Short-duration clock approach thwarts RFID attacks

Aug 07, 2012 by Nancy Owano weblog

(Phys.org) -- Security researchers and practitioners at the 21st USENIX Security Symposium in Bellevue, Washington, which starts on Wednesday, will learn how researchers have devised an hourglass technology that can thwart attacks by RFID thieves. The study, by researchers from University of Massachusetts Amherst; University of California, Berkeley; and Dartmouth College, will be presented at the event, their work involves the use of a short-duration “clock” on batteryless radio-frequency identification (RFID) chips—that means no special-purpose hardware needed. The idea is to reduce vulnerability to attacks.

TARDIS stands for Time And Remanence Decay in SRAM. The attractiveness of the approach lies not only in efficacy but in simplicity. A TARDIS-enabled does not require hardware and represents fewer than 50 lines of additional code. The chip can get a power-up from an RFID reader nearby. The device would first read off the state of the SRAM, which would be partially decayed from the last time the chip was powered up. Comparing the percentage of decayed bits to a precompiled table would enable TARDIS to read off the time elapsed since the previous power-up. 
The operates over spans of seconds to minutes after an RFID chip is charged up from an RFID reader or other ambient radio-wave energy. Even after the radio signal is removed, the clock lets the RFID chip know when its security keys may be in danger. A clock of this nature is a way to defend against the type of brute-force attacks that try to guess the chip’s passwords hundreds or thousands of times per second.

The paper of the same name "Time And Remanence Decay in SRAM" will be presented at the Bellevue gathering. In a preview report in IEEE Spectrum, Kevin Fu, Associate Professor of Computer Science at the University of Massachusetts Amherst, and part of the research effort, commented on the short- clock technique that will be presented on Wednesday at USENIX. “We’re using this circuit in a way that was designed to be memory, but we’re turning it into what’s effectively an hourglass,” he said.

The TARDIS researchers were motivated to do their study based on the lack of a locally trustworthy clock that makes security protocols challenging to implement on batteryless embedded devices such as contact smartcards, contactless smartcards, and RFID tags. They noted that a device which knows how much time has elapsed between queries from an untrusted reader could better protect against attacks that depend on the existence of a rate-unlimited encryption oracle.

According to their paper, “The TARDIS enables coarse-grained, hourglass-like timers such that cryptographic software can more deliberately decide how to throttle its response rate.”

The TARDIS consists purely of software, making the mechanism easy to deploy on devices with SRAM. Outside of the TARDIS team, academics have been weighing in on this research. While battery- or capacitor-powered clocks might achieve the same end, Srini Devadas, a professor of electrical engineering and computer science at MIT, noted the cost difference. Adding them to an RFID chip that costs five U.S. cents would be too pricey. TARDIS, he says, represents a smart, zero-cost solution.

Explore further: Comfortable climate indoors with porous glass

Related Stories

Portable RFID reader in a Wristwatch

Jul 14, 2004

During Embedded Systems Expo and Conference held at Tokyo Big Sight, Professor Ken Sakamura of the University of Tokyo unveiled the "UC-Watch," a radio frequency identification (RFID) reader developed by the YRP Ubiquitous ...

Playing RFID tag with sheets of paper

Feb 06, 2012

Radio Frequency Identification (RFID) tags are an essential component of modern shopping, logistics, warehouse, and stock control for toll roads, casino chips and much more. They provide a simple way to track the item to ...

The perfect clone: Researchers hack RFID smartcards

Nov 03, 2011

Professional safecrackers use a stethoscope to find the correct combination by listening to the clicks of the lock. Researchers at the Ruhr-University Bochum have now demonstrated how to bypass the security mechanisms of ...

Researchers to Boost 'Smart Tag' Security

Sep 26, 2006

Johns Hopkins researchers will take part in a new multi-institution project to improve the security of "smart tags," the wireless devices that allow drivers to zip through automatic tollbooths and let workers enter a secured ...

RFID might help track first responders

Mar 31, 2006

A National Institute of Standards and Technology team is studying the feasibility of using radio frequency identification technology during emergencies.

Recommended for you

Comfortable climate indoors with porous glass

16 hours ago

Proper humidity and temperature play a key role in indoor climate. In the future, establishing a comfortable indoor environment may rely on porous glass incorporated into plaster, as this regulates moisture ...

Crash-testing rivets

16 hours ago

Rivets have to reliably hold the chassis of an automobile together – even if there is a crash. Previously, it was difficult to predict with great precision how much load they could tolerate. A more advanced ...

Customized surface inspection

16 hours ago

The quality control of component surfaces is a complex undertaking. Researchers have engineered a high-precision modular inspection system that can be adapted on a customer-specific basis and integrated into ...

Sensors that improve rail transport safety

17 hours ago

A new kind of human-machine communication is to make it possible to detect damage to rail vehicles before it's too late and service trains only when they need it – all thanks to a cloud-supported, wireless ...

Tiny UAVs and hummingbirds are put to test

Jul 30, 2014

Hummingbirds in nature exhibit expert engineering skills, the only birds capable of sustained hovering. A team from the US, British Columbia, and the Netherlands have completed tests to learn more about the ...

User comments : 0