MIT researchers have created RFID chips, which they believe will vastly improve security of credit cards, key cards and warehouse goods
Researchers at MIT and Texas Instruments have developed a new type of radio frequency identification (RFID) chip, which they claim is almost impossible to hack.
If the new technology becomes widely adopted, it could spell the end for credit card identity theft. The RFID chips could prevent a criminal from stealing your credit card number or key card information by sitting next to you at a café, and they would be unable to steal expensive goods from a warehouse and replace them with fake tags.
MIT graduate student in electrical engineering, Chiraag Juvekar, said the chip is designed to prevent side-channel attacks. Such attacks analyse patterns of memory access or fluctuations in power usage when a device is performing a cryptographic operation, in order to extract its cryptographic key.
He explained: “The idea in a side-channel attack is that a given execution of the cryptographic algorithm only leaks a slight amount of information.
“So you need to execute the cryptographic algorithm with the same secret many, many times to get enough leakage to extract a complete secret.”
One way to stop side-channel attacks is to regularly change secret keys. In that case, the RFID chip would run a random-number generator that would generate a new secret key after each transaction. A central server would then run the same generator, and each time an RFID scanner queried the tag, it would relay the results to the server, to check if the current key was valid.
However, this kind of system would still be vulnerable to a ‘power glitch’ attack, in which the RFID chip’s power would be repeatedly cut right before it changed its secret key. A criminal could then run the same side-channel attack thousands of times, with the same key.
Power-glitch attacks have been used to circumvent limits on the number of incorrect password entries in password-protected devices, but RFID tags are particularly susceptible to them. This is because they are charged by tag readers and have no onboard power supplies.
Two design innovations allow the MIT researchers’ chip to thwart power-glitch attacks. The first is an on-chip power supply, the connection of which to the chip circuitry would be virtually impossible to cut. The second innovation is a set of ‘nonvolatile’ memory cells that can store whatever data the chip is working on when it begins to lose power.
Texas Instruments has built numerous prototypes of the chip, to the MIT researchers’ specifications, and in experiments the chips have behaved as expected.
Ahmad Bahai, chief technology officer at Texas Instruments, said: “In the age of ubiquitous connectivity, security is one of the paramount challenges we face.
“Because of this, Texas Instruments sponsored the authentication tag research at MIT that is being presented at ISSCC. We believe this research is an important step toward the goal of a robust, low-cost, low-power authentication protocol for the industrial Internet.”
How much do you know about the world’s most notorious hackers? Try our quiz!