A new type of radio frequency identification (RFID) chip developed by a team of researchers from Texas Instruments and MIT is believed to be impossible to hack.
Should the technology prove scalable, it could soon see use in credit cards, key cards, and more.
Specifically, the threat that this chip is protecting users against is having the data stored on these cards stolen by a nearby hacker via what’s referred to as a “side-channel attack”. In these instances, a program is used to analyze patterns of memory access or fluctuations in power use when a device is performing a cryptographic operation for the purpose of extracting its cryptographic key.
“The idea in a side-channel attack is that a given execution of the cryptographic algorithm only leaks a slight amount of information,” explains Chiraag Juvekar, a graduate student in electrical engineering at MIT and first author on the new paper explaining the team’s technology. “So you need to execute the cryptographic algorithm with the same secret many, many times to get enough leakage to extract a complete secret.”
A method for preventing side-channel attacks that is already in place is to regularly change secret keys. In the case of the new RFID chip, it would run a random-number generator that would create a new secret key after each transaction. A central server would run the same generator, and each time an RFID scanner queried the tag, it would relay the results to the server to see if the current key is valid.
But this solution is not enough on its own. You see, the chip would still be vulnerable to “power glitch” attacks, in which the RFID chip’s power is repeatedly cut right before it changes its secret key. When timed correctly, an attacker could then run a side-channel attack thousands of times with the same key. This might seem like a bit of an extreme circumstance, however, it’s been used several times before, and with terrific success due in large part to the fact that it allows the hacking program to circumvent limits on the number of incorrect password entries in password-protected devices. RFID tags, in particular, are susceptible to this type of attack since they’re charged by tag readers and are without any sort of onboard power supply.
To address these issues, the MIT researchers came up with two fairly innovative designs: one is an on-chip power supply whose connection to the actual chip circuitry is nearly impossible to cut, and the other is a set of “nonvolatile” memory cells that are able to store whatever data the chip is working on when it loses power.
The key to these designs are ferroelectric crystals. As a crystal, ferroelectric material is made up of molecules arranged in a regular three-dimensional lattice. Within every cell of the lattice, positive and negative charges naturally separate which, in turn, produces electrical polarization. When an electric field is applied, the cells’ polarization is aligned in one of two directions, which can represent the two possible values of a bit of information. When the electric field is removed, the cells go back to maintaining their polarization.
Now, a ferroelectric crystal can also be considered a capacitor. To this end, TI was able to manufacture these ferroelectric cells with either 1.5 volts or 3.3 volts.
The 3.3-volt capacitors serve as the on-chip energy source. The 1.5-volt cells, meanwhile, are discretely integrated into the chip’s circuitry (all 571 of them). So, when the power source (external scanner) is removed, the chip takes the 3.3-volt capacitors and completes as many operations as it can, then when it begins to lose its remaining power, stores the data it’s working on using the 1.5-volt cells.
When power returns, the chip recharges the 3.3-volt capacitors so that should it be interrupted again, it will have enough power to again store data. Once the capacitors are recharged, the chip then resumes its previous computation. Should that previous computation be an update of the security key, it will complete the update before responding to a query from the scanner. This way, power-glitch attacks will not work on the chip.
Texas Instruments has already built a series of prototypes of this new RFID chip, all to the researchers’ specifications; in experiments thus far it has behaved up to the team’s expectations.
Worth noting is that since the chip has to charge capacitors and complete whatever computations it was working on when it was interrupted every time it powers back on, it’s a bit slower than current RFID chips. But in all of the tests conducted, the team found that they could get readouts from their chips at a rate of 30 per second, which is plenty fast enough for most RFID applications.
“In the age of ubiquitous connectivity, security is one of the paramount challenges we face,” says Ahmad Bahai, chief technology officer at Texas Instruments. “Because of this, Texas Instruments sponsored the authentication tag research at MIT that is being presented at ISSCC. We believe this research is an important step toward the goal of a robust, low-cost, low-power authentication protocol for the industrial Internet.”
Via MIT
Advertisement
Learn more about Electronic Products Magazine
