A company called Verayo has recently introduced RFID chips based on the PUF (Physical Unclonable Function) technology. The technology is very well described on their site; let’s try to give a short overview here:
- The basic idea is to include in a chip some circuitry that maximizes the differences between the different chips, in order to make a unique function for each chip.
- As a result, each chip, when given the same input, will produce a different result (each chip will always produce the same result for the same input, though).
So, what can we do with such chips?
Verayo’s suggestion is to record a series of challenges and responses from each chip during the manufacturing process. Then, when an authentication is required, a challenge is sent to the chip, and the response it returns is compared to the previously stored response. This approach looks interesting, and it has several applications. I will give two examples:
- The first use case is related to authentication. The response can be used as a way to authenticate the chip uniquely without any cryptographic process. In that case, it is quite similar to a one-time pad, at least for its issues: the same challenge can only be used once. This also means that this technique is useful for authenticating the chip to the server, but not vice-versa.
- The second use case also includes secure communication. Instead of returning the challenge, the chip can use it as a cryptographic key. This approach is more interesting, because it performs mutual authentication (the server needs to know the response corresponding to the challenge). The main advantage is here that we can have a secure channel without having to store a key on the chip, which is very practical.
In both cases, there are at least two drawbacks to that approach:
- First, at least for practical reasons, there will always be a limited number of “challenge-responses” available, as it requires some time during production, and some secure storage.
- In addition, all uses of such a chip must be connected, since the authentication requires the access to the secure database of challenge-response pairs.
This means that this technology will not replace the mainstream techniques in the near future. However, there are many cases in which the number of transactions in the lifetime of a RFID chip is limited, and all users are connected (or can be). For instance, this works for all kinds of disposable tags.
For more advanced chips, there are other cases in which this approach could be useful. For instance, we could associate such a “challenge-response” pair to every new application provider on a card, to initialize its security domains. Or we could even have one for every application, as long as we don’t expect people to keep updating their applications all the time.
I need to think a bit more about this technology, but I am quite sure that, provided that its level of security is sufficient (i.e., that the physical part of it is not too easy to reverse-engineer using usual smart card observation techniques), we can find quite a number of cool applications for it.
No Comments