Threat modeling mechanical locking systems, by analyzing puzzles?

Presented at May Contain Hackers (MCH2022), July 25, 2022, 1 p.m. (50 minutes)

Mechanical locks are everywhere and come in all shapes and flavors. But choosing the right lock can be rather difficult. For example, what is better? A lock that is hard to pick, or a lock with hard to duplicate keys. This talk will not give you the answers, but it will help you understand the trade-offs. Furthermore, we will have fun threat modeling our locks.

Is lockpicking a threat you should be concerned about, or is the brick the tool you should care for? Jan-Willem, from The Open Organization of Lockpickers (Toool), will share his ideas on mechanical security and threat modeling. We will make it fun and use several case studies, starting with defining a lock, threat modeling mechanical puzzles, and use several case studies where the threat was overrated. Simply put, attacks against locks range from the trivial to mastery. I'll share multiple failed attempts of attacks that should be trivial, but were not in practice, and we will analyze them together.


Presenters:

  • Jan-Willem
    Jan-Willem (@jwrm22) is Embedded Security Analyst and Trainer at Riscure, and Secretary of The Open Organization Of Lockpickers (Toool NL). With his projects, he brings the lockpicking community to a higher level. He has new takes on old ideas, specializes in niche security subjects, and shares his knowledge with the community.

Links:

Similar Presentations: