More and more devices are showing up with RFID chips built-in, but there is concern that the data on these chips could easily stolen. After all, an attacker doesn’t even need to physically have possession of the RFID chip to get information from it. Protecting the data on the chip with a secret key will thwart a casual data thief, but there are still ways around that. Researchers from MIT have developed a new type of RFID chip (manufactured by Texas Instruments) that they claim cannot be hacked by any current means. They manage this with a combination of integrated power and data storage not previously seen in RFID technology.
Most RFID hacks are based on what is known as a side-channel attack. Basically, by analyzing the pattern of power usage and memory utilization, it’s possible to extract the cryptographic key from a system. Side-channel attacks only leak a little data for each repetition of an algorithm, so you need to run the attack many times to get a full key. One way to thwart these attacks is to rotate the private key frequently, but a determined hacker can get around this with a so-called power glitch attack, and that’s what the RFID chip from MIT is designed to block.
Power-glitch attacks involve cutting power to a device right before it can rotate its secret key. That allows the attacker to run the same side-channel attack numerous times to get the key. A power-glitch attack can be used on various devices, but RFID chips are particularly vulnerable as they don’t have a built-in power source. Instead, they’re powered by induction from the reader. The highly secure RFID developed by graduate student Chiraag Juvekar and his faculty advisers has an integrated power supply and non-volatile memory to guard against this exact scenario.
This chip takes advantage of a material called ferroelectric crystals. They consist of molecules arranged into a lattice where positive and negative charges naturally separate. Applying an electric field can flip the charges to one direction or the other, thus representing a bit of information. A ferroelectric crystal can also operate as a capacitor for storing power; this is the voltage difference between the lattice’s negative and positive poles.
Texas Instruments’ manufacturing process can create banks of 1.5v and 3.3v cells on the RFID composed of ferroelectric crystals. When a power glitch attack is attempted on this chip, the 3.3v cells act as an energy source allowing the chip to store the data it’s working on in the 1.5v cells. When power is restored, the first thing the chip does is recharge the 3.3v cells in case power is lost again, then it picks up where it left off with the saved data. If it’s trying to rotate the secret key, it continues doing so and makes the attack useless.
The team speculates that this technology, if adopted widely, could make RFID chips considerably more secure. The storage and power requirements increase cost, and the output rate is a bit slower than conventional chips. However, the team found that it could still produce 30 readouts per second, which should be fine for most RFID applications.
No comments:
Post a Comment