MIT Develops A Hack-Proof RFID Chip

Uploaded on 2016-02-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Today, RFID chips are built-in all sorts of items, including your credit cards, travel swipe cards, library books, grocery store cards, security tags, implanted medical records, passports and even the access cards provided by companies. But, What actually is an RFID chip?

Radio frequency identification (RFID) is a small electronic device consisting of a chip on which data can be encoded, and an antenna used to transmit that data. It is typically used for short-distance communication of information. However, there is concern that these RFID chips could easily be hacked, and the information on these chips could easily be stolen by hackers. After all, they don't even require physical access to these chips in order to get data from it.

The good news is: Researchers at MIT have developed a new way that prevents RFID chips from hacking.

Although the information on RFID chip is protected with a secret cryptographic key that could thwart a casual data thief, skilled RFID hackers have repeatedly used "Side Channel Attacks" to steal information from these chips easily.

Side Channel Attacks:The 'side-channel attacks' are designed to extract the secret cryptographic key from a system by analyzing the pattern of memory utilization or fluctuations in power usage.

However, side-channel attacks only leak a little amount of information for each repetition of a cryptographic algorithm, so a hacker need to run the attack many numbers of times to get a complete secret key.

Power Glitch Attacks: One way to prevent side channel attacks is to rotate the private key frequently after each transaction with the help of a random-number generator, but a skilled hacker can overcome this with a so-called "Power Glitch Attack."

Repeatedly cutting the RFID chip's power just before it changes the secret cryptographic key is known as power glitch attack.  By using this method, hackers can render the above strategy ineffective and run the same side-channel attack thousands of times, with the same key, in order to get the pattern and fetch the information from the RFID chip.

Here's How MIT Hack-Proof RFID Chip Works: The new RFID chip developed by MIT researchers and manufactured by Texas Instruments is designed to block power glitch attacks, which is virtually impossible to hack by any current means, researchers claimed. The new hack-proof RFID chip can resist power-glitch attacks by having:

  •     An on-board power supply that is "virtually impossible to cut."
  •     Non-volatile memory cells that store computations the chip is working on, even if there's a power cut.

    
This results in resuming of computation once the power gets restored.

"If that computation was an update of the secret key, it would complete the update before responding to a query from the scanner," the researchers wrote in a press release. "Power-glitch attacks won't work."

To achieve this, the new chip takes advantage of a material called, Ferroelectric crystals that consist of molecules arranged into a lattice form where positive and negative charges naturally separate. These ferroelectric crystals can operate as a capacitor for storing power, producing computer memory that retains data even when powered off.

The research team claims that if this high-security RFID chip hits mainstream adoption, it could help prevent contactless card details from being stolen, potentially preventing credit card frauds. However, nothing is unhackable today, so calling something "hack-proof" or "virtually impossible to hack" doesn't make sense. As hackers nowadays are so skilled that even devices that are designed on the top of security features aren't immune to hacks.

However, new technologies, like this RFID chip, that take the security of users to the next level are always a good idea and importantly required to secure the world.

The Hacker News: 

 

 

« Barely A Third of Energy Companies Track Cyber Threats
Brace Yourself For A Cyber-Tsunami »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Chertoff Group

Chertoff Group

The Chertoff Group provide security advice and risk management services covering cyber security, insider threat, physical security and asset protection.

MyCERT

MyCERT

MyCERT is the National Computer Emergency Response Team of Malaysia.

Cybercom Group

Cybercom Group

Cybercom offers strategic advice, testing & quality assurance, security solutions, system development, integration, management and operation services.

maCERT

maCERT

maCERT is the national Computer Emergency Response Team for Morocco.

SecureNinja

SecureNinja

SecureNinja provides professional training, certifications & professional services related to all facets of Information Technology and Cyber Security.

Assertion

Assertion

Assertion secures your collaboration (UC/CC) systems from cyber risks. Enforcing the right set of controls and monitoring them continually brings down risk to acceptable levels.

Private Machines

Private Machines

Private Machines develops unique patent-pending technology protects cloud and data center workloads.

United Network Technologies

United Network Technologies

United Network Technologies is a leading Managed Services Provider, distributor and developer of specialised cyber security components and technologies.

Gordian Networks

Gordian Networks

Gordian Networks offers complete managed IT services and IT support for small to large businesses.

Global Resources

Global Resources

Global Resources' planning and management capabilities support city, regional, and national utility and infrastructure management, and information systems and cyber security service delivery.

QuSecure

QuSecure

QuSecure provides a software-driven security architecture that overlays your current infrastructure and provides next-generation security to protect your entire network from quantum threats.

National Security Services Group (NSSG) - Oman

National Security Services Group (NSSG) - Oman

National Security Services Group (NSSG) is Oman's leading and only proprietary Cybersecurity consultancy firm and Managed Security Services Provider.

Laneden

Laneden

Laneden specialise in helping organisations identify security concerns and quantify the risks you may have across your assets, using Penetration Testing, Threat Simulation and Compliance Testing.

Castlepoint Systems

Castlepoint Systems

Castlepoint Systems is a pioneer in information governance, risk and compliance as a service. An all-in-one solution offering powerful risk management, built in compliance, cybersecurity and audit.

Simpson Associates

Simpson Associates

Simpson Associates is a Data Transformation and managed services provider that helps organisations gain valuable insights from their data and make better-informed decisions.

Synechron

Synechron

Synechron is a leading global digital consulting firm, providing innovative technology solutions for business.