Short-duration clock approach thwarts RFID attacks

Aug 07, 2012 by Nancy Owano weblog

(Phys.org) -- Security researchers and practitioners at the 21st USENIX Security Symposium in Bellevue, Washington, which starts on Wednesday, will learn how researchers have devised an hourglass technology that can thwart attacks by RFID thieves. The study, by researchers from University of Massachusetts Amherst; University of California, Berkeley; and Dartmouth College, will be presented at the event, their work involves the use of a short-duration “clock” on batteryless radio-frequency identification (RFID) chips—that means no special-purpose hardware needed. The idea is to reduce vulnerability to attacks.

TARDIS stands for Time And Remanence Decay in SRAM. The attractiveness of the approach lies not only in efficacy but in simplicity. A TARDIS-enabled does not require hardware and represents fewer than 50 lines of additional code. The chip can get a power-up from an RFID reader nearby. The device would first read off the state of the SRAM, which would be partially decayed from the last time the chip was powered up. Comparing the percentage of decayed bits to a precompiled table would enable TARDIS to read off the time elapsed since the previous power-up. 
The operates over spans of seconds to minutes after an RFID chip is charged up from an RFID reader or other ambient radio-wave energy. Even after the radio signal is removed, the clock lets the RFID chip know when its security keys may be in danger. A clock of this nature is a way to defend against the type of brute-force attacks that try to guess the chip’s passwords hundreds or thousands of times per second.

The paper of the same name "Time And Remanence Decay in SRAM" will be presented at the Bellevue gathering. In a preview report in IEEE Spectrum, Kevin Fu, Associate Professor of Computer Science at the University of Massachusetts Amherst, and part of the research effort, commented on the short- clock technique that will be presented on Wednesday at USENIX. “We’re using this circuit in a way that was designed to be memory, but we’re turning it into what’s effectively an hourglass,” he said.

The TARDIS researchers were motivated to do their study based on the lack of a locally trustworthy clock that makes security protocols challenging to implement on batteryless embedded devices such as contact smartcards, contactless smartcards, and RFID tags. They noted that a device which knows how much time has elapsed between queries from an untrusted reader could better protect against attacks that depend on the existence of a rate-unlimited encryption oracle.

According to their paper, “The TARDIS enables coarse-grained, hourglass-like timers such that cryptographic software can more deliberately decide how to throttle its response rate.”

The TARDIS consists purely of software, making the mechanism easy to deploy on devices with SRAM. Outside of the TARDIS team, academics have been weighing in on this research. While battery- or capacitor-powered clocks might achieve the same end, Srini Devadas, a professor of electrical engineering and computer science at MIT, noted the cost difference. Adding them to an RFID chip that costs five U.S. cents would be too pricey. TARDIS, he says, represents a smart, zero-cost solution.

Explore further: PsiKick's batteryless sensors poised for coming 'Internet of things'

Related Stories

Portable RFID reader in a Wristwatch

Jul 14, 2004

During Embedded Systems Expo and Conference held at Tokyo Big Sight, Professor Ken Sakamura of the University of Tokyo unveiled the "UC-Watch," a radio frequency identification (RFID) reader developed by the YRP Ubiquitous ...

Playing RFID tag with sheets of paper

Feb 06, 2012

Radio Frequency Identification (RFID) tags are an essential component of modern shopping, logistics, warehouse, and stock control for toll roads, casino chips and much more. They provide a simple way to track the item to ...

The perfect clone: Researchers hack RFID smartcards

Nov 03, 2011

Professional safecrackers use a stethoscope to find the correct combination by listening to the clicks of the lock. Researchers at the Ruhr-University Bochum have now demonstrated how to bypass the security mechanisms of ...

Researchers to Boost 'Smart Tag' Security

Sep 26, 2006

Johns Hopkins researchers will take part in a new multi-institution project to improve the security of "smart tags," the wireless devices that allow drivers to zip through automatic tollbooths and let workers enter a secured ...

RFID might help track first responders

Mar 31, 2006

A National Institute of Standards and Technology team is studying the feasibility of using radio frequency identification technology during emergencies.

Recommended for you

Large streams of data warn cars, banks and oil drillers

Apr 16, 2014

Better warning systems that alert motorists to a collision, make banks aware of the risk of losses on bad customers, and tell oil companies about potential problems with new drilling. This is the aim of AMIDST, the EU project ...

User comments : 0

More news stories

Hackathon team's GoogolPlex gives Siri extra powers

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Better thermal-imaging lens from waste sulfur

Sulfur left over from refining fossil fuels can be transformed into cheap, lightweight, plastic lenses for infrared devices, including night-vision goggles, a University of Arizona-led international team ...

Cosmologists weigh cosmic filaments and voids

(Phys.org) —Cosmologists have established that much of the stuff of the universe is made of dark matter, a mysterious, invisible substance that can't be directly detected but which exerts a gravitational ...