World's First "Unclonable" RFID Chip

← Back to Stories (view on slashdot.org)

World's First "Unclonable" RFID Chip

Posted by ryuzaki0 on Monday September 8, 2008 @06:04AM from the until-they-make-a-better-cloner dept.

An anonymous reader writes to tell us that a new RFID chip from Verayo claims to be unclonable through the use of the new Physical Unclonable Functions (PUF), sort of an electronic DNA for silicon chips. "Basic passive RFID chips can be easily cloned by copying the data residing on one chip to another. Verayo's PUF-based RFID chips cannot be cloned, and provide a very strong and robust authentication mechanism. No other chip or device can be disguised as the original chip, even if the data is copied from one Verayo RFID chip to another."

4 of 320 comments (clear)

Min score:

Reason:

Sort:

Yeah? by WillKemp · 2008-09-08 06:05 · Score: 5, Insightful

Uncloneable today - cloned tomorrow...
1. Re:Yeah? by morgan_greywolf · 2008-09-08 06:08 · Score: 5, Insightful
  
  It's kind of like those 'unhackable' computers, networks and software we keep hearing about. *yawn* Wake me up when someone actually makes such a thing and it actually, you know, works.
  
  --
  My blog
2. Re:Yeah? by Macman408 · 2008-09-08 09:46 · Score: 5, Insightful
  
  More details can be found for the geekily-minded in their academic paper (PDF warning!).
  Basically, it's a series of multiplexers. The challenge selects exactly what pair of paths through the multiplexers are taken, and the output is a 0 or 1 depending on which path is faster. Presumably, this then gets replicated or reused several times to make a multi-bit response. They show an LFSR in their diagram, but don't explicitly say what they use it for - my guess would be they initialize it with the challenge, then use it to generate the programming bits to select a path through the multiplexers.
  So yeah, it's pretty difficult to manufacture a circuit that exactly matches it. And it would probably take too long to exhaustively try all challenges to discover what the responses are. However, I still see several possible weaknesses.
  First, the challenge/response pairs that are stored (which are outside the RFID chip, used to verify that it is valid) must be selected randomly. If an attacker can reduce the number of possible challenges from 2^64 down to a much smaller number, it's no longer secure: he can interrogate the RFID chip for its responses to those challenges, and then program those into a new chip. It's not completely cloned, but as far as anybody can tell from the stored challenge/response pairs, it is identical.
  Second, the paper shows that about 11 bits out of every 128 are different each time you use the *same* challenge with the *same* chip. To catch most false negatives with the fewest false positives (ie highest security possible), the threshold would have to be probably only 104 correct bits out of 128. (The same challenge with different chips is close to the ideal of 64 changed bits out of 128 total). Presumably, these numbers are approximately halved when using 64-bit challenges and responses. This makes the chip weaker than something that really has 2^64 combinations; you don't have to get all 64 bits right, you just have to get maybe 52 of them right. In the paper, they suggest a threshold of 96 correct bits - or presumably 48-bits with the 64-bit implementation. That effectively knocks a good 5 orders of magnitude off the number of possible responses.
  Third, what's to stop somebody from figuring out the timing parameters of a particular RFID, and emulating the circuit? They say in the paper that they "scramble its output to thwart such 'model building' attacks." OK, how? Is this why the LFSR is in the design? Obviously, they're trying to prevent their competitors from copying their work, but are they also trying to get security through obscurity? We all know how well *that* works.
  Fourth, the challenge/response pairs have to be stored securely. If an attacker can get them, it's game over. Considering most companies still haven't figured out how to secure their customers' credit card numbers, the only thing keeping an attacker at bay is a lack of motivation. Make the payoff good enough, and this is probably the weak point in the system that would be hacked first.
  Fifth, if I'm a malicious supplier of RFID chips, I might be able to find two similar chips. I sell one to somebody else, and keep the second for my own malicious purposes. Since it doesn't have to be exactly identical (within a few bits is fine), and I can use the principles of the birthday attack, this shouldn't be a terribly difficult thing to do. Now, if I did my math right, a malicious supplier would have to buy around 83 million RFID chips to have a 50% chance of getting one pair that are considered to be matches, *if* the threshold is set at the most secure level possible. I'd bet a typical threshold would drop that by another order of magnitude or so. That's a lot of RFID tags, but given RFID's target (low-cost, high-volume), it's not so unreasonable.
  The paper, like many involving an actual company, lacks a lot o
Press release and marketing hype. 1st paragraph: by BitterOldGUy · 2008-09-08 06:07 · Score: 5, Insightful

Verayo launched the worldâ(TM)s first unclonable silicon chip â" the Vera X512H RFID chip. This new RFID chip is based on recently announced breakthrough technology called Physical Unclonable Functions (PUF). PUF technology is a type of electronic DNA or fingerprinting technology for silicon chips that makes each chip unclonable. Verayoâ(TM)s PUF-based RFID technology offers
So, is it unclonable?
Let's have a pool to see when it's cloned. I got by the end of the year by a Stanford student.