The problem is tags that are vulnerable to side-channel attacks, which typically analyse patterns of memory access or fluctuations in power usage when a device is performing a cryptographic operation, in order to extract its cryptographic key. According to Chiraag Juvekar, a graduate student in electrical engineering at MIT and first author on a paper presented at the 2016 International Solid-State Circuits Conference, “The idea in a side-channel attack is that a given execution of the cryptographic algorithm only leaks a slight amount of information… so you need to execute the cryptographic algorithm with the same secret many, many times to get enough leakage to extract a complete secret.”
One way to thwart side-channel attacks is to regularly change secret keys. In that case, the RFID chip would run a random-number generator that would generate a new secret key after each transaction. A central server would run the same generator, and every time an RFID scanner queried the tag, it would relay the results to the server, to see if the current key was valid.
Such a system would still, however, be vulnerable to a “power glitch” attack, in which the RFID chip’s power would be repeatedly cut right before it changed its secret key. An attacker could then run the same side-channel attack thousands of times, with the same key. Power-glitch attacks have been used to circumvent limits on the number of incorrect password entries in password-protected devices, but RFID tags are particularly vulnerable to them, since they’re charged by tag readers and have no onboard power supplies.
Two design innovations allow the MIT researchers’ chip to thwart power-glitch attacks: One is an on-chip power supply whose connection to the chip circuitry would be virtually impossible to cut, and the other is a set of nonvolatile memory cells (NVM) that can store whatever data the chip is working on when it begins to lose power. Texas Instruments has built IC prototypes to the researchers’ specifications, and for the NVM, used the ferroelectric memory technology (FRAM) that TI has in-house: the TI and MIT workers report the chips behave as expected.
A ferroelectric crystal can also be thought of as a capacitor, an electrical component that separates charges and is characterised by the voltage between its negative and positive poles. Texas Instruments’ manufacturing process can produce ferroelectric cells with either of two voltages: 1.5 or 3.3V.
The researchers’ new chip uses a bank of 3.3-V capacitors as an on-chip energy source. But it also features 571 1.5-V cells that are discretely integrated into the chip’s circuitry. When the chip’s power source — the external scanner — is removed, the chip taps the 3.3-V capacitors and completes as many operations as it can, then stores the data it’s working on in the 1.5-volt cells.
When power returns, before doing anything else the chip recharges the 3.3-volt capacitors, so that if it’s interrupted again, it will have enough power to store data. Then it resumes its previous computation. If that computation was an update of the secret key, it will complete the update before responding to a query from the scanner. Power-glitch attacks won’t work.
Because the chip has to charge capacitors and complete computations every time it powers on, it’s somewhat slower than conventional RFID chips. But in tests, the researchers found that they could get readouts from their chips at a rate of 30 per second, which should be more than fast enough for most RFID applications.
“In the age of ubiquitous connectivity, security is one of the paramount challenges we face,” says Ahmad Bahai, chief technology officer at Texas Instruments. “Because of this, Texas Instruments sponsored the authentication tag research at MIT that is being presented at ISSCC. We believe this research is an important step toward the goal of a robust, low-cost, low-power authentication protocol for the industrial Internet.”