NSF researchers produce RFID random number generator
- By Joab Jackson
- Sep 12, 2007
A trio of University of Massachusetts researchers have found an inexpensive way to produce sets of truly random numbers for radio frequency identification tags. The technique also produces a unique fingerprint for each tag. The approach involves reading the state of the memory of the RFID tag as it is being powered up.
Daniel Holcomb, Wayne Burleson and Kevin Fu conducted the research, which was funded by the National Science Foundation. The RFID Consortium published the results
, in the most recent edition of the Proceedings of the Conference on RFID Security.
Having a source of truly random numbers has been one of the biggest challenges for computer science. Programs that encrypt data require a robust source of random numbers. Computers by themselves are incapable of producing truly random numbers. Algorithms have been written that can help machines produce pseudo-random numbers, or numbers that statistically resemble random numbers but contain subtle repeatable patterns. Such patterns can be used to decipher a message encrypted with those digits.
The UMass researchers found a way to produce a set of random numbers from a tag itself by reading the binary states of the tag's memory cells.
As a colleague of the researchers, Thomas Heydt-Benjamin, described on his blog
, the technique involves reading the states of the memory cells just as the tag is powered on.
A typical Electronic Product Code Class 1 tag may have from 1,000 to 4,000 gates. Such memory is typically volatile: All information is lost when the memory loses power. Depending on how the manufacturer builds the tag, most of the gates will either reliably contain a charge or not contain a charge when powered on again ' representing either a 1 or a 0. However, each time a tag is powered up, a certain number of gates will fluctuate randomly between having a residual charge or not having a charge. It is these fluctuations that can be harnessed to supply a steady stream of random numbers.
The researchers claim that the numbers produced by this method have passed the National Institute of Standards and Technology test for statistical randomness.
Researchers have also found that the variations in each tag's gates are varied enough to be used as a way to uniquely identify, or fingerprint, each tag. Like snowflakes, each tag is slightly different.
Each tag may have different threshold voltages ' or voltages that tip a cell from a noncharged to a charge state. Minor variations in the lithographic process that produced the tags also work as identifiers.
Such fingerprints can be used to produce signatures for the tag, researchers argue. By checking these signatures, the operator of the tag can be assured that information derived from that tag has not been spoofed from some other, possibly malicious, source.
In addition to the paper, the researchers also prepared a PowerPoint
presentation to further explain the concept.
Joab Jackson is the senior technology editor for Government Computer News.