Physical security and cryptography can learn from each other, part 11367:
-
Physical security and cryptography can learn from each other, part 11367:
Hotels wisely don't put the room number on guest keycards so if someone finds your card, they'd have to exhaustively search the hotel to find the room it opens.
Some hotels now have elevators programmed to only let you call the floor for which your keycard is coded, preventing guests from wandering to other floors.
But it also means the elevator can be used as an efficient oracle to determine the floor of a found key.
-
Physical security and cryptography can learn from each other, part 11367:
Hotels wisely don't put the room number on guest keycards so if someone finds your card, they'd have to exhaustively search the hotel to find the room it opens.
Some hotels now have elevators programmed to only let you call the floor for which your keycard is coded, preventing guests from wandering to other floors.
But it also means the elevator can be used as an efficient oracle to determine the floor of a found key.
@mattblaze I suspect there is a square-root law here, where optimum balance between the "wandering guest" threat and the "found keycard" threat is achieved by allowing elevator access to the square root of the total number of floors (your own, plus some randomly selected floors)
-
Physical security and cryptography can learn from each other, part 11367:
Hotels wisely don't put the room number on guest keycards so if someone finds your card, they'd have to exhaustively search the hotel to find the room it opens.
Some hotels now have elevators programmed to only let you call the floor for which your keycard is coded, preventing guests from wandering to other floors.
But it also means the elevator can be used as an efficient oracle to determine the floor of a found key.
In other words, restricting the elevator in this way is a bad tradeoff. It makes it harder for guests to visit their friends on other floors, but it reduces the complexity for an outsider burglar from O(|rooms|) to O(|floors|) + O(|rooms-per-floor), a much more feasible search space.
-
Physical security and cryptography can learn from each other, part 11367:
Hotels wisely don't put the room number on guest keycards so if someone finds your card, they'd have to exhaustively search the hotel to find the room it opens.
Some hotels now have elevators programmed to only let you call the floor for which your keycard is coded, preventing guests from wandering to other floors.
But it also means the elevator can be used as an efficient oracle to determine the floor of a found key.
@mattblaze unfortunately, there are people who would interpret this to mean "it is now OK to print room numbers on keys".
-
R relay@relay.infosec.exchange shared this topic
-
Physical security and cryptography can learn from each other, part 11367:
Hotels wisely don't put the room number on guest keycards so if someone finds your card, they'd have to exhaustively search the hotel to find the room it opens.
Some hotels now have elevators programmed to only let you call the floor for which your keycard is coded, preventing guests from wandering to other floors.
But it also means the elevator can be used as an efficient oracle to determine the floor of a found key.
@mattblaze same applies to i.e. self-storage units.
-
In other words, restricting the elevator in this way is a bad tradeoff. It makes it harder for guests to visit their friends on other floors, but it reduces the complexity for an outsider burglar from O(|rooms|) to O(|floors|) + O(|rooms-per-floor), a much more feasible search space.
@mattblaze I am in a hotel now (in Japan, for context).
I observed that you could access any floor when my backpack pressed several floor buttons on our first ride.
When I later attempted to access the laundry room floor but could not, but could access my floor, thought that perhaps the first observation was an anomaly associated with the fact that the only other elevator was being attended by an elevator repairman at the time of the multiple floor incident.
It turns out that I had my Suica card in my hand, not my hotel card, had selected my floor based on the swipe of another guest in the elevator, but was unable to select the laundry floor after a time out.
I discovered this when I couldn't open my room with the Suica.
The flaw in this hotel is that one swipe enables multiple floors, defeating the security access aspect while providing the anonymity. A guest can swipe, and an intruder can then access a floor that they have previously observed a target accessing, and then, presumably, having determined the room number via other (social engineering) means, door knock with "hotel engineering".
-
@mattblaze unfortunately, there are people who would interpret this to mean "it is now OK to print room numbers on keys".
Yea; why not?
So many of the guests keep their key cards in the paper wrapper -- which has their room number on it.
-
Yea; why not?
So many of the guests keep their key cards in the paper wrapper -- which has their room number on it.@JeffGrigg @canacar @mattblaze Came here to say exactly this.
-
Physical security and cryptography can learn from each other, part 11367:
Hotels wisely don't put the room number on guest keycards so if someone finds your card, they'd have to exhaustively search the hotel to find the room it opens.
Some hotels now have elevators programmed to only let you call the floor for which your keycard is coded, preventing guests from wandering to other floors.
But it also means the elevator can be used as an efficient oracle to determine the floor of a found key.
@mattblaze A week ago I checked into a hotel in Vietnam that put little stickers with the room number on our keys. Removing these was Job One once we got into the room.
-
Physical security and cryptography can learn from each other, part 11367:
Hotels wisely don't put the room number on guest keycards so if someone finds your card, they'd have to exhaustively search the hotel to find the room it opens.
Some hotels now have elevators programmed to only let you call the floor for which your keycard is coded, preventing guests from wandering to other floors.
But it also means the elevator can be used as an efficient oracle to determine the floor of a found key.
@mattblaze
They did that for office buildings too. You had to scan your card in he elevator and could only choose the floors you weer allowed on. Solution - ride the elevator till someone gets off on the floor you want. -
Yea; why not?
So many of the guests keep their key cards in the paper wrapper -- which has their room number on it.@JeffGrigg @canacar @mattblaze
But how else will I remember what room I am in at midnight after a few drinks?
Everything looks the same.
-
In other words, restricting the elevator in this way is a bad tradeoff. It makes it harder for guests to visit their friends on other floors, but it reduces the complexity for an outsider burglar from O(|rooms|) to O(|floors|) + O(|rooms-per-floor), a much more feasible search space.
@mattblaze I enjoy the idea, but are you sure they don't print the room number for security reasons? I was under the impression it was because they reprogrammed them when they gave them to you
-
@JeffGrigg @canacar @mattblaze
But how else will I remember what room I am in at midnight after a few drinks?
Everything looks the same.
Practical advice: Put your hotel room key in a different pocket than the holder. (The paper holder has your room number on it.)
-
Physical security and cryptography can learn from each other, part 11367:
Hotels wisely don't put the room number on guest keycards so if someone finds your card, they'd have to exhaustively search the hotel to find the room it opens.
Some hotels now have elevators programmed to only let you call the floor for which your keycard is coded, preventing guests from wandering to other floors.
But it also means the elevator can be used as an efficient oracle to determine the floor of a found key.
@mattblaze a related and perhaps unsolvable issue - if you ask for a digital key at many hotels (on your phone) it often makes any physical keys for your room stop working (which is perhaps a good feature if you lose a key or one is stolen)
But it means that you can't easily have a physical key for say children without electronic devices while also using the digital key.....
(learned, the hard way, when traveling with my son a few years ago when I wanted him to be able to go back to the room)
-
In other words, restricting the elevator in this way is a bad tradeoff. It makes it harder for guests to visit their friends on other floors, but it reduces the complexity for an outsider burglar from O(|rooms|) to O(|floors|) + O(|rooms-per-floor), a much more feasible search space.
the solution is for the hotel itself to drop keycards around the hotel and in the surrounding area
then when that honeypot keycard is used on the elevator it takes the potential burglar to the basement where a burly guy named Steve is waiting for them with a grin
-
@mattblaze I enjoy the idea, but are you sure they don't print the room number for security reasons? I was under the impression it was because they reprogrammed them when they gave them to you
@mfdeakin @mattblaze Both could be true?
-
@JeffGrigg @canacar @mattblaze
But how else will I remember what room I am in at midnight after a few drinks?
Everything looks the same.
@print @JeffGrigg @canacar @mattblaze I've seen worse than not remembering which room you were in. On a trip to southern France, I had to get up early on my final day to get to the airport. I took a cab. As I was about to get in some shirtless British guy, obviously up all night, was asking for help - he couldn't remember where his hotel was (and probably not its name either), and was quite rude when the driver couldn't help. I mentioned a map at the train station (if only to get rid of him)
-
@mattblaze I am in a hotel now (in Japan, for context).
I observed that you could access any floor when my backpack pressed several floor buttons on our first ride.
When I later attempted to access the laundry room floor but could not, but could access my floor, thought that perhaps the first observation was an anomaly associated with the fact that the only other elevator was being attended by an elevator repairman at the time of the multiple floor incident.
It turns out that I had my Suica card in my hand, not my hotel card, had selected my floor based on the swipe of another guest in the elevator, but was unable to select the laundry floor after a time out.
I discovered this when I couldn't open my room with the Suica.
The flaw in this hotel is that one swipe enables multiple floors, defeating the security access aspect while providing the anonymity. A guest can swipe, and an intruder can then access a floor that they have previously observed a target accessing, and then, presumably, having determined the room number via other (social engineering) means, door knock with "hotel engineering".
@BernardSheppard @mattblaze In a hotel I stayed in a few years back, someone discovered an interesting hack: while you could only select a floor after swiping your card (IIRC and only your own), after someone had selected a floor you could select any additional floor by pushing the button of the already selected floor and the new floor at the same time, thanks to the physical wiring of the card-reader add-on.
Not sure whether you'd count that wiring as "software bug" or "physical security issue"
-
Physical security and cryptography can learn from each other, part 11367:
Hotels wisely don't put the room number on guest keycards so if someone finds your card, they'd have to exhaustively search the hotel to find the room it opens.
Some hotels now have elevators programmed to only let you call the floor for which your keycard is coded, preventing guests from wandering to other floors.
But it also means the elevator can be used as an efficient oracle to determine the floor of a found key.
@mattblaze
Key self-destructs after 3 failed rooms.
Say there are 30 rooms on your floor, chance of a successful breakin: 10% -
Physical security and cryptography can learn from each other, part 11367:
Hotels wisely don't put the room number on guest keycards so if someone finds your card, they'd have to exhaustively search the hotel to find the room it opens.
Some hotels now have elevators programmed to only let you call the floor for which your keycard is coded, preventing guests from wandering to other floors.
But it also means the elevator can be used as an efficient oracle to determine the floor of a found key.
@mattblaze while a valid concern, it worries me that a "perfect security" in this situation would come to breach the privacy. Theoretically, you could use biometric data, which would solve the problem; however, now the hotel has to maintain a database with extremely sensitive data or hire third party entity to maintain it for them. Either way, it would be a very attractive target for hackers. I think one has to accept that there are always risks with everything, but some risks have much higher stakes (stolen biometric data > stolen possessions).
