Ti has built prototypes, which behaved as expected. The work was presented at the International Solid-State Circuits Conference in San Francisco.
The chip is designed to prevent ‘side-channel attacks’ where where patterns of memory access or power fluctuations are analysed while a device is in operation to gather information on the cryptographic key being processes.
“The idea in a side-channel attack is that a given execution of the cryptographic algorithm only leaks a slight amount of information,” said MIT engineer Chiraag Juvekar. “So you need to execute the cryptographic algorithm with the same secret many, many times to get enough leakage to extract a complete secret.”
One way to thwart side-channel attacks is to regularly change secret keys – the RFID chip runs a random-number generator to make a new secret key after each transaction. A central server would run the same generator, and every time an RFID scanner queried the tag, it would relay the results to the server, to see if the current key was valid.
Such a system remains vulnerable to ‘power glitch attack’, in which the RFID chip’s power would be repeatedly cut before it changed its secret key. An attacker could then run the same side-channel attack thousands of times, with the same key.
“Power-glitch attacks have been used to circumvent limits on the number of incorrect password entries in password-protected devices, but RFID tags are particularly vulnerable to them, since they’re charged by tag readers and have no on-board power supplies,” said MIT.
Two aspects of the MIT/TI chip aim to thwart power-glitch attacks:
An on-chip power supply whose connection to the chip circuitry is virtually impossible to cut
Ferroelectric non-volatile memory to store chip data when it begins to lose power
TI’s process can produce ferroelectric cells with either of two voltages: 1.5 or 3.3V.
The chip uses a bank of 3.3V capacitors as an on-chip energy source, but also has 571 1.5V cells “discretely integrated”, said MIT, into the chip’s circuitry.
When the external scanner (the chip’s power source) is removed, the chip taps the 3.3V capacitors and completes as many operations as it can, then stores working data on the 1.5V cells.
When power returns, before doing anything else the chip recharges the 3.3V capacitors, so that if it’s interrupted again, it will have enough power to store data. Then it resumes its previous computation.
If that computation was an update of the secret key, it will complete the update before responding to a query from the scanner. “Power-glitch attacks won’t work”, said the university.
Because the chip has to charge capacitors and complete computations every time it powers on, it is slower than conventional RFID chips.
However, test showed it still hits 30 read-outs per second.
Japanese automotive company Denso provided funding.