What is an RFID chip?
Radio-frequency identification (RFID) is the wireless use of electromagnetic fields to transfer data, for the purposes of automatically identifying and tracking tags attached to objects. The tags contain electronically stored information.
However, there is concern that these RFID chips could easily be hacked, and the information on these chips could easily be stolen by hackers. After all, they don’t even require physical access to these chips in order to get data from it.
Researchers at MIT and Texas Instruments have developed a new type of radio frequency identification (RFID) chip that is virtually impossible to hack.
If such chips were widely adopted, it could mean that an identity thief couldn’t steal your credit card number or key card information by sitting next to you at a café, and high-tech burglars couldn’t swipe expensive goods from a warehouse and replace them with dummy tags.
“The chip is designed to prevent so-called side-channel attacks. Side-channel attacks analyze patterns of memory access or fluctuations in power usage when a device is performing a cryptographic operation, in order to extract its cryptographic key”, according to the first researcher Chiraag Juvekar.
One way to prevent side-channel attacks is to change secret keys more often . So in that case the RFID chip would run a random-number generator that would spit out a new secret key after each transaction. A central server would run the same generator and every time an RFID scanner queried the tag it would relay the results to the server to see if the current key was valid.
Power glitch attacks:
Such a system would still, however, be vulnerable to a “power glitch” attack, in which the RFID chip’s power would be repeatedly cut right before it changed its secret key. An attacker could then run the same side-channel attack thousands of times, with the same key. Power-glitch attacks have been used to circumvent limits on the number of incorrect password entries in password-protected devices, but RFID tags are particularly vulnerable to them, since they’re charged by tag readers and have no onboard power supplies.
Two design innovations allow the MIT researchers’ chip to thwart power-glitch attacks:
- An on-chip power supply whose connection to the chip circuitry would be virtually impossible to cut.
- A set of “nonvolatile” memory cells that can store whatever data the chip is working on when it begins to lose power.
For both of these features, the researchers use a special type of material known as a ferroelectric crystals.
How MIT Hack-Proof RFID Chip Works:
As a crystal, a ferroelectric material consists of molecules arranged into a regular three-dimensional lattice. In every cell of the lattice, positive and negative charges naturally separate, producing electrical polarization. The application of an electric field, however, can align the cells’ polarization in either of two directions, which can represent the two possible values of a bit of information.
When the electric field is removed, the cells maintain their polarization. Texas Instruments and other chip manufacturers have been using ferroelectric materials to produce nonvolatile memory, or computer memory that retains data when it’s powered off.
A ferroelectric crystal can also be thought of as a capacitor, an electrical component that separates charges and is characterized by the voltage between its negative and positive poles. Texas Instruments’ manufacturing process can produce ferroelectric cells with either of two voltages: 1.5 volts or 3.3 volts.
The researchers’ new chip uses a bank of 3.3-volt capacitors as an on-chip energy source. But it also features 571 1.5-volt cells that are discretely integrated into the chip’s circuitry. When the chip’s power source — the external scanner — is removed, the chip taps the 3.3-volt capacitors and completes as many operations as it can, then stores the data it’s working on in the 1.5-volt cells.
When power returns, before doing anything else the chip recharges the 3.3-volt capacitors, so that if it’s interrupted again, it will have enough power to store data. Then it resumes its previous computation. If that computation was an update of the secret key, it will complete the update before responding to a query from the scanner. Power-glitch attacks won’t work.
Because the chip has to charge capacitors and complete computations every time it powers on, it’s somewhat slower than conventional RFID chips. But in tests, the researchers found that they could get readouts from their chips at a rate of 30 per second, which should be more than fast enough for most RFID applications.