World's First "Unclonable" RFID Chip 320
An anonymous reader writes to tell us that a new RFID chip from Verayo claims to be unclonable through the use of the new Physical Unclonable Functions (PUF), sort of an electronic DNA for silicon chips. "Basic passive RFID chips can be easily cloned by copying the data residing on one chip to another. Verayo's PUF-based RFID chips cannot be cloned, and provide a very strong and robust authentication mechanism. No other chip or device can be disguised as the original chip, even if the data is copied from one Verayo RFID chip to another."
Fairly straightforward (Score:5, Informative)
Most obvious mechanism is that the chip has sufficient intelligence to be able to cryptographically identify itself using public key cryptography, and the keypair is embedded on the chip at the manufacturing stage.
Would work beautifully, but it's completely broken the day someone manages to get the private key out of it.
Not for Active (Score:5, Informative)
What you are talking about is a passive RFID device, like most offense keycards from the 80's and early 90s. RFID nowadays is more complex, with the devices having a small computer chip in it that is actually powered up by the RFID. Having this chip allows secure encryption between the device and the terminal such that sniffing in on the conversation should get you no further than sniffing on a properly negotiated SSH session will.
The hole in the scheme of course is, if the crook gets his hands on the keyfob for a short period of time, it is the same as having your SSH private key, and he can clone the chip in the keyfob and return the original without you even knowing.
This company is saying they have a new chip that incorporates physical properties of the chip itself int the encryption somehow such that cloneing it would be recognizable.
No, just very, very difficult to do right. (Score:5, Informative)
In theory (crypto theory), this can be done if the parties communicating have a shared secret piece of data and a crypto algorithm, resistant to reverse-engineering from outside, that enables them to exchange that secret data without eavesdropping, man-in-the-middle attacks, or a brute-force cracking of the crypto algorithm.
This is quite hard to do properly in general, as the plethora of lousy cryptosystems attests. It *can* be done if one has enough processing power (tough for RFID chips that operate from microwatts of someone else's broadcast RF energy) and a good enough encryption algorithm (see "lousy cryptosystems" above).
Of course, if you can duplicate the data content and algorithms of the RFID chip, say by physically dismantling it layer-by-layer with a destructive analysis, you can clone it even if you don't know the shared secret. The article is claiming (without ANY credible evidence, BTW) to have somehow made this impossible, presumably by creating some random-but-repeatable property in the chip that cannot be extracted by analysis for reproduction in a cloned chip. Unless they've come up with something VERY effective, I'd bet on this system being cracked within months just like all the other RFID schemes. The lack of description or references to how their system works smells like bad crypto and security-by-obscurity to me.
Re:Isn't that logically impossible? (Score:5, Informative)
The chip is characterized at the factory by sending it challenges and recording the responses. Later, the chip is issued one of the recorded challenges and the response is compared to the factory response.
If the challenge-response is done in such a way that it can be recorded, then each challenge is only good the first time it is used.
There is some possibility that the behavior they are exploiting is not as robust as they think and that the response characteristics of the chip could be determined from a limited number of challenges (and then emulated), but on the surface, it looks pretty reasonable, especially for situations with a limited number of challenges (so authenticating an event ticket with it is great, but maybe not so much an ID).
Re:Isn't that logically impossible? (Score:3, Informative)
And that's basically what they do. It's a challenge-response mechanism. See here: http://www.verayo.com/solutions.html [verayo.com]
So naturally it's unclonable in the trivial sense, but of course it may be vulnerable to a cryptographic attack.
What gets me though is that challenge/response mechanisms have been in RFID devices for ages. What's new about this one?
Note that they claim "Unlimited number of challenge response pairs for each chip" which just sounds freakin' strange to me.
Re:Isn't that logically impossible? (Score:2, Informative)
Do that, and it's no longer a "one-time" pad!
A short primer on PUFs (Score:5, Informative)
The fundamental idea is that a PUF should produce a unique value for a chip, in a repeatable fashion, with a side effect that modification of the chip will be detectable.
PUFs are of 4 main types -
1. Optical - These are the oldest forms of PUFs. They started with physicists trying to use chips as diffraction gratings. You shine a laser at the silicon vias and record the signature of light. These require depackaging the chip in question and are mostly impractical
2. Silicon - Usually implemented as long delay lines, but are sensitive to environmental conditions (mainly temperature & injected faults) There remains an ongoing research attempt to make these better (less reliant on environmental factors)
3. Coating - These are currently considered one of the best forms of PUFs. The topmost layer of the chip has some embedded metal flakes. The bottom layer of the chip has a capacitance sensor. Since the distribution of the metal flakes is random, the capacitance is random and unique to each chip (the resolution of the capacitance sensor is tuned to ensure this). This method has the added advantage that the minute someone tries to attack the chip, by depackaging it, the capacitance changes and the chips data (usually the secret key for an encryption cipher such as AES/DES) can be wiped. The main problem is that it adds a few extra fab steps , which means it increases the cost. Additionally, the first calibration costs more money to do.
4. Intrinsic - These are the current area of research. In particular for FPGAs. As any hardware designer knows, RAM cells are initalized to random values, but most FPGAs have some small logic which resets them all to zero. If we remove that logic, we have a chip, which has a whole bunch of random numbers, which will usually initialize the same way, based on process variation etc. This technique has been shown for FPAGs and will probably be brought over soon to full scale chips.
In order to keep this short, i have omitted a lot of references, but you can find more info, about intrinsic PUFS here [ieee.org].
Actually Phillips does a lot of research with PUFs and I am surprised that Verayo claims to be the first maker of PUF based chips.
Re:Isn't that logically impossible? (Score:4, Informative)
That's just regular tamperproofing: Put it in an enclosure constructed such that its contents are destroyed on any attempt to open it.
I'm not saying that it's an easy problem, necessarily... but there are plenty of folks who've done it, and there are standards which folks claiming to have implemented such a thing can be tested against. See FIPS 140-1 [nist.gov].
Used bad example in OP (Score:3, Informative)
a new RFID chip from Verayo claims to be unclonable through the use of the new Physical Unclonable Functions (PUF), sort of an electronic DNA for silicon chips.
DNA is cloneable. In fact, DNA routinely clones itself. Hell, the word "cloning" refers directly to DNA manipulation. Saying uncloneable like DNA is like saying it's unspreadable like peanut butter. The OP should refer to fingerprints, a unique physical assignment that can only be duplicated physically.
The crucial part is that the PUF must be packaged with reading hardware/firmware, such that you can't access the PUF without physically breaking in, disrupting the PUF rendering it invalid. And even if the key was effectively "sampled", the damage should quickly result in the termination of the key's access permissions, before a substitute could do much damage.
Also it would be difficult to clone many original keys, since they would have to come into a hacker's physical possession, though it may be easy to make many copies of one key. Kind of moot when it's been cancelled.
Sounds like a step forward, from magnetic strip cards at least!
Re:A short primer on PUFs (Score:3, Informative)
You can read more about coating based PUFs here [springerlink.com]
Basically, I simplified it, but what actually happens is that the key (the signature from the PUF) is generated, used and deleted as one step. For the additional step of deletion of data on the chip, that can be easily accomplished by using gating transistors on the reset line of the SRAM.
Re:Yeah? (Score:5, Informative)
According to the manufacturer's site [verayo.com], up to 2^64 challenge-response pairs (each 64 bits). They aren't stored on board the tag, but generated on demand. The uniqueness comes from normal manufacturing variations, so they don't need expensive techniques to make each chip unique. With each tag before using it you capture however many challenge/response pairs you will need. The pairs should in theory should only be used once, but in practice I suppose that's up to the implementation, the tags will happily keep giving out the same[1] response to the same challenge. Given you need to interrogate the IC for each challenge/response before putting it in service, there will be a temptation to re-use keys to reduce the time for training the system for each key.
The large number of challenge/response pairs possible makes cloning implausible (you'd need to capture all 2^64 pairs), until someone can reverse engineer the "algorithm" and find the hidden variables (manufacturing variations) which form the "key" for a particular tag. I'm sure someone will work out how to do that eventually, but given it seems to be an analogue "algorithm" with a potentially large number of hidden variables I don't know how easy it will be. It seems like a sufficiently interesting problem that researchers will be queuing up to try.
[1] Apparently not always the same - there is some finite probability of the same tag giving different responses to the same challenge, but they have techniques to reduce this and its impact. The vagaries of analogue electronics at work.
Re:A short primer on PUFs (Score:5, Informative)
When the chip is manufactured, the device creator records the original response of the chip to a series of challenges and calls this reponse vector r'. When a chip is powered up, it energizes the PUF circuitry and records the output into the internal PUF value register(k). Next, when the chip (usually a passive RFID) needs to be authenticated, the external party sends a challenge. The challenge (c) is processed through some encryption mechanism (called f() )using the key (the saved PUF register value) to produce a response(r).(For those keeping track at home, r = f(c,k)). This response is sent back to external party. The external party sends n such requests and compares the received response vector to the expected response vector (r') if r and r' are the same, then the chip is authenticated and work continues.
Of course, like any normal physical phenomenon, there is some variation between any two power ups. Thus, the key might change. In order to compensate for this, the key is calculated to be the codeword of some code with a long length. Then, for each subsequent power up, the new key(k') is decoded using nearest neighbor decoding as a codeword of the same code. Finally, the distance of the new key(k') and the expected key(k) is stored into a special vector(l), which is reapplied to key produced at next power up.
So, to clear up a few questions -
1. Its not like OTP (one time pad) encoding, because a unique challenge should produce a given response for a unique chip every time
2. It is not meant to be the only encryption being used. There is usually a second code on the set of challenges to ensure that the challenge vector being created is itself part of a code.
3. Man in the Middle & duplication attacks should be hard as the device manufacturer can release a small subset of real challenges and could always hold back some challenges, which it can use to be completely sure. Additionally, it may release different sets of challenges to different customers.
Re:Isn't that logically impossible? (Score:3, Informative)
Actually, no that's exactly what they are claiming. The nature of a PUF is that you cannot copy it (at least not with any reasonable amount of work).
The system works by what is basically garbage that is intentionally and randomly introduced into the circuit. You might be able to take the chip apart and look at where the garbage is, but with current technology (or foreseeable technology), you cannot make another chip with the garbage in exactly (down to an atom's width or less) the same place. And the position of the garbage drives how the circuit responds to inputs.
You are right that "with enough money and resources", but the idea behind this is that nobody, not even the dreaded Three-Letter-Agencies have enough money or resources to do it.
See http://en.wikipedia.org/wiki/Physically_Unclonable_Function [wikipedia.org] for more details on how PUF work.
Of course this can be defeated by simply looking at a different part of the system. E.g. if I manage to hack into their secure database of challenge-response pairs, then I can clone this chip with a simple table lookup.