Welcome Guest,Register Now
Log In

ANT Forum

Welcome guest, please Login or Register

   

Security of ANT (Bruteforcing Network Keys)

Rank

Total Posts: 2

Joined 2021-05-09

PM

Hello all,

Iam a student and currently I try to understand how the security key in ANT is actually working.
I ask myself a question if it would be possible to brute-force the 8-Byte network key in a given network if the network was not configured with the public default network key.
I found a short text on a public blog which I would like to discuss with you :

In the technical FAQ of ANT there’s mention of ANT using only an 8 byte network key. So in order to join an ANT network you need an 8 bit network number and said key. From this, we can deduct the following math: (8 Bit + 8 * 8 Bit)2 = 5184 different possible network configurations. The effort to detect the correct combination of number and key using brute force wouldn’t take much time at all


So is it really that easy to brute-force the network-key? Are there any countermeasures that prevent the network from an attacker at this point? Would love to hear your opinion to this topic...


I know that it is only allowed to try this on own devices/networks. I need this information for my bachelor thesis      
RankRankRankRank

Total Posts: 370

Joined 2012-06-27

PM

The network number is not part of the determination of which network is in use. It is just part of the radio functionality to store multiple network keys and refer to them with an index when setting up the channels. This simplifies the commands between the MCU and radio. The network will behave the same if it is setup with key X on network number 0, 3, 5 etc.      

Signature

Ian Haigh

Rank

Total Posts: 2

Joined 2021-05-09

PM

haighi - 07 June 2021 10:46 AM
The network number is not part of the determination of which network is in use. It is just part of the radio functionality to store multiple network keys and refer to them with an index when setting up the channels. This simplifies the commands between the MCU and radio. The network will behave the same if it is setup with key X on network number 0, 3, 5 etc.


Hello haighi, thanks for your reply!
This means that the amount of possible network-keys would be even lower? Right?
Due to the fact that ANT network keys have a length of 8 Byte the maximum amount of different keys can only be 4096 (64^2). This is due to the nature of available bits. Can anyone confirm this so that I can add this to my bachelor thesis?
I know that most vendors however use the standard public network keys. Do you know vendors that specify there own network keys?

In addition to that I know that this is only the link-layer lower-security part as there can also be security measures in higher layers (For example in ANT-FS the pairing process and passkey).

Cheerz      
RankRankRankRank

Total Posts: 370

Joined 2012-06-27

PM

See https://www.thisisant.com/developer/resources/tech-faq/can-i-generate-my-own-private-network-key-1
Private keys are all generated by Garmin Canada Inc and disclosed only to the company that purchased the key.

Most uses are the keys from https://www.thisisant.com/developer/ant-plus/ant-plus-basics/network-keys ie th.e network key is not a security feature, just a way of managing multiple independent wireless networks. The over the air messages defined in each network can be formatted differently.

For ANT+ the network key offers virtually no security b/c all adopters have access to the key, and becoming an adopter is very easy.      

Signature

Ian Haigh

Rank

Total Posts: 4

Joined 2021-01-28

PM

I am also a student and am currently studying.      
Rank

Total Posts: 8

Joined 2023-01-06

PM

As a result of the fact that ANT network keys are 8 bytes in length, the total number of possible unique keys is limited to a maximum of 4096 (642). This is because of the nature of the bits that are available. Could someone please verify this for me so that I can include it in my bachelor's thesis?

slope game