Radiofrequency identification (RFID) is a communication technology that can identify a specific target through radio signals and read and write related data, without the need to establish mechanical or optical contact between the identification system and the specific target. In the process of RFID is widely used in all aspects of life, its security has become a major challenge. Researchers from the Massachusetts Institute of Technology (MIT) and Texas Instruments (TI) adopted three major design techniques to solve the "bypass attack" problem most frequently faced by RFID tag chips, and greatly improve the security of RFID.
Bypass attack is to obtain the bypass information (such as power consumption, electromagnetic radiation, duration) leaked by the key device during encryption and decryption operations, and analyze the key keys by statistical processing methods. Side-by-side attacks are based on the correlation between the physical information released by the encryption device during calculations and the operations performed and the data manipulated. It has nothing to do with specific hardware devices and encryption algorithms. It has the characteristics of high attack efficiency and easy implementation.
One encryption and decryption process can only reveal a small amount of information. To obtain a complete key, it is necessary to perform multiple encryptions and decryption processes on the same key to obtain enough leaked information. To this end, the researchers added a random sequence generator to the RFID reader chip, the key will be changed after each transaction, and the same sequence generator is run on the central server at the same time, and the RFID chip information is first legally read. Sexual verification.
Since the RFID tag is mainly powered by the reader, the method of adding a random sequence generator still cannot cope with the "power glitch attack", that is, the attacker cuts off the power supply at the right time before the new key is generated so that the chip is restored to the power supply The old key will still be used afterward. By repeating operations, the attacker can force the chip to work under the same key until it has accumulated enough information that can be used for side-channel attacks. To this end, the researchers took two measures, one is to add "on-chip power" to ensure continuous power supply, and the other is to use a non-volatile storage unit to store the data that the chip was processing before the power failure.
In terms of "on-chip power supply", the researchers used a set of 3.3V capacitors to store power. After the power supply is cut off (the reader is removed), the access control card reader chip can continue to complete a number of predetermined operations, and then send the data to 571 different 1.5V storage locations. After the power supply is restored, first charge the 3.3V capacitor, then retrieve the data previously sent to the 1.5V storage location, and continue the work that was interrupted before, so as to invalidate the "power pulse attack".
In terms of non-volatile memory cells, researchers have used ferromagnetic crystals. The central atom can move in the crystal along the direction of the electric field when an electric field is applied, and cause charge breakdown when passing through the energy barrier. This breakdown can be induced and recorded by the internal circuit. When the electric field is removed, the central atom remains motionless. Realize the non-volatile storage of data.
Although every time the power supply is restored, the 3.3V capacitor must be charged first and the calculations that have not been completed before being completed. However, after testing, the chip can still reach a readout speed of 30 times/sec, which is faster than most RFIDs at this stage. chip.
Author: Written by S4A-Access from S4A INDUSTRIAL CO.,LIMITED
Factory Address:Building S4A, South Third Lane, Qiuyuling Street, Zhangkeng Village, Hengli Town, Dongguan City, Guangdong Province Office Address:#601,floor 6 ,building 1,JINFANGHUA industrial zone, Bantian St. Longgang Dist. Shenzhen, PRC.
If you are interested in our products and want to know more details,please leave a message here,we will reply you as soon as we can.