MIT Reveals "Hack-Proof" RFID Chip

JustAnotherOldGuy writes: A group of researchers at MIT and Texas Instruments claim that they have developed a new radio frequency identification chip that may be impossible to hack. Traditional RFID chips are vulnerable to side-channel attacks, whereby a hacker can extract a cryptographic key from the chip. The new RFID chip runs a random-number generator that creates a new secret key after each transaction. The key can then be verified with a server to ensure that it is correct. The group at MIT also incorporated protection against a power-glitch attack, an attack that would normally leave a chip vulnerable to an interruption of the power source that would in turn halt the creation of a new secret key. Texas Instruments CTO Ahmad Bahai stated, "We believe this research is an important step toward the goal of a robust, lo-cost, low-power authentication protocol for the industrial internet." The question is, how long will it be before this "hack proof" chip is hacked?

I call bullshit

I give it a week. Not that this will ever make it into commercial production anyway

Re: I call bullshit

About 20 years I'd say for it to be hacked by everyone.

Hack proof?

[Viol8]

How many times have we heard this over the years. To be truly hack proof it'll have to be a quantum system. Is it? Doesn't look like it.

Re:Hack proof?

[gstoddart]

Hackproof, unsinkable, indestructible ... at a certain point the superlatives just become meaningless.

The be truly hack proof it needs no inputs and no outputs. It would be useless, but it would be hackproof.

Re:Hack proof?

[AmiMoJo]

TFA says it has its own power supply. Presumably a battery. Kinda breaks the most important feature of RFID.

Re:Hack proof?

[geekmux]

How many times have we heard this over the years. To be truly hack proof it'll have to be a quantum system. Is it? Doesn't look like it.

The real question should be when will companies learn that using terms like "hack proof" will result in an exponentially shorter life span for their "secure" product.

At least enjoy some vetting and success in the wild before making such claims, because if you're smart you already fucking know the inevitable will happen.

Re:Hack proof?

[NotDrWho]

I wish companies and organizations would stop using the term "hack proof," the same way they did with "waterproof." Like "waterproof," there is no such thing in most products. There is only "water resistant" and "hack resistant".

Re:Hack proof?

[Big+Hairy+Ian]

Hack proof is like fool proof just ask Douglas Adams

Re:Hack proof?

Just cover it with thin foil and it will become hacker proof (and pretty useless also).

Re:Hack proof?

[chill]

You just described my senior management.

Re:Hack proof?

[tnk1]

I wish they'd simply say: "Not hackable by all currently known methods". This is not an OTP encrypted device, it's breakable in some manner, even if the necessary capability or process is completely impractical at present.

I hope this is just journalistic bullshitting, because a researcher should know better than that.

Re:Hack proof?

passive vs. active rfid

Re:Hack proof?

gstoddart is as usual proving he is slashdot's own resident mongoloid imbecile with no originality whatsoever merely spewing back by rote what others knew and wrote long ago. Only thing useless on slashdot is you, monogoloid!

SecureID on a chip?

[OzPeter]

Because that is what TFS and TFA read like. I hope there is more to this than meets the eye.

Re:SecureID on a chip?

[rebill]

Almost.

The MIT solution, as described, appears to do away with the clock-based system that RSA uses, and instead has the server and the chip stay in lock-step as transactions occur.

What happens when the two drift out of synchronization will be the key to disrupting the technology.

If the server and chip stop talking to each other when they get out of synch, then the whole system is vulnerable to a wide scale DOS simply by corrupting the server's database of keys.

Imagine an industrial plant manager's reaction when 1000 different devices brick themselves due to a hacker's attack. If it takes a day to replace and reset everything so it all works again, that manager will rip out the technology so that his or her plant is never down that long, ever again.

On the other hand, if the server and chip and re-synchronize after a glitch, then a hacker can emulate that resynchronization process.

I wonder if a Man in the Middle attack would work where the MiM and server exchange one set of keys, while the MiM and chip exchange a second set of keys. Would either side know that it was talking to a fraudulent data source?

Re:SecureID on a chip?

The key is the (pseudo) random number generator. Say, you use something hideous such as DUAL_EC_DRBG (look it up on google), but you change the curve points so that it is not the NSA that can break it (read: *resync* to it) given 32 bytes of output, but yourself. There, done.

Think of it as a pseudo-OTP that depends on two factors to *be* an OTP: (1) an always-increasing counter and self destruct on overflow, and (2) secrecy of the generator function and/or parameters.

I really don't like it.

Re:SecureID on a chip?

if it was not obvious: the server can resync to the RFID chip given enough bytes of random output from the RFID chip, and knowledge of the secret key of the PRNG in the RFID chip, given an appropriate choice of PRNG.

Re:SecureID on a chip?

[ausekilis]

So instead of a time-based RSA key, it's a transaction-based keygen. Sort of like a garage door. Hmm... wonder if those have been hacked.... :-/

unhackable?

Un-hackable? and a thousand hackers said challenge accepted.

Re:unhackable?

Perhaps they want the public to do their research for them. Unhackable is like waving a red flag at a bull.

Marketing "hack proof"

[geekmux]

"The question is, how long will it be before this "hack proof" chip is hacked?"

How long you ask?

*looks at watch*

Probably not hack-proof

[spork+invasion]

No doubt it's an improvement to use a new key each time a transaction is made. But such a system is only as good as the quality of the pseudo-random number generator. If it's predictable, it can be exploited. It adds another layer of defense, but it's not hack-proof.

really?

I see, so a true random number generator? (which it can't be because the "server" need to predict the new key, are we then talking about the rfid sending the new key after each new iteration?) Not one that is reverse engineerable to reveal the key, like car "rolling codes" or how about hacking the authentication server so any key is Valid? how about attacking the chips software so it only creates a predictable key? as its also an RFID chip you can also do all this from range without your target being aware, with a little equipment and can be small enough to fit in a pocket.

How about simple cloning the key 1:1 copy to gain access.

Impossible to hack

[aglider]

It's a definition of time, not a quality: "Until someone will hack it".

Slashdotters still the same old

[AchilleTalon]

It seems even if Slashdot is having a new owner, the Slashdotters are still the same old. Why bothering reading and trying to understand the f... article when you can comment and brag so easily and call everything bullshit?

"Hack-proof" to SIDE CHANNEL attacks.

Re:Slashdotters still the same old

[rmdingler]

It seems even if Slashdot is having a new owner, the Slashdotters are still the same old. Why bothering reading and trying to understand the f... article when you can comment and brag so easily and call everything bullshit?

"Hack-proof" to SIDE CHANNEL attacks.

If there's been no shift in the fabric of the universe, your first reporting of the article should lead to you being modded informative.

There's a reason they don't say fireproof or foolproof any more. In both cases, whenever a proof is realized in the laboratory, nature evolves a greater fool.

Re:Slashdotters still the same old

[spork+invasion]

Here's the actual MIT article: http://news.mit.edu/2016/hack-proof-rfid-chips-0203. It does a good job of explaining the concept. A side channel attack involves analyzing the behavior of the device during encryption to determine its cryptographic key. It's not easy to carry out such an attack, but it's possible. Yes, using a different key each time eliminates the possibility of a side channel at the expense of a new vulnerability, which is the pseudo-random number generator. Perhaps the PRNG is good enough to be less of a vulnerability than a side channel attack, but this is a case of replacing one vulnerability with a different one.

Re:Slashdotters still the same old

[U2xhc2hkb3QgU3Vja3M]

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. Albert Einstein.

resources

[gtall]

So in order to use this whizzy new technology, I must have an independent power source for the RFID chip and I need a server. Yup, that won't be too expensive for most RFID applications.

Re:resources

[drunk_punk]

I think you got it. If the RFID and server are in lock step, doesn't this really mean that each RFID has it's OWN corresponding server??

MIT doesn't seem have any budgetary constraints, must be pretty nice... From where I sit, things are a bit different.

Re:resources

[omnichad]

Wouldn't need it's own power source. Just NVRAM to keep track of how far into the PRNG sequence it's at. It doesn't use a running clock.

"may be impossible to hack."

[mwvdlee]

may be impossible to hack

...in the same way that I may be the sexiest guy in the world.

The TImothy Website

[gavron]

Seriously, since the buyout almost all slashdot postings are by timothy who might as well be the "I APPROVE ALL STUPID STORIES ROBOT."

Timothy - I have a captcha for you.

This story is just in line with the rest of the toilet-bowl material
- hack proof RFID because... um... MIT?
- Assange passport because UN committee?
- Vendors have firewalls with holes?

Next up something about the superbowl?

Please. Spare. Us. You can't resurrect good slashdot editors. Obviously you've killed them.
The honorable thing is to complete the job. Mirror... mirror.

E

Re:The TImothy Website

Time to volunteer to be slashdot editor... can't be worse than the ones being paid now.

Turtles all the way down

[PvtVoid]

"Hackproof"?? From TFA

Traditional RFID chips are vulnerable to side-channel attacks, whereby a hacker can extract a cryptographic key from the chip. However, a hacker would need to execute a cryptographic algorithm many times to extract usable information, as each execution leaks only a small amount of information. The new RFID chip runs a random-number generator that creates a new secret key after each transaction.

So they're backing up the base crypto in the chip with a stream cipher: instead of generating random session keys with a public-key cipher, they're generating secret keys with a random-number generator (i.e. a stream cipher) and using those to generate a session key to generate a session key. Which may be even less secure, if the RNG (i.e. stream cipher) is itself insecure. Perhaps they can fix that by using another RNG to generate an initial state for the RNG which generates the key which generates the session key for the transaction.

It's stream ciphers all the way down!

..hmmmm

[nult]

Im gonna call bullsh*t on this. Sounds like a typical marketing ploy...I suppose they have to pay for that MIT education .. ha!

Here we go again

[hyperar]

I can't believe that in 2016 there's people willing to claim that they invented something unhackable

Re:Here we go again

[U2xhc2hkb3QgU3Vja3M]

I've got something here that's 2157% unhackable. It's called a brick.

Hack in 3, 2, 1, oh wait, I mean ....

[davidwr]

... hack in rand(), rand(), rand().

Yes, but...

Can I embed it into my hand?

https://www.youtube.com/watch?v=2zbxUZYZYVU

NSA backdoor?

If it can produce an "unhackable" piece of info by Alice that only Bob can decode, it can be used to bootstrap into session keys that will be hard to break. So you think the NSA will allow this before nudge, nudge, wink, wink, the "perfectly secure" has a nice backdoor to protect you privacy?

I love these "hack proof" announcements

[Lisandro]

It's almost like they're begging people to prove them wrong.

Use once

And throw away.
Un-hackable technology.

50/50 chance of ever seeing the light of day

Too many times I have seen pre-release silicon from Texas Instruments be withdrawn from the market because some patent troll threatened litigation. Don't be an early adopter of any chipset from TI unless you've got a very solid plan-B.

"lo-cost"?

No 'w' available then? Or was the summary author an AMERICAN?

MIT: Add an egg! And an extra egg!

[TheRealHocusLocus]

Let's begin with a little story. In the 1950s the Betty Crocker company introduced just-add-water 'box' cake recipes that produced cakes that were as good as and often better than peoples' 'scratch' cakes --- sometimes the recipe was better (or) the mix in the factory-sealed box stayed fresher than ingredients taken from the pantry, why does not matter. Betty Crocker cakes aced blind taste-tests and were affordable, and yet the product did not take off as expected.

A bit of research uncovered a guilty secret. In spite of what the company perceived as pure convenience, cake-making women (and the manly cake-making men of the 1950s) were secretly ashamed of the simple steps to produce a product that had been the subject of family pride. They no longer felt sufficiently empowered by the process. By the simple addition of an actual egg, enough recipe-empowerment returned to remove this psychological deterrent and cake-box sales soared.

They later refined the tactic by suggesting on the box that the product might even be improved even further by the (optional) addition of that miracle of miracles, the extra egg. Two eggs! Everyone who was anyone tossed in that extra egg. And all remnants of cake-making insecurity vanished completely and America embraced the box-cake, to become the industrial cake-making giant it is today.

((SIDE NOTE: Even though this was known to me, to come up with a citation I found it not generally discussed. I had to delve down to 'book' level to find a good reference to it. Thanks Google. Folks who imagine that web content sufficiently represents our culture should think again.))

(DO, a deer, a female deer) So not surprisingly the good people of MIT have re-discovered that to continue the cryptographic arms race every simple hard-coded tag must become a passive device, (RE, a drop of golden sun) every passive device must become an active computing device, (MI) and every active computing device must become a self-contained machine (FA) with an autonomous power source, (SO) non-volatile memory and significant processing power. It will soon move into the next phase where even this is not sufficient because of unforeseen circumstances like new attacks on hash algorithms or implementation errors, and a robust system must also include flash-update capability, (LA) which also requires a separate and secure chain of certificate-based authentication to prevent someone from planting the original 'stoned' virus upon RFID tags. "Your passport is now stoned. Legalize marijuana!" (TI)

Which is itself moot if someone somewhere manages to leak or crack a single private flash update key. Which brings us back to (DO).

So the discovery is actually that RFID technology is mirroring nicely the same arms race that computers and communication links everywhere are experiencing. As Bruce Schneier sagely says, "Security is a process, not a product." So be generally conservative and wary every time someone offers a new security end-product --- and remind yourself every now and then, "Why again are we even riding this Merry-Go-Round?" By all rights Schneier should be helping to roll out the gravy train that would place RFID tags everywhere. More work for him! But surprisingly often he comes out in favor of less embed-intrusive and more human-intensive approaches to security. That's why humans love him and robots don't subscribe to his Twitter feed.

In addition to taking these (seemingly necessary) small steps in the direction of embedding additional complexity, we should devote equal time to considering the possibility of small steps that roll back complexity generally, to reveal what unforeseen benefits they may have. Perhaps the powdered egg once included in box-cakes was actua

I doubt the researchers said it was "hack-proof"

Take a look at PHD Comics' "Science News Cycle". I think it is much more likely that the media, not the researchers, are the ones claiming that the chip is "hack-proof."

Designed and configured by people

We can work out a way to circumvent, reverse engineer, brute guess...it's never "if" always "when".

Stop wasting your time on that old, broken "unbreakable" system; there's a new one to dismantle.

Saying "Hackproof" on Slashdot is like...

[MindPrison]

...opening a can of worms, the reaction is predictable, and rightfully so.

Anything can be reverse engineered and thus hack-proof doesn't really exist.

Holy Shit, Man. Learn to Edit Yourself.

Are you the type of person that likes to hear yourself talk? Looking at your history, all I see is endless fucking words.

Can you get the point across without boring the reader to death? I'm on my lunch break. I don't have time to read all that shit. Get to the fucking point, man.

No, I'm not kidding.

sORRY

It's v-chip legal already?

Re:Holy Shit, Man. Learn to Edit Yourself.

[TheRealHocusLocus]

all I see is endless fucking words.

Oh brave new world. I've got a brevity-stalker.
Check out his or her other fine word-product.
The ship of the imagination has sailed without you.

Re:Holy Shit, Man. Learn to Edit Yourself.

Did you figure that out all by yourself? BTW - that's a one word answer (yes, or no), I don't need a whole diatribe.