Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

Access This Premium Content

Options To Access This Article:

What Subscribers Are Saying

  • "Probably the best investment I've ever made."
    Steve Meizlish, President & CEO, MeizCorp Services, Inc.
  • "I have found that RFID Journal provides an objective viewpoint of RFID. It you are looking for a resource that provides insights as to the application and implications of deploying RFID, RFID Journal will meet your needs, It gives you a broad perspective of RFID, beyond the retail supply chain."
    Mike O'Shea, Director of Corporate AutoID/RFID Strategies & Technologies, Kimberly-Clark Corp.
  • "No other source provides the consistent value-added insight that Mark Robert and his staff do. In a world dominated by press release after press release, RFID Journal is developing as the one place to go to make the most sense out of the present and future of RFID in commerce."
    Bob Hurley, Project Leader for RFID, Bayer HealthCare's Consumer Care Division
  • "RFID Journal is the one go-to source for information on the latest in RFID technology."
    Bruce Keim, Director, Hewlett-Packard
  • "RFID Journal is the only source I need to keep up to the minute with the happenings in the RFID world."
    Blair Hawley, VP of Supply Chain, Remington Products Company

Blunting Brute-Force Attacks

Researchers have developed a technique that could make it harder to crack smart-card encryption schemes.
By Mark Roberti
Oct 01, 2012—It's called a brute-force attack. A software program is set up to systematically check all possible encryption keys until it finds the one that unlocks the data. It's been used to crack a number of encryption schemes on contactless smart cards, which use radio frequency identification transponders to send data from the card to a terminal. Now, researchers at Dartmouth College, the University of California at Berkeley and the University of Massachusetts-Amherst say they have found a way to make brute-force attacks on RFID transponders much more difficult.

"While conducting research on SRAM [static random-access memory] physical unclonable functions [PUFs], we noticed the predictable decay of unpowered memory cells could serve as the basis for an inexpensive hourglass-like throttle," says Kevin Fu, associate professor of computer science, electrical and computer engineering at UMass Amherst. "Throttling requests with our temperature-compensated timer raises the bar for security by forcing a hacker to resort to more advanced attack equipment."

Illustration: iStockphoto

SRAM contents are lost when the chip loses power. The researchers developed a technique that can be implemented easily in 50 lines of code and added to the existing microcontroller on a contactless smart card's RFID transponder. The program essentially monitors the decay of memory and uses the "hourglass" to block the reader from querying the tag for a period of time, which could be from a fraction of a second to 10 seconds or more.

By increasing the interval between tag-reader interactions, the technique, which the researchers call TARDIS (for Time and Remanence Decay in SRAM), can greatly increase the amount of time it takes to execute a brute-force attack. That might not seem terribly ingenious, but what makes TARDIS attractive is it requires no changes to the reader and no design changes to the tag chip (transaction counters or battery- or capacitor-powered clocks would increase the cost of the chip).

"Now, contactless smart cards, most of which have SRAM, can have a defense mechanism against an attack," Fu says. "When a hacker is trying to guess the chip's password hundreds or thousands of times per second, the card can say, 'Go away. You are asking questions too quickly.'"

There would be no hardware cost for implementing TARDIS, and the few additional lines of code should not cost much to implement on typical smart cards. The researchers have applied for a patent and are looking to commercialize TARDIS.
To continue reading this article, please log in or choose a purchase option.

Option 1: Become a Premium Member.

One-year subscription, unlimited access to Premium Content: $189

Gain access to all of our premium content and receive 10% off RFID Reports and RFID Events!

Option 2: Purchase access to this specific article.

This article contains 398 words and 1 page. Purchase Price: $19.99

Upgrade now, and you'll get immediate access to:

  • Case Studies

    Our in-dept case-study articles show you, step by step, how early adopters assessed the business case for an application, piloted it and rolled out the technology.

    Free Sample: How Cognizant Cut Costs by Deploying RFID to Track IT Assets

  • Best Practices

    The best way to avoid pitfalls is to know what best practices early adopters have already established. Our best practices have helped hundreds of companies do just that.

  • How-To Articles

    Don’t waste time trying to figure out how to RFID-enable a forklift, or deciding whether to use fixed or mobile readers. Our how-to articles provide practical advice and reliable answers to many implementation questions.

  • Features

    These informative articles focus on adoption issues, standards and other important trends in the RFID industry.

    Free Sample: Europe Is Rolling Out RFID

  • Magazine Articles

    All RFID Journal Premium Subscribers receive our bimonthly RFID Journal print magazine at no extra cost, and also have access to the complete online archive of magazine articles from past years.

Become a member today!

RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations