American researchers believe they have developed a new type of radio frequency identification (RFID) chip that is virtually impossible to hack.
According to Chiraag Juvekar, a graduate student in electrical engineering at MIT, the chip is designed to prevent so-called side-channel attacks which analyse patterns of memory access or fluctuations in power usage when a device is performing a cryptographic operation, in order to extract its cryptographic key.
“The idea in a side-channel attack is that a given execution of the cryptographic algorithm only leaks a slight amount of information,” Juvekar says.
“So you need to execute the cryptographic algorithm with the same secret many, many times to get enough leakage to extract a complete secret.”
He says one way to thwart side-channel attacks is to regularly change secret keys, in which case, the RFID chip would run a random-number generator that would spit out a new secret key after each transaction. A central server would run the same generator, and every time an RFID scanner queried the tag, it would relay the results to the server, to see if the current key was valid.
However, such a system would still be vulnerable to a 'power glitch' attack, in which the RFID chip’s power would be repeatedly cut right before it changed its secret key. An attacker could then run the same side-channel attack thousands of times, with the same key. Power-glitch attacks have been used to circumvent limits on the number of incorrect password entries in password-protected devices, but RFID tags are particularly vulnerable to them, since they’re charged by tag readers and have no onboard power supplies.
Juvekar and the team at MIT have come up with two design innovations to thwart power-glitch attacks: One is an on-chip power supply whose connection to the chip circuitry would be virtually impossible to cut, and the other is a set of 'nonvolatile' memory cells that can store whatever data the chip is working on when it begins to lose power.
Texas Instruments has built several prototypes of the new chip, to the researchers’ specifications, and they have behaved as expected in experiments.
Adding an on-chip power supply to RFID chips could prevent hacking. Photo: MIT