'Unclonable' RFID chip uses atomic-level chip defects for identification, security

The next-generation RFID tag may be impossible to copy, thanks to security based on the tiny and unique manufacturing flaws found on every chip that rolls off the production line.
Written by Andrew Nusca, Contributor

The next-generation radio-frequency identification tag may be impossible to copy.

San Jose, Calif.-based Verayo says it has developed a new, counterfeit-poof RFID chip that uses the minute manufacturing flaws present on every chip as the basis for unique identification and security.

RFID tags, which are used in as diverse environments as the federal government, retail stores, corporate identification tags and your passport, have been the subject of great debate because they transmit information using radio waves, which can be intercepted.

In the case of a U.S. passport, the tags contain a digitized, encrypted version of the information that's printed on the last page -- meaning anyone who successfully eavesdrops on that transmission could walk away with your identity.

Cryptography helps prevent the copying, but it's not foolproof, and it makes the chips more expensive.

Verayo's chips, on the other hand, base their security on the fact that no two chips are exactly alike.

MIT Technology Review explains:

The components of a computer circuit are measured in billionths of a meter. So a stray atom here or there during manufacturing can cause a wire to turn out slightly thicker or thinner than the specs call for. That leads to miniscule variations in how fast the circuit works, and there's nothing that can be done to prevent it.

So instead of trying to prevent it, Srini Devadas, an electrical engineering professor at MIT and the founder and chief technology officer at Verayo, decided to exploit it. A signal traveling through a simple circuit will go faster or slower depending on these physical variations. By sending a series of signals through, and measuring how fast they travel, he can generate a string of numbers unique to each circuit. This has been dubbed a "physical unclonable function"--PUF for short.

Run those numbers through a series of secret mathematical equations, and security officials end up with a series of challenge and response pairs unique to each chip, since each PUF is different.

Voilà: instant security.

The only downside? That list of challenge-response pairs must be itself kept secret on the back-end, or else the whole system is cracked.

Verayo says the system is merely intended to be one authentication step in a complete cryptographic system, so it's no silver bullet.

But for disposable RFID tags that don't need prohibitively expensive security solutions, this might do the trick.

Here's a video of Vivek Khandelwal, Verayo's vice president of marketing, demonstrating the system:

Related on SmartPlanet:

This post was originally published on Smartplanet.com

Editorial standards