Metroid Security Mechanism

Having recently played most of the way through Metroid Prime 3: Corruption, I came across an interesting security mechanism in the game that I haven’t really seen paralleled in the real world…

During the latter part of the game where the player travels to the Space Pirate home-world, the player receives a suit upgrade which allows the HUD of their visor to go into an X-Ray mode and see through most obstacles. An interesting property of this visor is that it allows the values on the buttons of a combination lock’s access panel to be obscured from normal view. When viewed via the X-Ray visor, the values of the buttons can be read:

That’s not the bit that struck me as novel, however. The interesting bit to me was that once the player uses the X-Ray visor to see the values of the buttons on the panel, whenever a button was pressed to enter it’s value, the remaining buttons’ values were randomized:

Now, the obvious flaw in the game’s locking mechanism is that the combination is displayed alongside the buttons; the “key” to the lock is essentially possession of the X-Ray visor. In the real world, the combination is generally secret and must be stolen, guessed, or brute-forced. A lot of mechanical brute-force attacks against combination locks using button pads, letter or number dials, disks, etc. depend on the values of those components to be a mechanical constant of the system. If this is true, the brute forcing device can ensure that once it has tried a particular combination of values that it does not try them again and can therefore progressively eliminate the failed combinations that it has already tried. The locking system used in the game denies an attacker that mechanical constant by randomizing the button values after every button press, so unless the attacking mechanism can dynamically determine the values of the buttons prior to each button press, it will likely never succeed in brute-forcing the combination to the lock.

In addition to the brute-force attacks, many intelligent guessing methods other than directly observing which values a user presses rely on observing the approximate locations of a user’s fingers and motion of the hand as they press the buttons. A more forensic approach involves identifying button wear or dusting the keypad for fingerprints to identify which buttons are commonly pressed or were used in a recent authentication. Randomizing the button values either after every button press or after each authentication attempt also defeats both of these types of attacks. In the first case, the button values are not predictable for the period of time in which they were observed being pressed. In the second case, button wear should be uniform across all buttons due to the randomization of values, and fingerprints left on the keypad will no longer be associated with the correct button values at the time of dusting.

I personally haven’t seen any key-pad combination lock manufacturers create anything like this in real life, and after some fairly extensive searching of the web I didn’t come across any products that do this. It would appear that Space Pirates have a thing or two to teach us about physical security.

[EDIT: Apparently, IBM holds a patent on exactly this idea. I wonder if they’ll sue Nintendo for virtual patent infringement…]

2 Responses to “Metroid Security Mechanism”

  1. SmartPhone Unlock Screens: Moving in the Wrong Direction « Dustin D. Trammell Says:

    […] Needless to say, I tend to wipe my phone’s touch-screen quite frequently.  Why hasn’t anyone implemented a lock screen that uses a technique like this one? […]

  2. TJ Leeland Says:

    as security expert I can tell you why make-believe security is better than real life: make-believe users don’t call tech-support.

    Seriously.

    The more secure you make things, the more calls you get from users who can’t get into their systems. You add “random” anything to a login process and you will see lockouts skyrocket and calls to support will jump along with it. It’s always a balance between security and usability. They can only give you the level of security the dumbest users can handle.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: