Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

World's First "Unclonable" RFID Chip

Posted by ScuttleMonkey on Mon Sep 08, 2008 02:04 PM
from the until-they-make-a-better-cloner dept.
Security Hardware
An anonymous reader writes to tell us that a new RFID chip from Verayo claims to be unclonable through the use of the new Physical Unclonable Functions (PUF), sort of an electronic DNA for silicon chips. "Basic passive RFID chips can be easily cloned by copying the data residing on one chip to another. Verayo's PUF-based RFID chips cannot be cloned, and provide a very strong and robust authentication mechanism. No other chip or device can be disguised as the original chip, even if the data is copied from one Verayo RFID chip to another."
+ -
story

Related Stories

Firehose:World's First Unclonable RFID Chip by Anonymous Coward
[+] Your Rights Online: Researchers Find Problems With RFID Passport Cards 172 comments
An anonymous reader writes "Researchers at the University of Washington have found that RFID tags used in two new types of border-crossing documents in the US are vulnerable to snooping and copying. The information in these tags could be copied on to another, off-the-shelf tag, which might be used to impersonate the legitimate holder of the card." You can also read the summary of the researchers' report.
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

World's First "Unclonable" RFID Chip 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Yeah? (Score:5, Insightful)

    by WillKemp (1338605) on Monday September 08 2008, @02:05PM (#24922445) Homepage

    Uncloneable today - cloned tomorrow...

    • Re:Yeah? (Score:5, Insightful)

      by morgan_greywolf (835522) <morgan_greywolf@ ... m ['rr.' in gap]> on Monday September 08 2008, @02:08PM (#24922491) Homepage Journal

      It's kind of like those 'unhackable' computers, networks and software we keep hearing about. *yawn* Wake me up when someone actually makes such a thing and it actually, you know, works.

    • Re:Yeah? (Score:5, Interesting)

      by NotBornYesterday (1093817) * on Monday September 08 2008, @02:39PM (#24923095) Journal
      Okay, so according to TFA (yeah I know, not supposed to read it, yadda yadda yadda), it looks like the RFID device isn't authenticated by its ID, but by a series of challenge-and-response tokens it has that are also stored in some central database, which appear to increment as they are used.

      There appears to be a finite number of challenge-response pairs in the authentication database. How limited is that number? Are they also stored on board the RFID tag? Are they generated from the serial# and/or ID#?

      What is the length of the challenge, and of the response? Could a captured item (ie, passport) with such an RFID tag be brute-force interrogated (hit with a series of random-number "challenges" to see which might elicit stored "responses"), and counterfeited that way?

      Could this scheme be vulnerable to MITM-style attack?

  • Honest injun! (Score:5, Funny)

    by Just Some Guy (3352) <kirk+slashdot@strauser.com> on Monday September 08 2008, @02:05PM (#24922449) Homepage Journal

    And this time we really mean it!

  • Press release and marketing hype. 1st paragraph: (Score:5, Insightful)

    by BitterOldGUy (1330491) on Monday September 08 2008, @02:07PM (#24922467)

    Verayo launched the worldâ(TM)s first unclonable silicon chip â" the Vera X512H RFID chip. This new RFID chip is based on recently announced breakthrough technology called Physical Unclonable Functions (PUF). PUF technology is a type of electronic DNA or fingerprinting technology for silicon chips that makes each chip unclonable. Verayoâ(TM)s PUF-based RFID technology offers

    So, is it unclonable?

    Let's have a pool to see when it's cloned. I got by the end of the year by a Stanford student.

  • Isn't that logically impossible? (Score:5, Insightful)

    by danaris (525051) <`moc.cam' `ta' `siranad'> on Monday September 08 2008, @02:08PM (#24922497) Homepage

    Forgive me for my ignorance (and I haven't RTFA), but my understanding of RFID is the only way to tell what an RFID device is is by listening to it broadcast. Well, if you listen to a device broadcast enough, particularly if you listen in on a conversation between it and what it's supposed to talk to...doesn't it then become relatively simple to create your own RFID device that broadcasts all the same things as the original chip, and responds in all the same ways to input?

    Seems to me it's just another instance of "DRM doesn't work," only in this case all the communication between supposedly secure nodes literally has to take place in the open air...

    Dan Aris

    • Re:Isn't that logically impossible? (Score:5, Interesting)

      by corsec67 (627446) on Monday September 08 2008, @02:17PM (#24922669) Homepage Journal

      You could have a more powerful RFID tag that has some computation ability. This would allow you to generate a new code for every communication, preventing your replay attack.

      If the list of request-responses was a true one time pad, then they might actually have some fairly good security from a radio attack, but the number of queries to the rfid tag would be finite.

      If they use any kind of cipher, then it is very much open to attack.

    • Not for Active (Score:5, Informative)

      by brunes69 (86786) <[gro.daetsriek] [ta] [todhsals]> on Monday September 08 2008, @02:18PM (#24922689) Homepage

      What you are talking about is a passive RFID device, like most offense keycards from the 80's and early 90s. RFID nowadays is more complex, with the devices having a small computer chip in it that is actually powered up by the RFID. Having this chip allows secure encryption between the device and the terminal such that sniffing in on the conversation should get you no further than sniffing on a properly negotiated SSH session will.

      The hole in the scheme of course is, if the crook gets his hands on the keyfob for a short period of time, it is the same as having your SSH private key, and he can clone the chip in the keyfob and return the original without you even knowing.

      This company is saying they have a new chip that incorporates physical properties of the chip itself int the encryption somehow such that cloneing it would be recognizable.

    • No, just very, very difficult to do right. (Score:5, Informative)

      by OmniGeek (72743) on Monday September 08 2008, @02:25PM (#24922831)

      In theory (crypto theory), this can be done if the parties communicating have a shared secret piece of data and a crypto algorithm, resistant to reverse-engineering from outside, that enables them to exchange that secret data without eavesdropping, man-in-the-middle attacks, or a brute-force cracking of the crypto algorithm.

      This is quite hard to do properly in general, as the plethora of lousy cryptosystems attests. It *can* be done if one has enough processing power (tough for RFID chips that operate from microwatts of someone else's broadcast RF energy) and a good enough encryption algorithm (see "lousy cryptosystems" above).

      Of course, if you can duplicate the data content and algorithms of the RFID chip, say by physically dismantling it layer-by-layer with a destructive analysis, you can clone it even if you don't know the shared secret. The article is claiming (without ANY credible evidence, BTW) to have somehow made this impossible, presumably by creating some random-but-repeatable property in the chip that cannot be extracted by analysis for reproduction in a cloned chip. Unless they've come up with something VERY effective, I'd bet on this system being cracked within months just like all the other RFID schemes. The lack of description or references to how their system works smells like bad crypto and security-by-obscurity to me.

    • Re:Isn't that logically impossible? (Score:5, Interesting)

      by Tetsujin (103070) on Monday September 08 2008, @02:28PM (#24922897) Homepage Journal

      Forgive me for my ignorance (and I haven't RTFA), but my understanding of RFID is the only way to tell what an RFID device is is by listening to it broadcast. Well, if you listen to a device broadcast enough, particularly if you listen in on a conversation between it and what it's supposed to talk to...doesn't it then become relatively simple to create your own RFID device that broadcasts all the same things as the original chip, and responds in all the same ways to input?

      Seems to me it's just another instance of "DRM doesn't work," only in this case all the communication between supposedly secure nodes literally has to take place in the open air...

      Dan Aris

      Well, I don't know if I can answer your question in terms of the technical limitations of RFID - but in general, your argument ignores the possibility that RFID data is being encrypted.

      For instance: suppose the subway fare system uses a set of encryption keys - some of these keys will be stored on the fare cards (the RFID devices) and some will be stored in the machines that interact with these cards...

      Now suppose the interaction starts with one of these machines broadcasting, looking for a fare card... In some part of the initial handshaking the machine sends out a transaction number - encoded using an encryption key that fare cards can decode. In all further communication that transaction number is part of the encryption key used by the fare card.

      You can listen in on this transaction, but you can't do anything with it unless you can decode the messages... You can't replicate the transaction because your response has to include the transaction ID given to you by the gate machine...

      So in the context of an "uncloneable" chip - you could create another chip that pretends to have the same "Physical Uncloneable Functions" - but that depends on first knowing exactly what they are... If it's handled in a static way and not encoded, that's pretty easy. If it's handled in a way that one RF exchange only gets you one part of the data you'd need to replicate the thing - or if the data you'd need to replicate the chip is encrypted, then that makes the problem substantially harder...

      Fundamentally, though, I believe you're correct - if it can be made once, it can be made again... The trick is to make it difficult to do that.

      • Re:Isn't that logically impossible? (Score:5, Informative)

        by maxume (22995) on Monday September 08 2008, @02:29PM (#24922913)

        The chip is characterized at the factory by sending it challenges and recording the responses. Later, the chip is issued one of the recorded challenges and the response is compared to the factory response.

        If the challenge-response is done in such a way that it can be recorded, then each challenge is only good the first time it is used.

        There is some possibility that the behavior they are exploiting is not as robust as they think and that the response characteristics of the chip could be determined from a limited number of challenges (and then emulated), but on the surface, it looks pretty reasonable, especially for situations with a limited number of challenges (so authenticating an event ticket with it is great, but maybe not so much an ID).

      • Re:Isn't that logically impossible? (Score:5, Insightful)

        by debatem1 (1087307) on Monday September 08 2008, @02:30PM (#24922959)
        The very idea of a one time pad is that they don't cycle over time. If they do, it becomes an XOR cipher with a known period- trivially easy to break.

        Also, a one time pad cannot securely gain pad length over the untrusted channel, since doing so would violate the 1:1 rule. Each character of new pad would have to be encrypted against- and thus consume- one character from the old pad.

  • Wrong Section (Score:5, Insightful)

    by trongey (21550) on Monday September 08 2008, @02:08PM (#24922499) Homepage

    Shouldn't this article have been posted in the Humor section? I know I got a chuckle out of it.

  • Fairly straightforward (Score:5, Informative)

    by jimicus (737525) on Monday September 08 2008, @02:12PM (#24922569) Homepage

    Most obvious mechanism is that the chip has sufficient intelligence to be able to cryptographically identify itself using public key cryptography, and the keypair is embedded on the chip at the manufacturing stage.

    Would work beautifully, but it's completely broken the day someone manages to get the private key out of it.

  • Why is this automatically discredited? (Score:5, Interesting)

    by jeffmeden (135043) on Monday September 08 2008, @02:15PM (#24922637) Homepage Journal

    You conduct overheard conversations all the time and have no issue with considering them "secure": namely via SSL/TLS encryption. All that's necessary to create an RFID that can't be completely duplicated is for the chip to hold on to more information than it broadcasts, and then only reveal that information in a clever way (asymmetric encryption). A well coded challenge-response handshake can allow the reader and chip to conduct a conversation that is 'unique' and cannot be easily duplicated later on. Sure, there is the potential for it to be improperly coded, or downright misrepresented. However, don't count it as a failure before it's even seen the light of day.

    • Re:Why is this automatically discredited? (Score:5, Insightful)

      by debatem1 (1087307) on Monday September 08 2008, @02:36PM (#24923041)
      What they are claiming is not that the key can't be extracted from transmissions- a relatively humdrum requirement- but rather that unlimited physical access to the device cannot reveal the key, which I find dubious in the extreme. Add to that that there have been numerous devices that have claimed this in the past, only to fail miserably, and it seems pretty reasonable to assume that this will fail as well.

  • They used Unclonable and DNA in the same sentence (Score:5, Interesting)

    by cutecub (136606) on Monday September 08 2008, @02:26PM (#24922841)

    The use of language is strange.

    Unclonable: cannot be cloned
    DNA: a molecule that clones itself.

    Its not the best choice of marketing metaphor.

    Its like saying that an event is possibly inevitable.

    -Sean

  • A short primer on PUFs (Score:5, Informative)

    by quo_vadis (889902) on Monday September 08 2008, @02:49PM (#24923227) Journal
    This chip utilizes PUFs (so called Physically Unclonable Functions). These are currently a hot topic of research, especially in the secure embedded computing community.

    The fundamental idea is that a PUF should produce a unique value for a chip, in a repeatable fashion, with a side effect that modification of the chip will be detectable.

    PUFs are of 4 main types -
    1. Optical - These are the oldest forms of PUFs. They started with physicists trying to use chips as diffraction gratings. You shine a laser at the silicon vias and record the signature of light. These require depackaging the chip in question and are mostly impractical
    2. Silicon - Usually implemented as long delay lines, but are sensitive to environmental conditions (mainly temperature & injected faults) There remains an ongoing research attempt to make these better (less reliant on environmental factors)
    3. Coating - These are currently considered one of the best forms of PUFs. The topmost layer of the chip has some embedded metal flakes. The bottom layer of the chip has a capacitance sensor. Since the distribution of the metal flakes is random, the capacitance is random and unique to each chip (the resolution of the capacitance sensor is tuned to ensure this). This method has the added advantage that the minute someone tries to attack the chip, by depackaging it, the capacitance changes and the chips data (usually the secret key for an encryption cipher such as AES/DES) can be wiped. The main problem is that it adds a few extra fab steps , which means it increases the cost. Additionally, the first calibration costs more money to do.

    4. Intrinsic - These are the current area of research. In particular for FPGAs. As any hardware designer knows, RAM cells are initalized to random values, but most FPGAs have some small logic which resets them all to zero. If we remove that logic, we have a chip, which has a whole bunch of random numbers, which will usually initialize the same way, based on process variation etc. This technique has been shown for FPAGs and will probably be brought over soon to full scale chips.

    In order to keep this short, i have omitted a lot of references, but you can find more info, about intrinsic PUFS here [ieee.org].

    Actually Phillips does a lot of research with PUFs and I am surprised that Verayo claims to be the first maker of PUF based chips.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.