Applied Web Protection

Openness is a key criterion of protection algorithms and protocols which enable them to be subjected to scrutiny by independent security experts. The alternative “methodology� of hidden proprietary algorithms and protocols has frequently concluded in useful breaks, e.g. of the MIFARE Oyster cards for area transport or the Keelson remote control systems. Open evaluation is public for finished requests of security ,e.g. the NIST competitions for selection of the Elevated Encryption Standard (AES) and the Safeguard Hash Algorithm 3 (SHA-3). Now a days an rising number of embedded protection requests apply the principle of open evaluation as well. A present example is the speci�cation of an open protection protocol stack for car immobilizer requests by Atmel, that has been gave at ESCAR 2010. This stack is primarily intended to be utilized in conjunction alongside automotive transponder chips of this producer, but might in principle be used on each suitable type of transponder chip. In this paper we examine the protection of this protocol stack. We were able to uncover a number of possible security vulnerabilities, for that we counsel �xes.