Short-duration clock approach thwarts RFID attacks

August 7, 2012 by Nancy Owano, Phys.org weblog

(Phys.org) -- Security researchers and practitioners at the 21st USENIX Security Symposium in Bellevue, Washington, which starts on Wednesday, will learn how researchers have devised an hourglass technology that can thwart attacks by RFID thieves. The study, by researchers from University of Massachusetts Amherst; University of California, Berkeley; and Dartmouth College, will be presented at the event, their work involves the use of a short-duration “clock” on batteryless radio-frequency identification (RFID) chips—that means no special-purpose hardware needed. The idea is to reduce vulnerability to attacks.

TARDIS stands for Time And Remanence Decay in SRAM. The attractiveness of the approach lies not only in efficacy but in simplicity. A TARDIS-enabled does not require hardware and represents fewer than 50 lines of additional code. The chip can get a power-up from an RFID reader nearby. The device would first read off the state of the SRAM, which would be partially decayed from the last time the chip was powered up. Comparing the percentage of decayed bits to a precompiled table would enable TARDIS to read off the time elapsed since the previous power-up. 
The operates over spans of seconds to minutes after an RFID chip is charged up from an RFID reader or other ambient radio-wave energy. Even after the radio signal is removed, the clock lets the RFID chip know when its security keys may be in danger. A clock of this nature is a way to defend against the type of brute-force attacks that try to guess the chip’s passwords hundreds or thousands of times per second.

The paper of the same name "Time And Remanence Decay in SRAM" will be presented at the Bellevue gathering. In a preview report in IEEE Spectrum, Kevin Fu, Associate Professor of Computer Science at the University of Massachusetts Amherst, and part of the research effort, commented on the short- clock technique that will be presented on Wednesday at USENIX. “We’re using this circuit in a way that was designed to be memory, but we’re turning it into what’s effectively an hourglass,” he said.

The TARDIS researchers were motivated to do their study based on the lack of a locally trustworthy clock that makes security protocols challenging to implement on batteryless embedded devices such as contact smartcards, contactless smartcards, and RFID tags. They noted that a device which knows how much time has elapsed between queries from an untrusted reader could better protect against attacks that depend on the existence of a rate-unlimited encryption oracle.

According to their paper, “The TARDIS enables coarse-grained, hourglass-like timers such that cryptographic software can more deliberately decide how to throttle its response rate.”

The TARDIS consists purely of software, making the mechanism easy to deploy on devices with SRAM. Outside of the TARDIS team, academics have been weighing in on this research. While battery- or capacitor-powered clocks might achieve the same end, Srini Devadas, a professor of electrical engineering and computer science at MIT, noted the cost difference. Adding them to an RFID chip that costs five U.S. cents would be too pricey. TARDIS, he says, represents a smart, zero-cost solution.

Explore further: Portable RFID reader in a Wristwatch

Related Stories

Portable RFID reader in a Wristwatch

July 14, 2004

During Embedded Systems Expo and Conference held at Tokyo Big Sight, Professor Ken Sakamura of the University of Tokyo unveiled the "UC-Watch," a radio frequency identification (RFID) reader developed by the YRP Ubiquitous ...

Playing RFID tag with sheets of paper

February 6, 2012

Radio Frequency Identification (RFID) tags are an essential component of modern shopping, logistics, warehouse, and stock control for toll roads, casino chips and much more. They provide a simple way to track the item to ...

The perfect clone: Researchers hack RFID smartcards

November 3, 2011

Professional safecrackers use a stethoscope to find the correct combination by listening to the clicks of the lock. Researchers at the Ruhr-University Bochum have now demonstrated how to bypass the security mechanisms of ...

Researchers to Boost 'Smart Tag' Security

September 26, 2006

Johns Hopkins researchers will take part in a new multi-institution project to improve the security of "smart tags," the wireless devices that allow drivers to zip through automatic tollbooths and let workers enter a secured ...

RFID might help track first responders

March 31, 2006

A National Institute of Standards and Technology team is studying the feasibility of using radio frequency identification technology during emergencies.

Recommended for you

In colliding galaxies, a pipsqueak shines bright

February 20, 2019

In the nearby Whirlpool galaxy and its companion galaxy, M51b, two supermassive black holes heat up and devour surrounding material. These two monsters should be the most luminous X-ray sources in sight, but a new study using ...

Physicists 'flash-freeze' crystal of 150 ions

February 20, 2019

Physicists at the National Institute of Standards and Technology (NIST) have "flash-frozen" a flat crystal of 150 beryllium ions (electrically charged atoms), opening new possibilities for simulating magnetism at the quantum ...

When does one of the central ideas in economics work?

February 20, 2019

The concept of equilibrium is one of the most central ideas in economics. It is one of the core assumptions in the vast majority of economic models, including models used by policymakers on issues ranging from monetary policy ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.