Secure RFID tags?
Researchers create a random number generator
- By Joab Jackson
- Sep 24, 2007
A source of truly random numbers has been one of the biggest challenges for computer science, yet such numbers are vital for securing computational devices. Programs that encrypt data require a robust source of random numbers. Computers alone are incapable of producing truly random numbers. Algorithms have been written that can help machines produce pseudo-random numbers, or numbers that statistically resemble random numbers but contain subtle, repeatable patterns. But such patterns can be used to decipher a message encrypted with those pseudo-random digits.
The good news is that the specifications for the Trusted Computing Group's Trusted Platform Module come with a random-number generator, which should improve securing computers. A trio of University of Massachusetts researchers have found an inexpensive way to produce sets of truly random numbers for radio frequency identification tags. The technique also produces a unique fingerprint for each tag.
Daniel Holcomb, Wayne Burleson and Kevin Fu conducted the research, which the National Science Foundation funded. The RFID Consortium published the results in the most recent edition of the 'Proceedings of the Conference on RFID Security.'
Thomas Heydt-Benjamin, a colleague of the researchers, wrote on his blog that the technique involves reading the binary state of the RFID tag's memory cells just as the tag is powered on.
A typical Electronic Product Code Class 1 tag may have from 1,000 to 4,000 gates. Such memory is typically volatile: All information is lost when the memory loses power. Depending on how the manufacturer builds the tag, most of the gates will either reliably contain a charge or not contain a charge when powered on again ' representing either a 1 or a 0. However, each time a tag is powered, a certain number of gates will fluctuate randomly between having a residual charge or not having a charge. These fluctuations can be harnessed to supply a steady stream of random numbers.
The researchers said the numbers produced by this method have passed the National Institute of Standards and Technology test for statistical randomness.
Researchers have also found that the variations in each tag's gates are varied enough to be used as a way to uniquely identify, or fingerprint, each tag. Like fingerprints, each tag is slightly different.
Each tag may have different threshold voltages ' or voltages that tip a cell from a noncharged to a charged state. Minor variations in the lithographic process that produced the tags also work as identifiers.
Such fingerprints can be used to produce signatures, researchers say. By checking these signatures, the operator of the tag can be assured that information derived from that tag has not been altered by some other, possibly malicious, source.
Joab Jackson is the senior technology editor for Government Computer News.