MIT Develops A Hack-Proof RFID Chip

Today, RFID chips are built-in all sorts of items, including your credit cards, travel swipe cards, library books, grocery store cards, security tags, implanted medical records, passports and even the access cards provided by companies. But, What actually is an RFID chip?

Radio frequency identification (RFID) is a small electronic device consisting of a chip on which data can be encoded, and an antenna used to transmit that data. It is typically used for short-distance communication of information. However, there is concern that these RFID chips could easily be hacked, and the information on these chips could easily be stolen by hackers. After all, they don't even require physical access to these chips in order to get data from it.

The good news is: Researchers at MIT have developed a new way that prevents RFID chips from hacking.

Although the information on RFID chip is protected with a secret cryptographic key that could thwart a casual data thief, skilled RFID hackers have repeatedly used "Side Channel Attacks" to steal information from these chips easily.

Side Channel Attacks:The 'side-channel attacks' are designed to extract the secret cryptographic key from a system by analyzing the pattern of memory utilization or fluctuations in power usage.

However, side-channel attacks only leak a little amount of information for each repetition of a cryptographic algorithm, so a hacker need to run the attack many numbers of times to get a complete secret key.

Power Glitch Attacks: One way to prevent side channel attacks is to rotate the private key frequently after each transaction with the help of a random-number generator, but a skilled hacker can overcome this with a so-called "Power Glitch Attack."

Repeatedly cutting the RFID chip's power just before it changes the secret cryptographic key is known as power glitch attack.  By using this method, hackers can render the above strategy ineffective and run the same side-channel attack thousands of times, with the same key, in order to get the pattern and fetch the information from the RFID chip.

Here's How MIT Hack-Proof RFID Chip Works: The new RFID chip developed by MIT researchers and manufactured by Texas Instruments is designed to block power glitch attacks, which is virtually impossible to hack by any current means, researchers claimed. The new hack-proof RFID chip can resist power-glitch attacks by having:

  •     An on-board power supply that is "virtually impossible to cut."
  •     Non-volatile memory cells that store computations the chip is working on, even if there's a power cut.

    
This results in resuming of computation once the power gets restored.

"If that computation was an update of the secret key, it would complete the update before responding to a query from the scanner," the researchers wrote in a press release. "Power-glitch attacks won't work."

To achieve this, the new chip takes advantage of a material called, Ferroelectric crystals that consist of molecules arranged into a lattice form where positive and negative charges naturally separate. These ferroelectric crystals can operate as a capacitor for storing power, producing computer memory that retains data even when powered off.

The research team claims that if this high-security RFID chip hits mainstream adoption, it could help prevent contactless card details from being stolen, potentially preventing credit card frauds. However, nothing is unhackable today, so calling something "hack-proof" or "virtually impossible to hack" doesn't make sense. As hackers nowadays are so skilled that even devices that are designed on the top of security features aren't immune to hacks.

However, new technologies, like this RFID chip, that take the security of users to the next level are always a good idea and importantly required to secure the world.

The Hacker News: 

 

 

« Barely A Third of Energy Companies Track Cyber Threats
Brace Yourself For A Cyber-Tsunami »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Council on Foreign Relations (CFR)

Council on Foreign Relations (CFR)

CFR is dedicated to better understanding the world and the foreign policy choices facing the USA and other countries. Cyber security is covered within the CFR topic areas.

Yubico

Yubico

Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts.

OIC-CERT

OIC-CERT

OIC-CERT is the Computer Emergency Response Team for Organisation of Islamic Cooperation (OIC) member countries.

Bit4id

Bit4id

Bit4id provides software and systems for security and identification based on PKI technology.

Rippleshot

Rippleshot

Rippleshot is a fraud analytics firm that detects mass card compromises faster, allowing issuers to execute more proactive fraud detection strategies.

ShiftLeft

ShiftLeft

ShiftLeft is a continuous application security platform, purpose-built for the modern software development life cycle.

Search Guard

Search Guard

Search Guard® is an Open Source security suite for #Elasticsearch and the entire #ELK stack that offers encryption, authentication, authorization, audit logging and multi tenancy.

Intellias

Intellias

Intellias is a trusted technology partner to top-tier organizations and digital natives helping them accelerate their pace of sustainable digitalization.

IMQ Group

IMQ Group

IMQ is one of Europe’s top players in the field of conformity assessment. We offer certification services to support all the major sectors of the manufacturing and service industries.

ReasonLabs

ReasonLabs

ReasonLabs have created a next-generation anti-virus that is enterprise grade, yet accessible to any personal device around the world.

Marcum Technology

Marcum Technology

Marcum Technology consultants are focused on helping you reach your company’s full potential by exploring creative ways to integrate tomorrow’s technology into your business today.

Goldilock

Goldilock

Goldilock is redefining how sensitive data, devices, networks and critical infrastructure can be secured.

Olympix

Olympix

Dev-first Web3 security that starts at the source. Olympix is a pioneering DevSecOps tool that puts security in the hands of the developer by proactively securing code from day one.

CMIT Solutions

CMIT Solutions

CMIT Solutions is a recognized leader in Managed IT Services for businesses. We empower businesses like yours by providing innovative technology solutions, managed IT services and cybersecurity.

AI Safety Institute (AISI)

AI Safety Institute (AISI)

The AI Safety Institute’s mission is to minimise surprise to the UK and humanity from rapid and unexpected advances in AI.

Ionize

Ionize

Ionize offers solutions to help you uplift your capability across the full-spectrum of cyber security - assessment, remediation, monitoring, governance and ongoing education.