Researchers Build ‘Hack Proof’ RFID Chip

Researchers Build ‘Hack Proof’ RFID Chip

Researchers at MIT and Texas Instruments have developed a new RFID chip which they claim to be “virtually impossible to hack.”

The new chip is designed to prevent so-called “side channel attacks” designed to extract the cryptographic key by analyzing patterns of memory access or fluctuations in power usage.

“The idea in a side-channel attack is that a given execution of the cryptographic algorithm only leaks a slight amount of information,” said research paper co-author, Chiraag Juvekar.

“So you need to execute the cryptographic algorithm with the same secret many, many times to get enough leakage to extract a complete secret.”

Changing the cryptographic key after each transaction via a random-number generator can prevent a side channel attack, but by cutting the RFID chip’s power repeatedly just before it changes the secret key, hackers can render this strategy ineffective and run the same side-channel attack thousands of times, with the same key.

Crucially, the new chips developed by MIT and TI prevent these so-called “power glitch” attacks, by having an on-board power supply virtually impossible to cut, and “nonvolatile” memory cells that store data the chip is working on when it begins to lose power.

To achieve this, the researchers developed chips featuring ferroelectric crystals, which produce computer memory which retains data even when powered off.

Texas Instruments CTO, Ahmad Bahai, described the discovery as an “important step toward the goal of a robust, low-cost, low-power authentication protocol for the industrial internet.”

The research team claims that the innovative new chips could help prevent contactless card details from being stolen, as well as securing key cards and warehouse goods loaded onto pallets fitted with RFID tags.

The chip giant has built several prototypes based on the new design, which have apparently performed well in tests. The research was shown off at the International Solid-State Circuits Conference, in San Francisco this week.

Source: Information Security Magazine