Digital signature transponder

The Texas Instruments digital signature transponder (DST) is a cryptographically enabled radio-frequency identification (RFID) device used in a variety of wireless authentication applications. The largest deployments of the DST include the Exxon-Mobil Speedpass payment system (approximately 7 million transponders), as well as a variety of vehicle immobilizer systems used in many late model Ford, Lincoln, Mercury, Toyota, Nissan, Kia, Hyundai and Tesla vehicles.

The DST is an unpowered "passive" transponder which uses a proprietary block cipher to implement a challenge–response authentication protocol. Each DST tag contains a quantity of non-volatile RAM, which stores a 40-bit encryption key. This key is used to encipher a 40-bit challenge issued by the reader, producing a 40-bit ciphertext, which is then truncated to produce a 24-bit response transmitted back to the reader. Verifiers (who also possess the encryption key) verify this challenge by computing the expected result and comparing it to the tag response. Transponder encryption keys are user programmable, using a simple over-the-air protocol. Once correctly programmed, transponders may be "locked" through a separate command, which prevents further changes to the internal key value. Each transponder is factory provisioned with a 24-bit serial number and 8-bit manufacturer code. These values are fixed and cannot be altered if the transponder is locked.

The DST40 cipher
Until 2005, the DST cipher (DST40) was a trade secret of Texas Instruments, made available to customers under non-disclosure agreement. This policy was likely instituted due to the cipher's non-standard design and small key size, which rendered it vulnerable to brute-force keysearch. In 2005, a group of students from the Johns Hopkins University Information Security Institute and RSA Laboratories reverse-engineered the cipher using an inexpensive Texas Instruments evaluation kit, through schematics of the cipher leaked onto Internet, and black-box techniques (i.e., querying transponders via the radio interface, rather than dismantling them to examining the circuitry). Once the cipher design was known, the team programmed several FPGA devices to perform brute-force key searches based on known challenge/response pairs. Using a single FPGA device, the team was able to recover a key from two known challenge/response pairs in approximately 11 hours (average case). With an array of 16 FPGA devices, they reduced this time to less than one hour. Additionally, researchers from the COSIC research group of KU Leuven implemented a time/memory trade-off attack for which a 5.6 TB lookup table has to be precomputed, after which a key can be recovered in two seconds using a Raspberry Pi 3B by sniffing two challenge-response pairs.

DST40 is a 200-round unbalanced Feistel cipher, in which L0 is 38 bits, and R0 is 2 bits. The key schedule is a simple linear feedback shift register, which updates every three rounds, resulting in some weak keys (e.g., the zero key). Although the cipher is potentially invertible, the DST protocol makes use of only the encipher mode. When used in the protocol with the 40–24-bit output truncation, the resulting primitive is more aptly described as a Message Authentication Code rather than an encryption function. Although a truncated block cipher represents an unusual choice for such a primitive, this design has the advantage of precisely bounding the number of collisions for every single key value.

The DST40 cipher is one of the most widely used unbalanced Feistel ciphers in existence.

The DST80 cipher
As a reaction to the discovery that the key size used in DST40 is too short to stop brute-force attacks, TI developed the DST80 cipher, which has a key size of 80 bits. Challenges are still 40 bits in size, however. As, like its predecessor, DST80 documentation was never released to the public either, researchers from the COSIC research group of KU Leuven managed to extract the firmware of several vehicle immobilizer implementations, and reverse-engineer the cipher from these implementations. Additional to the cryptanalysis of DST80, they also found a side-channel attack that can also be used to extract the cryptographic keys.

DST80 is still an unbalanced Feistel network of 200 rounds with the same values for L0 and R0. The key schedule, now updating every round and using 80-bit keys, is still based on an LFSR. While this would fix the brute-force attack used against DST40, the issue of weak keys still persists. Furthermore, several manufacturers improperly configured their DST80-based transponders reducing the security of the overall system against brute-force attacks to hardly any higher than that of DST40 (a downgrade from 280 to 241). Furthermore, as some manufacturers (Kia, Hyundai, and Toyota) used easy-to-guess low-entropy keys, the upper bound is often even lower. Finally, its implementation is vulnerable to side-channel attacks.

Reaction and fixes
It is unclear if the security threats to the DST-based immobilizer systems and Exxon-Mobil Speedpass system have been addressed. It is possible that these systems have been updated with more secure transponders or that additional measures have been put in place to protect against vulnerabilities. It is important for users of these systems to continue to be vigilant in protecting their transponder keys and to carefully review their Speedpass invoices for any signs of fraud. The use of metallic shields may also provide additional protection against unauthorized scanning of DST tags. It is recommended for users to stay informed about the security of these systems and to take necessary precautions to protect themselves.