Section 2.2 – Locks And Keys - Brown University

2y ago
19 Views
3 Downloads
780.62 KB
17 Pages
Last View : 28d ago
Last Download : 2m ago
Upload by : Mika Lloyd
Transcription

Section 2.2 – Locks and KeysDigital security often begins withphysical security 1Legal Notice Laws regarding lock pickingvary significantly state-bystate In most states purchase andpossession of dedicatedlock picking tools is legal– Penalties are raisedsignificantly if you get caughtusing them in thecommission of a crimePublic domain image from http://commons.wikimedia.org/wiki/File:Madame Restell in jail.jpg2

What Is Physical Security? Any physical object that creates a barrier tounauthorized access This includes: locks, latches, safes, alarms,guards, guard dogs, doors, windows, walls,ceilings, floors, fences, door strikes, doorframes and door closers3Is Physical Security An IT Concern? You have been working hard to secure yournetwork from cyber attacks– Redundant layers of antivirus programs,firewalls and intrusion detection systemsshould protect against every possibleelectronic method of entry But what if an attacker gains access to theserver room or network wiring closet . Is you network still safe?4

Destructive vs. Nondestructive Entry Destructive entry– Involves using force to defeat physical security– Methods involve crowbars, bolt cutters and sledgehammers– Negative impact on IT resources is apparent– Remediation steps also obvious Nondestructive entry– Compromises security without leaving signs of a breach– Defeats intrusion detection– Greater and long-term threat5Compromising Locks For centuries, the lock has been one of thecornerstones of physical security– We rely on dozens of them every day to protect peopleand assets The trust most people place in locks is unwarranted– Most locks can be easily compromised with nondestructivemethods– Sometimes within seconds and with readily available tools “Locks keep honest people honest”6

Lock Picking Lock picking had been the exclusive art oflocksmiths, professional thieves, spies andmagicians for hundreds of years However, with the advent of the Internet,information about lock picking methods andtools has become readily available– E.g., YouTube has many lock picking videos7Lock Picking in Movies Genuine lock picking inmovies used to be prohibited Before 1967, the Hays code(Motion Picture ProductionCode) required censorship ofHollywood movies– “All detailed (that is, imitable)depiction of crime must beremoved, such as lock picking ormixing of chemicals to makeexplosives”Public domain image from http://commons.wikimedia.org/wiki/File:Motion Picture Production Code.gif8

LOCK TYPESImage from http://commons.wikimedia.org/wiki/File:Ancient warded lock open.jpg used with permission under Gnu Free Documentation License 1.29TSA Lock The U.S. government hasestablished a set of rules for theinspection of baggage withoutthe presence of passengers Special TSA-approved locks allowboth inspection and protectionagainst theft An important element is that theinspection must be easilyverifiable by the userPublic domain government image10

Warded Locks Locks of this type wereused in ancient times The key moves the boltassisted by a supportspring Security relies on the factthat not all keys passthrough the key hole11Skeleton Key Usually in old style doorsor desks Different concentricobstructions Easy to lock pick with Skeletonkeys They come from ancient RomeImages from http://en.wikipedia.org/wiki/File:Warded locked.png used by permission under Gnu free documentation license 1.212

Pick vs. BypassBreak open a lock in a nondestructive mannercan be achieved either through: Pick: acting on the lock mechanismsimulating the operation of the key Bypass: manipulation of the bolt withoutusing the lock131860: Yale Pin Tumbler Lock Modern version of theEgyptian single-pindesign Utilizes two pins forlocking Double-detainer theory oflocking Created shear linePublic domain image of Linus Yale, Jr.Image from http://en.wikipedia.org/wiki/File:Pin tumbler with key.svg used with permission under Gnu Free Documentation License 1.214

How Does a Pin Tumbler Lock Work?1. When a key is not present, the pinstacks are pushed down by thesprings so that the driver (top)pins span the plug and the outercasing, preventing the plug fromrotating.2. When the correct key is inserted,the ridges of the key push up thepin stacks so that the cuts of thepin stacks are aligned with theshear line.3. The alignment of the cuts withthe shear line allows the plug tobe rotated.Images from http://en.wikipedia.org/wiki/File:Pin tumbler with key.svg used with permission under Gnu Free Documentation License 1.215How Does a Pin Tumbler Lock Work? If an inappropriate keyis insered, then the pinsdo not align along theshear line and the lockdoes not turn.Image from http://en.wikipedia.org/wiki/File:Pin tumbler with key.svg used with permission under Gnu Free Documentation License 1.216

Photo by Dan Rosenberg included with permission.LOCK PICKING17Terminologyshell or hulldriverttop or drivertumblerspringpinsheer linebottom orkeycylinder or plugkeywayImage from http://en.wikipedia.org/wiki/File:Pin tumbler with key.svg used with permission under Gnu Free Documentation License 1.218

Lockpicking Tools Feelers Scrubbers Tension toolsPhoto by Jennie Rogers included with permission.19Feeler Picking Apply light tension Lift one pin at a time– Identify binding pin Lift binding pin until itreaches the shear line Setting the binding pinwill rotate the lockslightly Find next pin and repeatthe processImage from http://commons.wikimedia.org/wiki/File:Pin and tumbler lock picking.PNG used with permission under Gnu Free Documentation License 1.220

Scrubbing / Raking Apply light tension Work over pins back to front in acircular motion– attempting to pop them into theshear line with the combination oftension Good for beginners Usually employ snake pick or halfdiamondPhoto by Jennie Rogers included with permission.21The Math of Lock Picking Suppose we have– 40 different kinds of key blanks– 7 pin positions– 8 different possible pin heights Then the total number of possible locks is– 40 x 87 83,886,080 Not all these are possible, however, as it isdifficult to put long teeth next to small teeth.22

Rights Amplification inMaster Keyed SystemszReverse engineer master key from change keyzEach lock has P pins, with D potential cut heightszCreate D-1 test keys for each pin position pzzCut all pin positions except p as known change keyPublished by Matt Blaze at Penn23Rights Amplification (continued)zQuery the lock until you find each pin positionzzi.e. To determine first key cut depth insert each of theD-1 test keys and determine which one does not bindto the pinRepeat for each pin24

Rights Amplification StatisticszConsumes P(D-1) blankszCan reduce to P blanks and file down on the flyzzBut this looks suspiciousSearch space is practically pruned bymanufacturer specszzmaximum distance limit in legal adjacent cutsOlder installations sometimes require MKs to behigher on the pin stack25Tubular lock Usually on car alarms or vendingmachines 6-8 pins Easy to pick with special tool The tool could become a new keyImages from http://en.wikipedia.org/wiki/File:Tubular locked.png used with permission under Gnu Free Documentation License 1.226

Statistics 4-6 pins, 4-10 levels 106 1,000,000 possible keys! The angular positions of the cylinders allow toobtain about 180 different positions (180 10)6 3.4012224 1019 (Un) fortunately there is a need for sometolerance in locks27Combination Locks There are locks that do notrequire a physical key to beopened but a code Number of combinations is– Number of digitstimes– Length of combinationImages from http://en.wikipedia.org/wiki/File:Combination unlocked.png ic lock yl88.jpg used with permission under Gnu Free Documentation License 1.228

Combination Locks Inexpensive combination padlocksallow attacks based on reducingthe space of possible combinationsto try– The gears have a higher tolerance ofthe external disk combination– Nominal number of combinations is403 64,000– Possibilities can be reduced to about80 by detecting critical gear pointsPublic domain image from ., see ombination-Lock29Bumping A different way of picking locks Virtually all traditional Yale and similar lockscan be opened by bumping What lock pickers say about bumping:– RELIABLE– REPEATABLE– SIMPLE TO LEARNPhoto by Jennie Rogers included with permission.30

Bump Keys Driver pins “jump” higher thanthe cylinder just for an instant If a light rotational force isapplied, the cylinder will turn Lock bumping is a very fastmethod for opening the lock The lock is not damagedin any way Few key-pin locks cannotbe bumpedPhoto by Jennie Rogers included with permission.31Pick Gun Manual and electronic pickguns are a popular methodfor quick and easy ways ofopening up doors The pick gun is used in asimilar way but usually has atrigger that creates an upwardmovement that must berepeated rapidly to open thelockPublic domain image from http://en.wikipedia.org/wiki/File:IDET2007 lock picking device.jpg32

Side Channel AttacksCheap hinges Rather than attempting todirectly bypass securitymeasures, an attackerinstead goes around themby exploiting othervulnerabilities not protectedby the security mechanisms. Side channel attacks aresometimes surprisinglysimple to perform.High security lockPublic domain image by Pearson Scott Foresman from http://en.wikipedia.org/wiki/File:Screen2 %28PSF%29.png33

Lock picking had been the exclusive art of locksmiths, professional thieves, spies and magicians for hundreds of years However, with the advent of the Internet, information about lock picking methods and tools has become readily available – E.g., YouTube has many lock picking videos 7 Lock Picking in Movies Genuine lock picking in

Related Documents:

To order custom high security cam locks, switch locks, threaded extension locks, or other specialty cylinders: Go to the cam lock part number configurator at www.medeco.com, or contact Customer Service for assistance. All cam and switch locks (except All N One cam locks) in this section are priced without keys. 157 Cam Style Locks

Keying 89 Security 89 Cam Locks 89 Reading Disc Tumbler Locks 90 Double-Bitted Disc Tumbler Locks 99 Chapter 7. Pin Tumbler Locks 103 Construction 103 Disassembly 108 . Master Key Systems 149 Masterkeying Warded Locks 150 Masterkeying Lever Tumbler locks 150 Materkeying Disc Tumbler lock

navigation locks are located on the left descending bank of the river in the historic Portland neighborhood with access off 27th Street at Northwestern Parkway. The locks have the highest lift (37 feet) of any of the locks on the Ohio. The dam pools water 75 miles upriver to Markland Locks and Dam.

Wheel locks compact scissor Wheel locks underseat scissor Wheel locks scissor levers drilled Wheel locks push to lock Wheel locks omit Other その他 15,600 Castor Forks キャスターフォーク Castor fork low ride daily use (standard when no option selected) キャスター間の幅 アンダーシートシザーブレーキ

Locks, Doors, and Windows Install and use good deadbolt locks in your doors (about half of all burglars enter through unlocked doors and windows). Secure sliding glass doors with locks or a rigid wooden dowel wedged in the track. Use window pins on double hung windows for safety and convenience.

Baldwin UL-listed 2.5 and 2.75 mortise locks meet US standard UL-10C and Canadian standard CAN4 S104-M80for survival of a 3-hour burn under positive pressure. All Baldwin Estate Collection mortise entry trim and Estate Collection knob/lever trim may be used with Baldwin UL-listed mortise locks.

Locks of 2.5″(64mm) and 2.75″(70mm) backsets are equipped with a 1″(25mm) throw deadbolt with two hardened steel inserts for maximum protection and security. All deadbolts are of forged brass construction. Locks designed with 1.5″(38mm) and 2″(51mm) backsets have a .5″(13mm) throw deadbolt.

Medeco features patented key control and pin tumblers that must elevate, rotate and align perfectly with the cylinder's sidebar, giving you double protection against picking. The Medeco3 unique design provides triple locking action, making the locks virtually pickproof. All Medeco3 keys and locks are protected under patent trademark and .