18 March 2009—Radio frequency identification (RFID) chips are everywhere today: in credit cards, driver’s licenses, and passports, and stuck to pallets of inventory for big retailers like Wal-Mart. Yet some RFID tags—especially the smallest and cheapest—still have no means to prevent them from yielding up their data to any passerby with an RFID reader.
However, a soon-to-be-published report from a team of American computer scientists proposes a new RFID security measure that works by using the memory circuits already in many RFID chips.
The idea centers around the RFID chip’s intermittent operations. Lacking their own internal power, ”passive” RFIDs harvest energy from their reader’s radio waves. Because of the intermittent over-the-air power source, RFID chips power up and shut down frequently, sometimes multiple times per second, says Wayne Burleson, professor of electrical and computer engineering at the University of Massachusetts Amherst. And each time the chip powers up, its memory, in the form of static random-access memory (SRAM), resets to an assortment of zeros and ones.
Burleson’s group discovered that it could take advantage of a peculiarity of SRAM. Due to small imperfections in composition or in the manufacturing process, Burleson says, some bits will predictably become a one when powered up. Others will predictably become zeroes.
”You can exploit this by powering it up and reading out the zeroes and ones and getting a fingerprint—a unique label—for each different chip,” Burleson says.
Other bits, for the same reasons, predictably power up randomly: Essentially, a flip of the coin determines whether the bit will power up into its zero or one state.
”The unpredictable bits can be used for random-number generation,” he says. ”It turns out that a lot of cryptographic functions need ’true random numbers’—random numbers that are not reproducible.”