MIT Develops A Hack-Proof RFID Chip

Uploaded on 2016-02-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Today, RFID chips are built-in all sorts of items, including your credit cards, travel swipe cards, library books, grocery store cards, security tags, implanted medical records, passports and even the access cards provided by companies. But, What actually is an RFID chip?

Radio frequency identification (RFID) is a small electronic device consisting of a chip on which data can be encoded, and an antenna used to transmit that data. It is typically used for short-distance communication of information. However, there is concern that these RFID chips could easily be hacked, and the information on these chips could easily be stolen by hackers. After all, they don't even require physical access to these chips in order to get data from it.

The good news is: Researchers at MIT have developed a new way that prevents RFID chips from hacking.

Although the information on RFID chip is protected with a secret cryptographic key that could thwart a casual data thief, skilled RFID hackers have repeatedly used "Side Channel Attacks" to steal information from these chips easily.

Side Channel Attacks:The 'side-channel attacks' are designed to extract the secret cryptographic key from a system by analyzing the pattern of memory utilization or fluctuations in power usage.

However, side-channel attacks only leak a little amount of information for each repetition of a cryptographic algorithm, so a hacker need to run the attack many numbers of times to get a complete secret key.

Power Glitch Attacks: One way to prevent side channel attacks is to rotate the private key frequently after each transaction with the help of a random-number generator, but a skilled hacker can overcome this with a so-called "Power Glitch Attack."

Repeatedly cutting the RFID chip's power just before it changes the secret cryptographic key is known as power glitch attack.  By using this method, hackers can render the above strategy ineffective and run the same side-channel attack thousands of times, with the same key, in order to get the pattern and fetch the information from the RFID chip.

Here's How MIT Hack-Proof RFID Chip Works: The new RFID chip developed by MIT researchers and manufactured by Texas Instruments is designed to block power glitch attacks, which is virtually impossible to hack by any current means, researchers claimed. The new hack-proof RFID chip can resist power-glitch attacks by having:

  •     An on-board power supply that is "virtually impossible to cut."
  •     Non-volatile memory cells that store computations the chip is working on, even if there's a power cut.

    
This results in resuming of computation once the power gets restored.

"If that computation was an update of the secret key, it would complete the update before responding to a query from the scanner," the researchers wrote in a press release. "Power-glitch attacks won't work."

To achieve this, the new chip takes advantage of a material called, Ferroelectric crystals that consist of molecules arranged into a lattice form where positive and negative charges naturally separate. These ferroelectric crystals can operate as a capacitor for storing power, producing computer memory that retains data even when powered off.

The research team claims that if this high-security RFID chip hits mainstream adoption, it could help prevent contactless card details from being stolen, potentially preventing credit card frauds. However, nothing is unhackable today, so calling something "hack-proof" or "virtually impossible to hack" doesn't make sense. As hackers nowadays are so skilled that even devices that are designed on the top of security features aren't immune to hacks.

However, new technologies, like this RFID chip, that take the security of users to the next level are always a good idea and importantly required to secure the world.

The Hacker News: 

 

 

« Barely A Third of Energy Companies Track Cyber Threats
Brace Yourself For A Cyber-Tsunami »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NCC Group

NCC Group

NCC Group is a global cyber and software resilience business operating across multiple sectors, geographies and technologies.

Y-PARC

Y-PARC

Y-PARC is a center of excellence for cybersecurity, precision industries and medtech, fostering innovation and development and support for startups.

BIO-key

BIO-key

BIO-key is a pioneer and innovator, we are recognized as a leading developer of fingerprint biometric authentication and security solutions.

Liberman Networks

Liberman Networks

Liberman Networks is an IT solutions provider company that provides security, management, monitoring, BDR and cloud solutions.

BT Security

BT Security

BT provides telecommunications and network infrastructure services to keep businesses around the world connected and secure.

National Academy of Cyber Security (NACS) - India

National Academy of Cyber Security (NACS) - India

National Academy of Cyber Security provides Professional Training Courses and Programmes in Cyber Security.

FortKnoxster

FortKnoxster

FortKnoxster is a cybersecurity company within the Crypto & FinTech space. Our encryption technologies are blockchain integrated.

Sentrium Security

Sentrium Security

Sentrium is committed to helping organisations protect their technology, information and people. Our range of bespoke services provide solutions to tackle a broad range of cyber security challenges.

Harvey Nash

Harvey Nash

Harvey Nash is a leading global provider of talent and technology solutions.

Block Harbor Cybersecurity

Block Harbor Cybersecurity

Block Harbor has worked closely with automakers, suppliers, and regulators since 2014 on vehicle cybersecurity.

EPAM Systems

EPAM Systems

Since 1993, EPAM Systems has leveraged its advanced software engineering heritage to become a leading global digital transformation services provider.

Mantodea Security

Mantodea Security

Mantodea Security is an industry-agnostic powerhouse backed by extensive experience and expertise in the realm of IT security.

Zanutix Consulting

Zanutix Consulting

Zanutix specialize in a wide range of services including Network Design and Implementation, Data Management, Cloud Solutions, Software Development and Cybersecurity.

InterSources

InterSources

InterSources is a trusted partner, leading the way in Cloud Security, Cybersecurity, PLG Consulting, Digital Transformation, and Professional Services.

RealmOne

RealmOne

RealmOne addresses the most challenging issues in the realms of defense and cyberspace, adapting to the continuously changing demands of our national security customers.

Solid8 Technologies

Solid8 Technologies

Solid8 Technologies is a value added distributor and innovation incubator partnering with leading global Cyber Security software Vendors.