Effective attack against Total Position Progression (TPP) master keys


in Geek stuff, Security

A lot of businesses and institutions rely upon master key systems, in which most keys can only open one lock, but one key can open all of them. The latter sort of keys are usually held by security personnel, superintendents, etc. One common approach to achieving this with pin tumbler locks is to put two cuts in each pin stack, instead of the usual one. That allows several different possible keys to align the cuts along a shear line, allowing the lock to be opened.

A paper by Matt Blaze, from AT&T Labs – Research, describes a relatively simple attack that foils such master key systems, allowing anyone with an ordinary key, some blanks, and a file to copy the master key without ever seeing it. Basically, the approach is to start with the non-master key, then test each pin for another value that still produces a working key. Working through pin-by-pin, you can identify where the second break lies for each pin. From that, you can file or cut yourself a key that will open all the locks in the system. Using a bit of basic math, this process can be optimized and the number of blanks and key modifications required reduced.

It’s a neat attack for a number of reasons. It doesn’t require any exotic equipment or exceptional technical skill. Nor does it require breaking into anywhere, or compromising or tricking anyone. What it does do is provide a skilled attacker with a cheap means to render a much more expensive security system ineffective, requiring the replacement of all the master locks to correct for the failure (and not just with new master locks of the same kind, which would be vulnerable again). It is also neat insofar as it demonstrates what is effectively a mathematical attack against a physical system.

It is quite possible that this attack could allow somebody with legitimate access to one unit in a group (an office, a self-storage locker, a university residence room, etc) to gain access to all others, in a way that would be hard to detect and expensive to counteract.

{ 1 comment… read it below or add one }

R.K. June 21, 2009 at 2:11 pm

This kind of master key system is even more vulnerable to insiders with access to a large number of non-master keys.

Imagine an employee with a set of extra keys for all residents, to give them if they lock themselves out. That person could scrutinize a lot of keys and identify which value occurs on one of them for each pin. That would be the value for the master key.

Leave a Comment

Previous post:

Next post: