Slashdot Mirror
MIT Reveals "Hack-Proof" RFID Chip (thestack.com)
JustAnotherOldGuy writes: A group of researchers at MIT and Texas Instruments claim that they have developed a new radio frequency identification chip that may be impossible to hack. Traditional RFID chips are vulnerable to side-channel attacks, whereby a hacker can extract a cryptographic key from the chip. The new RFID chip runs a random-number generator that creates a new secret key after each transaction. The key can then be verified with a server to ensure that it is correct. The group at MIT also incorporated protection against a power-glitch attack, an attack that would normally leave a chip vulnerable to an interruption of the power source that would in turn halt the creation of a new secret key. Texas Instruments CTO Ahmad Bahai stated, "We believe this research is an important step toward the goal of a robust, lo-cost, low-power authentication protocol for the industrial internet." The question is, how long will it be before this "hack proof" chip is hacked?
How many times have we heard this over the years. To be truly hack proof it'll have to be a quantum system. Is it? Doesn't look like it.
Un-hackable? and a thousand hackers said challenge accepted.
"The question is, how long will it be before this "hack proof" chip is hacked?"
How long you ask?
*looks at watch*
No doubt it's an improvement to use a new key each time a transaction is made. But such a system is only as good as the quality of the pseudo-random number generator. If it's predictable, it can be exploited. It adds another layer of defense, but it's not hack-proof.
I hate all anonymous shitbags. Log in, you filthy bastards.
It's a definition of time, not a quality: "Until someone will hack it".
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
"Hack-proof" to SIDE CHANNEL attacks.
Achille Talon
Hop!
Almost.
The MIT solution, as described, appears to do away with the clock-based system that RSA uses, and instead has the server and the chip stay in lock-step as transactions occur.
What happens when the two drift out of synchronization will be the key to disrupting the technology.
If the server and chip stop talking to each other when they get out of synch, then the whole system is vulnerable to a wide scale DOS simply by corrupting the server's database of keys.
Imagine an industrial plant manager's reaction when 1000 different devices brick themselves due to a hacker's attack. If it takes a day to replace and reset everything so it all works again, that manager will rip out the technology so that his or her plant is never down that long, ever again.
On the other hand, if the server and chip and re-synchronize after a glitch, then a hacker can emulate that resynchronization process.
I wonder if a Man in the Middle attack would work where the MiM and server exchange one set of keys, while the MiM and chip exchange a second set of keys. Would either side know that it was talking to a fraudulent data source?
Chivalry is not dead, it's just frequently misspelt. - M. Langley
"Hackproof"?? From TFA
Traditional RFID chips are vulnerable to side-channel attacks, whereby a hacker can extract a cryptographic key from the chip. However, a hacker would need to execute a cryptographic algorithm many times to extract usable information, as each execution leaks only a small amount of information. The new RFID chip runs a random-number generator that creates a new secret key after each transaction.
So they're backing up the base crypto in the chip with a stream cipher: instead of generating random session keys with a public-key cipher, they're generating secret keys with a random-number generator (i.e. a stream cipher) and using those to generate a session key to generate a session key. Which may be even less secure, if the RNG (i.e. stream cipher) is itself insecure. Perhaps they can fix that by using another RNG to generate an initial state for the RNG which generates the key which generates the session key for the transaction.
It's stream ciphers all the way down!
Let's begin with a little story. In the 1950s the Betty Crocker company introduced just-add-water 'box' cake recipes that produced cakes that were as good as and often better than peoples' 'scratch' cakes --- sometimes the recipe was better (or) the mix in the factory-sealed box stayed fresher than ingredients taken from the pantry, why does not matter. Betty Crocker cakes aced blind taste-tests and were affordable, and yet the product did not take off as expected.
A bit of research uncovered a guilty secret. In spite of what the company perceived as pure convenience, cake-making women (and the manly cake-making men of the 1950s) were secretly ashamed of the simple steps to produce a product that had been the subject of family pride. They no longer felt sufficiently empowered by the process. By the simple addition of an actual egg, enough recipe-empowerment returned to remove this psychological deterrent and cake-box sales soared.
They later refined the tactic by suggesting on the box that the product might even be improved even further by the (optional) addition of that miracle of miracles, the extra egg. Two eggs! Everyone who was anyone tossed in that extra egg. And all remnants of cake-making insecurity vanished completely and America embraced the box-cake, to become the industrial cake-making giant it is today.
((SIDE NOTE: Even though this was known to me, to come up with a citation I found it not generally discussed. I had to delve down to 'book' level to find a good reference to it. Thanks Google. Folks who imagine that web content sufficiently represents our culture should think again.))
(DO, a deer, a female deer) So not surprisingly the good people of MIT have re-discovered that to continue the cryptographic arms race every simple hard-coded tag must become a passive device, (RE, a drop of golden sun) every passive device must become an active computing device, (MI) and every active computing device must become a self-contained machine (FA) with an autonomous power source, (SO) non-volatile memory and significant processing power. It will soon move into the next phase where even this is not sufficient because of unforeseen circumstances like new attacks on hash algorithms or implementation errors, and a robust system must also include flash-update capability, (LA) which also requires a separate and secure chain of certificate-based authentication to prevent someone from planting the original 'stoned' virus upon RFID tags. "Your passport is now stoned. Legalize marijuana!" (TI)
Which is itself moot if someone somewhere manages to leak or crack a single private flash update key. Which brings us back to (DO).
So the discovery is actually that RFID technology is mirroring nicely the same arms race that computers and communication links everywhere are experiencing. As Bruce Schneier sagely says, "Security is a process, not a product." So be generally conservative and wary every time someone offers a new security end-product --- and remind yourself every now and then, "Why again are we even riding this Merry-Go-Round?" By all rights Schneier should be helping to roll out the gravy train that would place RFID tags everywhere. More work for him! But surprisingly often he comes out in favor of less embed-intrusive and more human-intensive approaches to security. That's why humans love him and robots don't subscribe to his Twitter feed.
In addition to taking these (seemingly necessary) small steps in the direction of embedding additional complexity, we should devote equal time to considering the possibility of small steps that roll back complexity generally, to reveal what unforeseen benefits they may have. Perhaps the powdered egg once included in box-cakes was actua
<blink>down the rabbit hole</blink>