A team of computer experts from the Massachusetts Institute of Technology (MIT) has reportedly constructed a tech-savvy type of Radio Frequency Identification (RFID) chip that is impossible to hack. Alongside researchers from Texas Instruments, the group has already built and tested a number of prototypes that back up their assertions.
RFID chips are now commonplace, used in everything from passports and transport swipe cards to amusement-park tickets. However, as security and privacy concerns among the public have grown in recent years, and with people becoming increasingly suspicious of the technology, the MIT research could be welcome news to those that rely on such chips.
Now, the researchers claim their cutting-edge findings would mean that security concerns regarding RFID systems become a thing of the past. According to Chiraag Juvekar, an electrical engineering graduate at MIT and a co-author of the research, the new chip has been designed to curb so-called 'side-channel attacks' that can be used to steal the encryption keys contained in RFID technology.
"The idea in a side-channel attack is that a given execution of the cryptographic algorithm only leaks a slight amount of information," Juvekar told MIT News. "So you need to execute the cryptographic algorithm with the same secret many, many times to get enough leakage to extract a complete secret."
In light of this, Juvekar claims that his team was able to thwart side-channel attacks by regularly changing the secret encryption keys with the use of a random-number generator. A central-computer server would run the generator, and each time an RFID scanner queried the chip it would send the results back to the server to then validate the key, the research revealed.
The power-glitch problem
However, the experts note that, even with the random encryption-key generator in place, such a system would still be vulnerable to a 'power glitch' attack. This is when the RFID chip's power would be repeatedly cut right before it changed its secret key in an attempt to exploit the system.
The research team found two ways to combat this. One is by installing a so-called 'on-chip power supply' with a power connection that is impossible to cut, and the other is inputting a set of 'non-volatile' memory cells that can remember what data the chip was processing before it lost power. The research was presented at the International Solid-State Circuits Conference (ISSCC) in San Francisco, which took place from 21 January to 4 February.
"In the age of ubiquitous connectivity, security is one of the paramount challenges we face," said Ahmad Bahai, chief technology officer at Texas Instruments. "Because of this, Texas Instruments sponsored the authentication tag research at MIT that is being presented at ISSCC. We believe this research is an important step toward the goal of a robust, low-cost, low-power authentication protocol for the industrial internet."