Thursday, 11 February 2016
New RFID Chip Promises to Stop Some Identity Theft
In the ever-evolving world of data communications and networking, keeping up with cyber criminals is an ongoing battle. For every security solution developed, there is an enterprising criminal waiting for the opportunity to find a workaround. Now, the designers of a new RFID chip hope they have come up with something that is virtually hack-proof for the foreseeable future. Their new chip directly addresses the two most common forms of identity theft using RFID-enabled credit and bank cards.
Researchers at the Massachusetts Institute of Technology (MIT) have teamed up with Texas Instruments to develop the new chip. They say their technology prevents the theft of cryptographic keys using either a side-channel attack or an attack based on a power failure. The new chip has already undergone a full battery of tests by Texas Instruments; research data was recently presented at the International Solid-State Conference in San Francisco.
Cards with the current generation of RFID technology are vulnerable to attack through something known as the side channel. Hackers use computer equipment to monitor cryptographic operations during transactions, gathering data and analysing it to find patterns in power consumption and memory access. Once a pattern is identified, the chip can be accessed and information stolen. It is all done incredibly quickly.
MIT and Texas Instruments researchers have closed this vulnerability by creating a chip that includes a random number generator designed to create a new secret key following every transaction. Whenever an RFID-enabled card is used to complete a transaction, information is sent to a central server to verify that the secret key has not been used before. If it has, the transaction will not be completed.
Current RFID cards are powered by tag readers at the time of the transaction. These are also designed to prevent hacking by limiting the number of invalid keys that can be entered. Hackers have found a way to work around key limitations by cutting the power to an RFID chip before that limit is reached. Once power is restored to the chip, the invalid entry limit is reset and the hacker can start over.
With the new chip, the power failure attack has been thwarted by including an on-board power supply that cannot be cut remotely. New RFID chips also include non-volatile memory cells that keep track of data even if on-board power fails. This prevents an RFID chip from generating a new secret key until the current transaction is completed.
Should the new RFID chip prove successful, two things will be accomplished. First, hackers will not be able to sit in a public space and steal the identities of their victims by hacking these people’s credit and bank cards. Networking in public spaces would be a bit safer, although still not advisable. Secondly, thieves would not be able to steal consumer goods and cover their tracks by replacing what they have stolen with counterfeit RFID chips.
It all sounds good – for now.