Radio frequency identification (RFID) chips embedded into credit cards already help prevent hacks.

However, researchers at MIT and Texas Instruments have taken it a step further by developing a new RFID chip that they claim is virtually impossible to hack. If implemented on a wider scale, these chips could help prevent identity theft via credit card numbers and even burglaries of goods from warehouses.

How? Well, well the chip prevents what the researchers refer to as side-channel attacks, which essentially study memory access patterns to extract a cryptographic key.

"The idea in a side-channel attack is that a given execution of the cryptographic algorithm only leaks a slight amount of information," Chiraag Juvekar, an MIT electrical engineering graduate student said, as part of MIT's research revealed this week at the International Solid-State Circuits Conference in San Francisco. "So you need to execute the cryptographic algorithm with the same secret many, many times to get enough leakage to extract a complete secret."

According to MIT, this bolstered RFID chip would generate random numbers, producing a new secret cryptographic key with each transaction. A central server would then use the same random-number generator to keep up with the ever-changing keys.

While this bolstered RFID chip would side-step such side-channel attacks, there's still work that needs to be done, as the same researchers say the new chips could be vulnerable during a blackout or power glitch.

That's because the newly-developed RFID chip's power would cut repeatedly, before changing its secret key, enabling a hacker to activate a side-channel attack thousands of times with the same key, according to MIT.

Texas Instruments sponsored MIT's authentication tag research being presented at the Isscc this week, believing it's a low-cost but robust authentication solution for the near future.

How long will it take, though, before these RFID chips can supplant the current ones, especially in credit cards?

ⓒ 2021 All rights reserved. Do not reproduce without permission.