MIT reveals hack-proof RFID chip
Thu 4 Feb 2016
A group of researchers at MIT and Texas Instruments announced today that they have developed a new radio frequency identification chip that may be impossible to hack.
Radio frequency identification (RFID) refers to small electronic devices consisting of a chip, on which information can be encoded, and an antenna used to transmit that information. They have many diverse applications, from credit cards that rely on touch rather than swipe technology to industrial and warehousing centers that use RFID instead of bar-codes. RFID chips can have an advantage over traditional barcode systems in that they do not need to be positioned precisely with a scanner for information to be read. However, growing use of RFID chips in the financial information and credit card industries has led to increased privacy concerns.
Traditional RFID chips are vulnerable to side-channel attacks, whereby a hacker can extract a cryptographic key from the chip. However, a hacker would need to execute a cryptographic algorithm many times to extract usable information, as each execution leaks only a small amount of information. The new RFID chip runs a random-number generator that creates a new secret key after each transaction. The key can then be verified with a server to ensure that it is correct.
The group at MIT also incorporated protection against a power-glitch attack [PDF]. Protecting information from a side-channel attack through random number generators would still leave a chip vulnerable to an interruption of the power source that would halt the creation of a new secret key, allowing the hacker to use a previous secret key undetected.
Traditional RFID chips are vulnerable to power-glitch attacks as they are charged by the tag readers, and have no independent power supply of their own. In order to circumvent this type of hack, the group at MIT included an on-chip power supply which would be virtually impossible to circumvent, as well as nonvolatile memory cells which store data if the chip does begin to lose power.
This change in power structure increases privacy protections, but it does slow down access to the information on the RFID chip. In testing, researchers found that the average reading time increased to 30 per second, but determined that this would be fast enough for most RFID applications.
Texas Instruments CTO Ahmad Bahai stated, “We believe this research is an important step toward the goal of a robust, lo-cost, low-power authentication protocol for the industrial internet.” Texas Instruments, along with Japanese automotive company Denso, funded the MIT research project that led to development of the new RFID chip.