Researchers have
designed an RFID chip that prevents so-called side-channel attacks,
which analyze
patterns of memory access or fluctuations in power usage when a device is
performing a
cryptographic operation, in order to extract its cryptographic key.
Pictured here is a
standard RFID chip.
(February 4, 2016) New
technology could secure credit cards, key cards, and pallets of goods in
warehouses.
Researchers at MIT and Texas Instruments have developed a
new type of radio frequency identification (RFID) chip that is virtually
impossible to hack.
If such chips were widely adopted, it could mean that an
identity thief couldn’t steal your credit card number or key card information
by sitting next to you at a café, and high-tech burglars couldn’t swipe
expensive goods from a warehouse and replace them with dummy tags.
Texas Instruments has built several prototypes of the new
chip, to the researchers’ specifications, and in experiments the chips have
behaved as expected. The researchers presented their research this week at the
International Solid-State Circuits Conference, in San Francisco.
According to Chiraag Juvekar, a graduate student in
electrical engineering at MIT and first author on the new paper, the chip is
designed to prevent so-called side-channel attacks. Side-channel attacks
analyze patterns of memory access or fluctuations in power usage when a device
is performing a cryptographic operation, in order to extract its cryptographic
key.
“The idea in a side-channel attack is that a given execution
of the cryptographic algorithm only leaks a slight amount of information,”
Juvekar says. “So you need to execute the cryptographic algorithm with the same
secret many, many times to get enough leakage to extract a complete secret.”
One way to thwart side-channel attacks is to regularly
change secret keys. In that case, the RFID chip would run a random-number
generator that would spit out a new secret key after each transaction. A
central server would run the same generator, and every time an RFID scanner
queried the tag, it would relay the results to the server, to see if the
current key was valid.