Oct 01, 2012It's called a brute-force attack. A software program is set up to systematically check all possible encryption keys until it finds the one that unlocks the data. It's been used to crack a number of encryption schemes on contactless smart cards, which use radio frequency identification transponders to send data from the card to a terminal. Now, researchers at Dartmouth College, the University of California at Berkeley and the University of Massachusetts-Amherst say they have found a way to make brute-force attacks on RFID transponders much more difficult.
"While conducting research on SRAM [static random-access memory] physical unclonable functions [PUFs], we noticed the predictable decay of unpowered memory cells could serve as the basis for an inexpensive hourglass-like throttle," says Kevin Fu, associate professor of computer science, electrical and computer engineering at UMass Amherst. "Throttling requests with our temperature-compensated timer raises the bar for security by forcing a hacker to resort to more advanced attack equipment."
SRAM contents are lost when the chip loses power. The researchers developed a technique that can be implemented easily in 50 lines of code and added to the existing microcontroller on a contactless smart card's RFID transponder. The program essentially monitors the decay of memory and uses the "hourglass" to block the reader from querying the tag for a period of time, which could be from a fraction of a second to 10 seconds or more.
By increasing the interval between tag-reader interactions, the technique, which the researchers call TARDIS (for Time and Remanence Decay in SRAM), can greatly increase the amount of time it takes to execute a brute-force attack. That might not seem terribly ingenious, but what makes TARDIS attractive is it requires no changes to the reader and no design changes to the tag chip (transaction counters or battery- or capacitor-powered clocks would increase the cost of the chip).
"Now, contactless smart cards, most of which have SRAM, can have a defense mechanism against an attack," Fu says. "When a hacker is trying to guess the chip's password hundreds or thousands of times per second, the card can say, 'Go away. You are asking questions too quickly.'"
There would be no hardware cost for implementing TARDIS, and the few additional lines of code should not cost much to implement on typical smart cards. The researchers have applied for a patent and are looking to commercialize TARDIS.