your door, or comes in without your permission, etc)[3]. It also allows you to grant virtual keys to actuate the lock - enabling use cases like Prim without having to fabricate a physical, non-revocable access token.
I didn't realize you were speaking. Sadly I missed Vegas this year, first time I've ever had to cancel a talk. Sorry I missed you.
I am of course aware of Lockitron & the competitors in the market, but really appreciate your integration with pre-existing hardware and the point about users who cannot change their hardware out is a great one.
Re: threat model vs. business opportunities, I've been following shoosl and the like closely and despite my background, I absolutely love the idea. Again, you have to choose who you trust with your key, and if a service can engender sufficient trust, you can reap the benefits of those services. Glad you chimed in on this, sorry I missed your talk in Vegas.
Sorry I missed you too, I am a huge fan of your work!
I was in the Wireless Village (their speaker schedule was submitted a bit too late to make the program.) The second half of my talk was on the radio/encryption side of things along with various attacks when handling electronic keys. DaKahuna (the facilitator) should be posting slides soon.
They exist! One maker (who's product didn't last on the market for very long) back in the 70s or 80s, actually had this sort of obfuscation as a feature on the key. Basically, the key was a series of connected sections with small differences between them, they would slide into the lock from the middle of a spring-loaded sheath and then follow an odd path inside the lock, so neither observation of the keyway, the sheathed key, or even likely the unsheathed key, would give you a clear picture of how to reconstruct the interaction between the sections of the key, or where in the lock they interacted.
Sadly I have no patent reference for the lock, only a description in an old newspaper that ran a story on the creator.
I wonder how well a silicone or other flexible key-sleeve would work with existing keys. It might feel somewhat silly, but at least you could color code your keys as well as protect them.
You are right, and that's why I think it's a shame that the opportunity wasn't taken to alert people to that idea. I spend a little time collecting high res photographs people post online of their keys (happens all the time) and do enough digging to associate those keys with an address. I'm a good guy, though and just try to raise awareness.
And yes, they do. There have been a handful of concepts to do exactly that. Check out the Van Lock[0] for one, which is almost exactly what you are describing.
I don't think the average mechanical key user is aware of this fact.
What?? This ties in with the recent reports on insecure electronic keyfobs for cars. In Germany it used to be that your key number used to be printed on your car title, and your friendly car dealer would gladly cut you a replacement key if you had lost yours, but he wouldn't do it unless you procured ID and the title.
The average mechanical key user (i.e. the average non-homeless person) certainly knows that someone can duplicate a key given access to the key. But the average key user doesn't know that a mere picture, much less a picture from hundreds of feet away, is sufficient. When was the last time you saw someone hide a key from view while using it? I've never seen anyone do this. I've never done it myself.
and they would be right - the threat model of the average home isnt one under which having a picture of their keys taken is realistically possible. if a burgler (the most common threat) wants to get in, they don't need a key.
However, when the threat model is one where a more funded organization is attempting to break in, then you need a better system.
>What this fails to address is that the cuts on your key are supposed to be a secret, and your behavior toward your keys should be the same as your behavior toward a password. You don't pass it around and you are very careful about who you trust it with.
Well, if we are treating it as passwords, then we need to give every individual with access to the building their own key, with a different secret.
I mean, we all know that shared 'role' accounts are a bad thing, right? you don't share passwords.
Now, taking the password situation further, many places have a mechanical "root access" lock, with an electronic lock for all the 'users' - which makes a lot of sense to me. (further, much like non-sudo root on a server, it'd make sense that actual use of this 'root level access' should generate a long or alert somewhere, as even the admins should normally use their account and sudo as needed.)
So, this provides the lever to start discussing physical buildings as networks, which is a rich conversation, but I think your mention of the log is actually even more illuminating, because it points out a current (I think quite serious) issue in most electronic locking solutions. More often than not, they do not log the actual opening of the door, only the successful or failed authentication. So, if you can bypass said authentication to open the door[0] there is no record of the door having been opened by anyone.
Logging in the physical security space is both important and incredibly overlooked.
the logging is in the camera system; Most camera systems have ways of saying 'fast forward to the next movement' as well as a way to say 'show me what things looked like at time X' - so in a real way, the DVR /is/ the log.
I'm mostly familiar with electronic locks and cameras in the data center context, and in that context, yes, there is a completely analog key that often opens everything[1], but then there are electronically fired locks, and, of course, a camera. There is camera software that will time sync with the electronic lock and show you what user had authenticated while showing you a video of the user entering the building. I don't know of any systems that correlate cameras with key use, but the motion-sensing thing should do at least part of that.
(There is also usually security sitting up front, but especially in the early AM when it's just us grunts? those folks are often not paying a whole heck of a lot of attention.)
[1]well, on the fail secure systems, anyhow. the mag-locks that are 'fail safe' - that open on power failure usually don't have an obvious manual key override.
I think the main reason shared role accounts are worse then individual accounts is because it is easy in a computer to change a role, but harder to change the accounts for many people.
With hardware, changing a "role" requires swapping logic inside of every lock that for the user's key: the lack of an abstraction layer makes it impossible. So, in the mechanical world, key-per-group is equally expensive to key-per-user in terms of replacement costs, but far harder to implement.
There should be a key that has a retractable sleeve over it which gets pressed up into the handle portion of the key as you slide it into the lock, basically shrouding the key cuts from visibility at all times.
It has existed in the past, but was attached to a very odd key/lock mechanism that didn't take off. It's a good idea, no idea of patent issues related to making it happen, but perhaps with all of these recent stories on duplication the time is right to reintroduce the concept.
It has been possible to produce dupes of keys for ages now the old fashioned way. 'Printable' keys is just adding novelty.
More of a concern is bump keys and the fact that Lockwood dominate the industry when they can be opened with 2 paperclips (although you do have to flatten them with a hammer). You can also get lockpicks and pickguns off the internet for under $20 delivered to your house.
Is this surprising? I'd imagine 3D printing would be capable of replicating the form of nearly any solid object that fits within the bounded volume of a given 3D printer.
Probably not likely. There are metal 3D printers (Shapeways, for instance), and IIRC the patents on that tech (laser sintering) are going to expire soon, so there will probably be a big boom in volume and material diversity.
I think this is more about acquiring the information. You have to know exactly how tall to make the cuts, where the grooves go, how long it is, etc. It's difficult information to get from a photo, if you don't have prior knowledge of the kind of key you're trying to imitate.
For most key brands, though, the possible pin sizes are finite and discrete, so you just have to estimate the height of each pin from the picture and round to the nearest one. It's not that hard.
Why wouldn't you have prior knowledge? You presumably know where it goes - just look at the keyhole. Or if not, a single identifiable object in the photo gives you a lot of scale information. I doubt they're as concerned about white-background newspaper-worthy shots like the NY keys, and more about shots at a distance (keys on a table, for instance).
I looked at making 3D-printed keys for my own locks, just for show (think yellow key, green key, etc).
I found two issues when researching its feasibility: printing accuracy and temperature range of the plastic. My results were that the lower-cost 3D printers didn't have the required precision, and more importantly, the printed plastic would simply melt if it sat in a hot car during the summer.
My research is probably out of date now, so I wonder what kind of plastic is being used these days.
The accuracy and precision are sufficient for some keys using low cost 3D printers. I got simple pin and tumbler and disc detainer keys working off of my RepRap.[0]
It requires some knowledge of the tolerances of the specific printer and lock. For example, the disc detainer model has wider cutouts than the discs require to account for blobbing corners on the print.
Using something like a Formlabs 1 printer, that probably is no longer necessary.
I was fairly annoyed that Forbes failed to acknowledge the Disc Detainer work, dismissing your 3D printing like so: "though Patel’s software only dealt with normal keys that can already be duplicated by any hardware store."
Interestingly, just posting a photo of the NYC master key set should be enough to duplicate them. Has anybody already gone from that photo to 3D models to a set of functioning NYC skeleton keys?
TBH, there is no reason that the city should be using such archaic key types. In Brazil, they typically used a four sided key like a philips head screwdriver that would need to be photographed from at least two sides to be able to reproduce.
Would it be possible to combine a parametric model of a given type of key with a device that can detect where the shear line is for each pin? I'm envisioning a device that you can stick into the lock one day, then go away and extract data that describes the key, which you feed into a parametric model, which you then use to produce the correct key using a 3D printer. Then you come back the next day and use this perfectly valid key to compromise physical security.
A device which can do such detection could be far less expensive than a device to both detect and actuate the pins.
>>>>All you need is a friend that works there, or to take a picture of their key, or even a picture of the key hanging off their belt.
I'm wondering how you can replicate a poorly taken smartphone camera image into a key that would unlock a high security lock. If you can't see the grooves clearly on the key from the photo, how does the software or printer know where the grooves should go? I feel like this is quite a stretch to think you can take a photo of a lock several feet away and get an exact duplicate from a 3D printer.
I went to their DEFCON talk. The key is to realize that there are only a set number of positions for the pins, specifically six, three high and three low (for the sidecut. I believe there are also six positions for the main pins). If you can recognize the positions from the photo, then you can feed the numbers into the code they're publishing that generates a 3D model.
Good. Can we finally have contactless smart card access control in the mainstream now?
The audit and management features of an electronic access control system already make mechanical keys inexcusable on any door that >1 person needs to open. Hopefully revelations like this will push more organizations to upgrade.
hand crank. But seriously, build the contactless key in such a way that it must be inserted and turned like a traditional key, and the battery will last a very, very long time[0] since you're not using it to mechanically retract the deadbolt or operate an electronic strike. Then build an LED to warn when the battery is getting low, giving you months to replace it. Don't use [0] though, or you'll have a mini-USB port sitting behind a rubber flap on the non-secure side of your door. Oh wait, you don't even need that to bypass it, just a paperclip and a few seconds (there was a youtube video of this that appears to be taken down, I tried it on my own apartment).
Actually, "hand crank" doesn't sound to bad: Power's out? Just crank the door knob a couple of times and you've generated enough power to open the door once. (Dunno how feasible that is though.)
Battery backups, or even locks which are primarily battery-powered - this is typical for locks that are actually part of the door, rather than strikes installed in the doorframe.
Either way, the owner almost always has a key that can mechanically override the electronics and open the door, but this is kept in a safe, rarely used, and will set off the "door forced" alarm.
How does your safe help you if you are standing outside in the rain at midnight, after your generator/batteries have run down? (Perhaps you were on vacation when the power first ran out.)
This mostly never happens. I've used fingerprint locks where the battery lasts easily for a year (that's with 5-6 accesses per day).
Without getting into the discussion of the security factor of biometrics, the working mechanism of the lock itself is such that when it detects a success, a small servo engages some sort of a gear which enables you to complete the mechanical circuit (so to say) when you push the door lever down and move the physical lock with human effort.
This means that the battery is never constantly used, only when the actual sensor is active. Even if it were dead, there exists a manual key override. Also, (I've tested this personally), the factor of safety is quite good in that, the lock starts beeping "LOW BAT" a good 3-4 weeks before the battery is completely drained. Also, (Another one) it doesn't leak information about low battery until there's a successful entry, so an evil attacker can sit near your house activating the sensor all day and he won't know his progress in draining the locks' battery.
On the models I have seen you can replace the battery from the outside
Edit: it seems electronic locks that come on top of the existing lock tend to have the battery pack inside, while electronic only locks can have it outside. BTW the batteries are supposed to last two years in the product description (that's in line with what I had too)
I was mentionning these kind of locks:
i wonder if one could really copy more advanced keys (f.e. the ones from KABA [0] are pretty common here) by just having some scans of the keys. these keys generally have different layouts on each side, and sometimes also on the small top/bottom sides. so just a snapped photo definitely would not be sufficient. and even with flatbed scanners like the team in the article used, capturing the depth of the holes might be problematic...
Do you know how in the 80's and 90's everything that everyone was already doing was 'changing' because of computers.
it's the same now with 3D printers. Forever you could duplicate a key in a machine with just a picture of the original. just because the machine to duplicate it become easier it's not going to change the world. dammit you could already do the same with a blank and a hand file, it would just take 40~200min depending on skill instead of 5~15min on the machine.
Intrusion with a 3D-printed key is deniable, while breaking a lock isn't. Someone could enter your house with a printed key and you'd never know it; a destroyed lock would immediately tell you someone broke (or tried to break) into your house.
Mechanical locks are far from dead, but I'd love if someone reading this took it as a challenge to reproduce keys with movable components. I'm a big proponent of pushing these systems and finding ways to circumvent them, using any technology available. I just don't like it when the response is to throw the baby out with the bathwater.
[0] http://www.dom-sicherheitstechnik.com/DOM-ix-Saturn.667.0.ht... [1] http://www.mul-t-lockusa.com/614.html [2] http://www.vachette.fr/fr/site/Vachette/Systemes-de-Securite... [3]http://www.lockpicking101.com/viewtopic.php?f=9&t=56691
(edited to add links)