Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

World's First "Unclonable" RFID Chip

ScuttleMonkey posted more than 5 years ago | from the until-they-make-a-better-cloner dept.

320

An anonymous reader writes to tell us that a new RFID chip from Verayo claims to be unclonable through the use of the new Physical Unclonable Functions (PUF), sort of an electronic DNA for silicon chips. "Basic passive RFID chips can be easily cloned by copying the data residing on one chip to another. Verayo's PUF-based RFID chips cannot be cloned, and provide a very strong and robust authentication mechanism. No other chip or device can be disguised as the original chip, even if the data is copied from one Verayo RFID chip to another."

cancel ×

320 comments

Yeah? (5, Insightful)

WillKemp (1338605) | more than 5 years ago | (#24922445)

Uncloneable today - cloned tomorrow...

Re:Yeah? (5, Insightful)

morgan_greywolf (835522) | more than 5 years ago | (#24922491)

It's kind of like those 'unhackable' computers, networks and software we keep hearing about. *yawn* Wake me up when someone actually makes such a thing and it actually, you know, works.

Re:Yeah? (5, Funny)

eln (21727) | more than 5 years ago | (#24922737)

I have an unhackable computer. I would give you the IP, but it's not hooked up to the Internet. Or any other network. Also, it's powered off and buried 300 feet underground in a 6 foot thick lead-lined vault. On Pluto.

Re:Yeah? (5, Funny)

nog_lorp (896553) | more than 5 years ago | (#24922805)

So you think, but I already have root.

Re:Yeah? (0, Funny)

Anonymous Coward | more than 5 years ago | (#24922849)

it doesnt have an OS :)

Re:Uh Huh? (0)

Anonymous Coward | more than 5 years ago | (#24922895)

If it's that far away and offline, how do you know I didn't install one too?

Re:Yeah? (5, Funny)

Tubal-Cain (1289912) | more than 5 years ago | (#24922977)

Congratulations. You rooted a honeypot VM.

Re:Yeah? (1, Redundant)

scubamage (727538) | more than 5 years ago | (#24923099)

Oh snap! Party v& on the way!

Re:Yeah? (0)

Anonymous Coward | more than 5 years ago | (#24922847)

on Pluto.. But you forgot to mention it's in our parallel universe.

Re:Yeah? (1)

foobsr (693224) | more than 5 years ago | (#24922887)

I have an unhackable computer. I would give you the IP, but it's not hooked up to the Internet. Or any other network. Also, it's powered off and buried 300 feet underground in a 6 foot thick lead-lined vault. On Pluto.

You forgot to mention you also switched off the flow of time to prevent it from carrying the potential to be hacked. Congratulations!

CC.

Re:Yeah? (0)

angelwolf71885 (1181671) | more than 5 years ago | (#24923149)

if it has windows for its os then not evian that will save you.. the p0rnz will still find you and ask you if you would like to make "IT" bigger

Re:Yeah? (1)

Cyner (267154) | more than 5 years ago | (#24923153)

If it can be made, it can be made again.

Re:Yeah? (0)

Anonymous Coward | more than 5 years ago | (#24923165)

mine's on the sun.

actually, mine IS the sun! Go try hacking that! LoL!

Re:Yeah? (5, Interesting)

NotBornYesterday (1093817) | more than 5 years ago | (#24923095)

Okay, so according to TFA (yeah I know, not supposed to read it, yadda yadda yadda), it looks like the RFID device isn't authenticated by its ID, but by a series of challenge-and-response tokens it has that are also stored in some central database, which appear to increment as they are used.

There appears to be a finite number of challenge-response pairs in the authentication database. How limited is that number? Are they also stored on board the RFID tag? Are they generated from the serial# and/or ID#?

What is the length of the challenge, and of the response? Could a captured item (ie, passport) with such an RFID tag be brute-force interrogated (hit with a series of random-number "challenges" to see which might elicit stored "responses"), and counterfeited that way?

Could this scheme be vulnerable to MITM-style attack?

Re:Yeah? (1)

SparkleMotion88 (1013083) | more than 5 years ago | (#24923161)

Uncloneable means cloneable? What a country!

Unclonable? (-1, Redundant)

Kingrames (858416) | more than 5 years ago | (#24922447)

right.

Honest injun! (4, Funny)

Just Some Guy (3352) | more than 5 years ago | (#24922449)

And this time we really mean it!

Re:Honest injun! (5, Funny)

Osurak (1013927) | more than 5 years ago | (#24922743)

And this time we really mean it!

Anybody want a peanut?

Re:Honest injun! (1)

Whatanut (203397) | more than 5 years ago | (#24922885)

Would you stop that!

Press release and marketing hype. 1st paragraph: (5, Insightful)

BitterOldGUy (1330491) | more than 5 years ago | (#24922467)

Verayo launched the worldâ(TM)s first unclonable silicon chip â" the Vera X512H RFID chip. This new RFID chip is based on recently announced breakthrough technology called Physical Unclonable Functions (PUF). PUF technology is a type of electronic DNA or fingerprinting technology for silicon chips that makes each chip unclonable. Verayoâ(TM)s PUF-based RFID technology offers

So, is it unclonable?

Let's have a pool to see when it's cloned. I got by the end of the year by a Stanford student.

Re:Press release and marketing hype. 1st paragraph (4, Funny)

Kingrames (858416) | more than 5 years ago | (#24922511)

I'd take your bet, but odds are, it's already been cloned.

Re:Press release and marketing hype. 1st paragraph (1)

BitterOldGUy (1330491) | more than 5 years ago | (#24922585)

Alright, Kingrames for cloned now by anyone.

Re:Press release and marketing hype. 1st paragraph (1)

Ngarrang (1023425) | more than 5 years ago | (#24922527)

Let's have a pool to see when it's cloned. I got by the end of the year by a Stanford student

My money is on MIT. They can use that super grocery cart and warcart the new RFID into oblivion.

Re:Press release and marketing hype. 1st paragraph (1)

getclear (1338437) | more than 5 years ago | (#24922537)

Hmm, Im batting for an MIT student, and I bet that Dan Bernstein (slightly obscure reference) will offer $500 dollars if ANYONE can clone it!

Re:Press release and marketing hype. 1st paragraph (1)

repvik (96666) | more than 5 years ago | (#24922655)

But he'll refuse to pay out when it has been cloned!

Re:Press release and marketing hype. 1st paragraph (1)

Bandman (86149) | more than 5 years ago | (#24923103)

Then complain that the clone doesn't function according to his definition of the word, and that anyone who cloned it like that was just /asking/ for trouble anyway

So far, 2 for MIT... (1)

BitterOldGUy (1330491) | more than 5 years ago | (#24922649)

Come on! What's happened to Caltech, Georgia Tech, and Texas A&M?

Re:So far, 2 for MIT... (5, Funny)

getclear (1338437) | more than 5 years ago | (#24922721)

Texas A&M may be able to find an organic replacement for the silicon used in the chip, and then implant it in farm animals to further research on the effects of "I can't beleive its NOT silicon" based RFID chips in them.

Re:Press release and marketing hype. 1st paragraph (3, Funny)

hotdiggitydawg (881316) | more than 5 years ago | (#24922893)

I couldn't guess how soon it'll happen, but I'll tell you what sound it'll make when it does: "PUF"

Re:Press release and marketing hype. 1st paragraph (1)

Beardo the Bearded (321478) | more than 5 years ago | (#24923043)

Maybe Unclonable(TM) is the brand name.

I wouldn't give it to the end of the year, unless it doesn't come out until xmas time.

Hey, wouldn't a warranty replacement be kind of hard to find?

Re:Press release and marketing hype. 1st paragraph (0)

Anonymous Coward | more than 5 years ago | (#24923121)

It totally depends on the actual implementation. Unclonability is certainly possible, in the sense that cloning would require the destruction of the chip and is likely to fail anyway. It would require rather elaborate calculations on the RFID chip though. "Electronic DNA" and "fingerprinting" don't quite sound like the chip uses an internal secret and cryptographic functions to protect the secret. It sounds more like they use an analog implementation detail which differs from chip to chip and is currently "too difficult" to replicate close enough. That is certainly clonable nondestructively, given sufficiently expensive high frequency radio technology.

Isn't that logically impossible? (4, Insightful)

danaris (525051) | more than 5 years ago | (#24922497)

Forgive me for my ignorance (and I haven't RTFA), but my understanding of RFID is the only way to tell what an RFID device is is by listening to it broadcast. Well, if you listen to a device broadcast enough, particularly if you listen in on a conversation between it and what it's supposed to talk to...doesn't it then become relatively simple to create your own RFID device that broadcasts all the same things as the original chip, and responds in all the same ways to input?

Seems to me it's just another instance of "DRM doesn't work," only in this case all the communication between supposedly secure nodes literally has to take place in the open air...

Dan Aris

Re:Isn't that logically impossible? (5, Interesting)

corsec67 (627446) | more than 5 years ago | (#24922669)

You could have a more powerful RFID tag that has some computation ability. This would allow you to generate a new code for every communication, preventing your replay attack.

If the list of request-responses was a true one time pad, then they might actually have some fairly good security from a radio attack, but the number of queries to the rfid tag would be finite.

If they use any kind of cipher, then it is very much open to attack.

Re:Isn't that logically impossible? (3, Interesting)

The_Wilschon (782534) | more than 5 years ago | (#24922871)

You'd be far more likely to see something along the lines of a key pair, where the private key is on the RFID, and any device that needs to read the RFID has the public key. Then the RFID would sign something, eg encrypt a hash of the message it received and send that encrypted hash back along with its response. The reader decrypts the hash, and makes sure it lines up right. As long as public-key encryption isn't cracked, you're good.

Re:Isn't that logically impossible? (3, Insightful)

DrSkwid (118965) | more than 5 years ago | (#24923015)

How does that stop someone reading the private key from the RFID device using non-RF methods?

Re:Isn't that logically impossible? (4, Insightful)

Thelasko (1196535) | more than 5 years ago | (#24922993)

This would allow you to generate a new code for every communication, preventing your replay attack.

Already done. [wired.com] In fact, if there is an "unclonable" RFID chip, my money is on it being in cars before your passport.

Not for Active (5, Informative)

brunes69 (86786) | more than 5 years ago | (#24922689)

What you are talking about is a passive RFID device, like most offense keycards from the 80's and early 90s. RFID nowadays is more complex, with the devices having a small computer chip in it that is actually powered up by the RFID. Having this chip allows secure encryption between the device and the terminal such that sniffing in on the conversation should get you no further than sniffing on a properly negotiated SSH session will.

The hole in the scheme of course is, if the crook gets his hands on the keyfob for a short period of time, it is the same as having your SSH private key, and he can clone the chip in the keyfob and return the original without you even knowing.

This company is saying they have a new chip that incorporates physical properties of the chip itself int the encryption somehow such that cloneing it would be recognizable.

Re:Not for Active (0)

Anonymous Coward | more than 5 years ago | (#24923163)

1. compromised terminals

2. gets his hands on the keyfob - more like sitting near you at a restaurant/bus/train/airpl

Re:Isn't that logically impossible? (1)

repvik (96666) | more than 5 years ago | (#24922691)

If it makes it necessary to listen to many conversations between a reader and the RFID chip, that'll atleast make it impossible for someone to clone my chip by passing me on the street...

Re:Isn't that logically impossible? (0)

Anonymous Coward | more than 5 years ago | (#24922707)

What about one-time pads that cycle over time? This would require a central server, but it would work.

Re:Isn't that logically impossible? (4, Insightful)

debatem1 (1087307) | more than 5 years ago | (#24922959)

The very idea of a one time pad is that they don't cycle over time. If they do, it becomes an XOR cipher with a known period- trivially easy to break.

Also, a one time pad cannot securely gain pad length over the untrusted channel, since doing so would violate the 1:1 rule. Each character of new pad would have to be encrypted against- and thus consume- one character from the old pad.

Re:Isn't that logically impossible? (1, Informative)

bradgoodman (964302) | more than 5 years ago | (#24923005)

By "cycle", you mean restart from the beginning, once you hit the end?

Do that, and it's no longer a "one-time" pad!

Re:Isn't that logically impossible? (1)

lupis42 (1048492) | more than 5 years ago | (#24922727)

Well, sure... too a point. It could use some sort of one-time-pad authentication, or time-based encryption signature, which would make cloning it more difficult. Perhaps even much more difficult. Thing is, they could just mean that it cannot be cloned without taking it apart to get to whatever signature system it uses. --Has not read TFA--

Re:Isn't that logically impossible? (1)

maxume (22995) | more than 5 years ago | (#24922731)

It looks like the primary purpose is to make sure that the tag you get is in fact the tag that whoever you are doing business with sent (so the tags don't help you trust your partner, but if you do trust your partner, they help you verify that you received what he sent). Once a challenge is burned (i.e., played in a public situation), as you say, it is burned, but they are still useful for authenticating the RFID.

Re:Isn't that logically impossible? (1)

ignoramus (544216) | more than 5 years ago | (#24922793)

Well, if you listen to a device broadcast enough, particularly if you listen in on a conversation between it and what it's supposed to talk to...doesn't it then become relatively simple [...]

To me, that's like saying SSH is easy to crack if you can just listen in on it... but the whole idea is that the (encrypted) conversation can be eavesdropped upon without compromising the data being exchanged.

Not sure how exactly the PUF thing is supposed to work, but it's imaginable to "generate" unique keys based on anything, even physical imperfections in the chips... the account is then somehow setup (say, when you activate your credit card or whatever) without ever exposing the key itself (only the chip ever knows it, only using it to generate interesting numbers for the peer). Thus, you can intercept all you want, you'll never see the unique secret key go by.

All this wouldn't mean it's literally unclonable... the key exchange, generation, whatever may well be vulnerable to crypto attacks in the end. But you couldn't just swipe someone's butt and go on to make purchases like you can at the moment.

Re:Isn't that logically impossible? (5, Informative)

maxume (22995) | more than 5 years ago | (#24922913)

The chip is characterized at the factory by sending it challenges and recording the responses. Later, the chip is issued one of the recorded challenges and the response is compared to the factory response.

If the challenge-response is done in such a way that it can be recorded, then each challenge is only good the first time it is used.

There is some possibility that the behavior they are exploiting is not as robust as they think and that the response characteristics of the chip could be determined from a limited number of challenges (and then emulated), but on the surface, it looks pretty reasonable, especially for situations with a limited number of challenges (so authenticating an event ticket with it is great, but maybe not so much an ID).

Re:Isn't that logically impossible? (1)

DrSkwid (118965) | more than 5 years ago | (#24923053)

How long before you start churning out duplicates? Quantum is not analogue.

Re:Isn't that logically impossible? (2, Informative)

Otto (17870) | more than 5 years ago | (#24922975)

And that's basically what they do. It's a challenge-response mechanism. See here: http://www.verayo.com/solutions.html [verayo.com]

So naturally it's unclonable in the trivial sense, but of course it may be vulnerable to a cryptographic attack.

What gets me though is that challenge/response mechanisms have been in RFID devices for ages. What's new about this one?

Note that they claim "Unlimited number of challenge response pairs for each chip" which just sounds freakin' strange to me.

No, just very, very difficult to do right. (4, Informative)

OmniGeek (72743) | more than 5 years ago | (#24922831)

In theory (crypto theory), this can be done if the parties communicating have a shared secret piece of data and a crypto algorithm, resistant to reverse-engineering from outside, that enables them to exchange that secret data without eavesdropping, man-in-the-middle attacks, or a brute-force cracking of the crypto algorithm.

This is quite hard to do properly in general, as the plethora of lousy cryptosystems attests. It *can* be done if one has enough processing power (tough for RFID chips that operate from microwatts of someone else's broadcast RF energy) and a good enough encryption algorithm (see "lousy cryptosystems" above).

Of course, if you can duplicate the data content and algorithms of the RFID chip, say by physically dismantling it layer-by-layer with a destructive analysis, you can clone it even if you don't know the shared secret. The article is claiming (without ANY credible evidence, BTW) to have somehow made this impossible, presumably by creating some random-but-repeatable property in the chip that cannot be extracted by analysis for reproduction in a cloned chip. Unless they've come up with something VERY effective, I'd bet on this system being cracked within months just like all the other RFID schemes. The lack of description or references to how their system works smells like bad crypto and security-by-obscurity to me.

Re:Isn't that logically impossible? (4, Interesting)

Tetsujin (103070) | more than 5 years ago | (#24922897)

Forgive me for my ignorance (and I haven't RTFA), but my understanding of RFID is the only way to tell what an RFID device is is by listening to it broadcast. Well, if you listen to a device broadcast enough, particularly if you listen in on a conversation between it and what it's supposed to talk to...doesn't it then become relatively simple to create your own RFID device that broadcasts all the same things as the original chip, and responds in all the same ways to input?

Seems to me it's just another instance of "DRM doesn't work," only in this case all the communication between supposedly secure nodes literally has to take place in the open air...

Dan Aris

Well, I don't know if I can answer your question in terms of the technical limitations of RFID - but in general, your argument ignores the possibility that RFID data is being encrypted.

For instance: suppose the subway fare system uses a set of encryption keys - some of these keys will be stored on the fare cards (the RFID devices) and some will be stored in the machines that interact with these cards...

Now suppose the interaction starts with one of these machines broadcasting, looking for a fare card... In some part of the initial handshaking the machine sends out a transaction number - encoded using an encryption key that fare cards can decode. In all further communication that transaction number is part of the encryption key used by the fare card.

You can listen in on this transaction, but you can't do anything with it unless you can decode the messages... You can't replicate the transaction because your response has to include the transaction ID given to you by the gate machine...

So in the context of an "uncloneable" chip - you could create another chip that pretends to have the same "Physical Uncloneable Functions" - but that depends on first knowing exactly what they are... If it's handled in a static way and not encoded, that's pretty easy. If it's handled in a way that one RF exchange only gets you one part of the data you'd need to replicate the thing - or if the data you'd need to replicate the chip is encrypted, then that makes the problem substantially harder...

Fundamentally, though, I believe you're correct - if it can be made once, it can be made again... The trick is to make it difficult to do that.

Re:Isn't that logically impossible? (1)

DrSkwid (118965) | more than 5 years ago | (#24923093)

blah blah blah I have one of the keys in my possession, the method, no matter how many bits, is right there in my key - the RFID device.

Re:Isn't that logically impossible? (3, Interesting)

It doesn't come easy (695416) | more than 5 years ago | (#24923119)

Not to defend the claim (the claim is obviously marketing hype) but when they say cloned they mean you can't take a one of their RFID chips and change it to be identical to another one of their chips (to be read by their scanners, etc.). Adding a computer or more circuitry doesn't count because it would not be a clone (even if it generated the same responses).

However, obviously with enough money and resources you could copy one of their chips and turn out another RFID chip that would be identical. It may not even take that much effort or money (I'm sure we'll hear about what it takes soon enough).

If they had claimed that it would be prohibitively expensive or time-consuming to clone one of their chips then maybe I could believe them. But to claim unclonable is in a word unbelievable.

Wrong Section (4, Insightful)

trongey (21550) | more than 5 years ago | (#24922499)

Shouldn't this article have been posted in the Humor section? I know I got a chuckle out of it.

From the same folks that brought you the unsinkabl (3, Funny)

kunkie (859716) | more than 5 years ago | (#24922505)

From the same folks that brought you the unsinkable ship.

Cloned in... (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#24922509)

...3...2...1...

Send in the clones ... (0, Redundant)

the_rajah (749499) | more than 5 years ago | (#24922521)

in 3, 2, 1....

Re:Send in the clones ... (1)

Tetsujin (103070) | more than 5 years ago | (#24922925)

Around the survivors, a perimeter create!

(Every pair of genes is a hand-me-down...)

Re:Send in the clones ... (3, Funny)

pilgrim23 (716938) | more than 5 years ago | (#24922981)

so technically would one be guilty of making an obscene clone fall?

Re:Send in the clones ... (0)

Anonymous Coward | more than 5 years ago | (#24923075)

In 3, 2, 1....

Fairly straightforward (4, Informative)

jimicus (737525) | more than 5 years ago | (#24922569)

Most obvious mechanism is that the chip has sufficient intelligence to be able to cryptographically identify itself using public key cryptography, and the keypair is embedded on the chip at the manufacturing stage.

Would work beautifully, but it's completely broken the day someone manages to get the private key out of it.

Re:Fairly straightforward (1)

91degrees (207121) | more than 5 years ago | (#24922715)

Which should be possible. It's expensive but a lot of companies will dismantle a chip and reverse engineer it. This includes legitimate large scale chip companies.

Re:Fairly straightforward (2, Insightful)

Anonymous Coward | more than 5 years ago | (#24922729)

The security thing is a no brainer - a good encryption would keep someone from wasting their time to get free subway passes.

The real kicker is cost and power. How strong a signal do you need to get the necessary power to calculate this stuff? And could you really afford to stick one of these things on every subway card? Adding complexity, to me, is defeating the purpose.

Unique PKI keys (DNA?) Re:Fairly straightforward (0)

Anonymous Coward | more than 5 years ago | (#24922815)

If they can manufacture them and distribute them in bulk, with unique private keys for each RFID chip, but still have it be cheap enough, then en masse yeah, they'd be un-hackable. In specific single units though, it'd just be a matter of time, as it always is.

All that is of course assuming that they'd actually succeed at implementing the whole mess without leaving exploit gates open.

Re:Fairly straightforward (1)

Lumpy (12016) | more than 5 years ago | (#24923019)

the 1-wire iButton does this. they have a cryptographic version that is uncloneable and will self destruct if you try to open it.

It's probably that tech simply repackaged.

Re:Private Keys (1, Interesting)

Anonymous Coward | more than 5 years ago | (#24923077)

This is how DVD encryption was broken. The theory was fine, but there was no way to secure the private keys when they were included in every shipped device. "DVD John" (IIRC) lifted the private key from Xing's player and it was game over for DVD encryption. I believe this happened within six months of when DVD players began shipping.

Why is this automatically discredited? (5, Interesting)

jeffmeden (135043) | more than 5 years ago | (#24922637)

You conduct overheard conversations all the time and have no issue with considering them "secure": namely via SSL/TLS encryption. All that's necessary to create an RFID that can't be completely duplicated is for the chip to hold on to more information than it broadcasts, and then only reveal that information in a clever way (asymmetric encryption). A well coded challenge-response handshake can allow the reader and chip to conduct a conversation that is 'unique' and cannot be easily duplicated later on. Sure, there is the potential for it to be improperly coded, or downright misrepresented. However, don't count it as a failure before it's even seen the light of day.

Re:Why is this automatically discredited? (1)

jimicus (737525) | more than 5 years ago | (#24922945)

The thing about SSL is that it depends on one particular piece of information - the private key - not being available to the general public because it's stored on the server that you're connecting to and (provided the server is properly secured, backups notwithstanding) never leaves it.

However, with the RFID chip you're distributing the private key along with the public key. All you can do is hope that no enterprising hacker ever finds a way of getting at the private key.

Of course, we're assuming that this is how the chip actually works. But it seems most logical.

Re:Why is this automatically discredited? (4, Insightful)

debatem1 (1087307) | more than 5 years ago | (#24923041)

What they are claiming is not that the key can't be extracted from transmissions- a relatively humdrum requirement- but rather that unlimited physical access to the device cannot reveal the key, which I find dubious in the extreme. Add to that that there have been numerous devices that have claimed this in the past, only to fail miserably, and it seems pretty reasonable to assume that this will fail as well.

Re:Why is this automatically discredited? (0)

Anonymous Coward | more than 5 years ago | (#24923051)

Well, I think everyone is instantly discrediting it because of the sheer amount of marketing fluff from TFA. And on a technical level, I think that this system will be useless the first time someone gets their hands on their the challenge/response list. And the chip has to ship with that list on it. This appears to be a trivial level of security. It'll stop the current cloning techniques, but it'll be trivial after a point.

I don't think that RFID tags will be secure until you can generate your own key, and load others' (public) keys. Till then, RFID tags are barcodes.

Re:Why is this automatically discredited? (0)

Anonymous Coward | more than 5 years ago | (#24923065)

The problem with that is that any information can eventually be exracted from the chip if you have it in your possesion

Re:Why is this automatically discredited? (1)

DrSkwid (118965) | more than 5 years ago | (#24923133)

If I had physical access the the server you're talking to I could clone it, poison your DNS and then serve you anything from the server.

Talking out of your arse doesn't make this thing unclonable.

How venture capital works (1, Funny)

Anonymous Coward | more than 5 years ago | (#24922671)

1. Incredible claim
2. Investors
3. Profit!

Somehow there's a product or service, but it's really corollary to the process...

so -...err...right (1)

shnull (1359843) | more than 5 years ago | (#24922675)

uncloneable == not possible to hack therefore !valid ... ?

Terrible marketing... (1, Insightful)

Anonymous Coward | more than 5 years ago | (#24922677)

"DNA" is unclonable why, exactly?

Re:Terrible marketing... (1)

DrSkwid (118965) | more than 5 years ago | (#24923157)

Don't mention Polymerase chain reaction [wikipedia.org] and we'll be alright.

duh! (4, Interesting)

MobyDisk (75490) | more than 5 years ago | (#24922685)

From the illustration, it looks like a simple challenge response mechanism. All I have to say is: duh!

So they finally added some form of authentication. This is what smart cards were supposed to be when I first heard about them 10 years ago. Simple RFID was never intended to be used for something secure: it was meant to replace bar codes or magnetic strips.

Cloned... (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#24922705)

In 5... 4... 3... 2... 1...

Re:Cloned... (1)

debatem1 (1087307) | more than 5 years ago | (#24923069)

Is it ironic to mod this redundant?

Only one threat (1)

Thelasko (1196535) | more than 5 years ago | (#24922761)

Sure, it can allegedly stop them from being cloned, but what about read?

Famous Last Words (1)

ErichTheWebGuy (745925) | more than 5 years ago | (#24922775)

The gauntlet has been thrown down.

Emulation/Spoofing (1)

ZeroNullVoid (886675) | more than 5 years ago | (#24922777)

Fine, you have hardware limitations in hardware you control that prevent it from being directly cloned (as of now)... but how does it handle against someone spoofing it or emulating what is expected?

If you make a reader that can detect a difference, you surly can create an emulation device to produce a sample of the difference back.

If it's a matter of a mutating algorithm over time and reads, then it can be spoofed through reverse engineering and bruteforce to discover the seed and algorithm.

Manufacture (1)

flyingfsck (986395) | more than 5 years ago | (#24922779)

So, how do they manufacture these things? Obviously there must be a way to copy them.

"Unclonable", eh? (2, Insightful)

SamSim (630795) | more than 5 years ago | (#24922783)

That sounds like a wager to me!

Obligatory (1, Funny)

Anonymous Coward | more than 5 years ago | (#24922795)

The war for clones, begun they have.

I call BS... (1)

g0dsp33d (849253) | more than 5 years ago | (#24922803)

If it is predictable, then there's a series of characters its expected to send under a given condition and it can be cloned.

Otherwise it is random and can not be differentiated from others.

World's first "Unclonable" RFID Chip cloner (3, Funny)

brennz (715237) | more than 5 years ago | (#24922825)

August 4, 2009
Hackers at the annual DEFCON conference have announced they have succeeded in cloning the "unclonable" RFID chip. Jerry "Botnet" Goldblatt led the effort in defeating the security on the RFID chip. According to Jerry, "Cloning the 'unclonable' RFID chip was even easier than breaking Oracle's 'unbreakable' Linux. It just goes to show that marketing runs IT." The team is now accepting donations of Red Bull, Grey Goose and Hawaiian skunk as they add a module to metasploit to further simplify the attack.

I like strong statements... (1)

Ecuador (740021) | more than 5 years ago | (#24922827)

So, is it unclonable like the Titanic was unsinkable?

They used Unclonable and DNA in the same sentence (5, Interesting)

cutecub (136606) | more than 5 years ago | (#24922841)

The use of language is strange.

Unclonable: cannot be cloned
DNA: a molecule that clones itself.

Its not the best choice of marketing metaphor.

Its like saying that an event is possibly inevitable.

-Sean

Re:They used Unclonable and DNA in the same senten (1)

cinnamon colbert (732724) | more than 5 years ago | (#24923159)

on a strict grammatical basis, you have a point.
In terms of how scientists actually use the words "clonable" and "unclonable": clonable means you can get copies of the original DNA molecule to replicate inside a new cell, either from the same organism or a different organism.
In many cases, DNA that is quite happy in one cell type is not happy in another; this was a big problem in the human genome project, as most of the work was done with human dna cloned into E coli, and there is a lot of human dna that is very unhappy in E coli ie, uncloanble.
another part of clonable is that in vivo, most DNA exists as long (> 1e6 bases long) molecules, and most clone (pace BACs, Pacs, YACs, etc) is much shorter. If you chop up DNA, you can remove control sequences, and make the dna unclonable, eg if you had the gene for cell death, which is normally OFF becuase next to the gene is an OFF signal, and you try to clone a piece that lacks the OFF signal, you might kill every cell the dna gets into - functanally, the dna is unclonable.

Even a unique chip can be cloned in principle (1)

davidwr (791652) | more than 5 years ago | (#24922875)

What this boils down to is that each chip is unique in the hardware or hardware+firmware.

In order to clone one, you have to manufacture a new chip. A determined adversary such as a government or a well-heeled competitor with access to electron microscopes and similar technology may be able to clone a particular chip.

They shouldn't advertise "unclonable." Instead, they should advertise "heavily clone-resistant."

One way to make it harder is to embed the unique parts in a tamper=destruct casing, so any attempt to peek inside will cause the circuits to change in a hard-to-reverse-engineer before they can be analyzed.

Even 20 years ago, certain chips used by the military had to be encased in tamper-resistant or at least tamper-evident casing to deter espionage. In order for a particular to chip to be "unclonable," it must not fall into the hands of someone with the will and means to clone it. Making it self-destruct-on-inspection goes a long way to raising the cost of any cloning attempt.

Summary for those that didn't RTFA (0)

Anonymous Coward | more than 5 years ago | (#24922903)

According to their pdf, the chip is manufactured in such a way that each chip has physical flaws due to the manufacturing process that are "impossible" to duplicate. These flaws are then used in a challenge/response mechanism to provide authentication for the chip. Basically, after you manufacture the chip you feed a bunch of challenges into the chip and then record the responses "in a database". Once the chip is deployed, you can issue one of the same challenges and see if the response is the same as what you have stored.

Re:Summary for those that didn't RTFA (1)

IndustrialComplex (975015) | more than 5 years ago | (#24923115)

Wouldn't it then be trivial to clone a chip for each challenge?

Challenge A = Response: 234211
Challenge B = Response: 328058
.
.
.

Where did this idea come from? (0)

Anonymous Coward | more than 5 years ago | (#24922939)

"Well, we were watching Prison Break, and we figured that we can't have that happening all willy-nilly!"

Santa? (1)

ZeroNullVoid (886675) | more than 5 years ago | (#24922943)

I am sure jolly ole santa clause can clone them in his/her/their workshop.

You do know the elves only make one of each toy and then send them through a cloner that assembles every quark identical to the original, including the elves fingerprints.

Worst... analogy... ever (0, Redundant)

Arthur B. (806360) | more than 5 years ago | (#24922965)

Physical Unclonable Functions (PUF), sort of an electronic DNA for silicon chips.

The very essence of DNA is self replication.

Re:Worst... analogy... ever (2, Funny)

starglider29a (719559) | more than 5 years ago | (#24923111)

Right. I'd be worried less about their cloning, and more about if you put two in the same area, you end up with a litter of them!

Don't... (0)

Anonymous Coward | more than 5 years ago | (#24923105)

...taunt the hackers...

Blackbox engineering. (1)

jameskojiro (705701) | more than 5 years ago | (#24923129)

Why clone it when it is easier to mimic it's output?

DVD-Jon to become RFID-Jon? (0)

Anonymous Coward | more than 5 years ago | (#24923155)

This sounds suspiciously similar to how DVD's are encrypted. The key is unique to each DVD and then an encryption algorithm was supposed to make the DVD unreadable to law-abiding consumers.

We all know how well that worked out.

It also seems to me that the concept of an unclonable RFID is an oxymoron. On the one hand, a mass-produced electronic device, on the other unique identifiers that are not intrinsic the the manufacturing process. In addition, the chips must work with each other. In short two competing and mutually exclusive imperatives.

What happens when the chip in my iGadget get zapped by my overly precocious 4-year old in the microwave? How can I prove legitimacy?

It is certain to end up in the courts.

Introduction of a delay (0)

Anonymous Coward | more than 5 years ago | (#24923173)

Heres my theory...

The RFID chip identifies itself with the RFID receiver, allowing to the receiver to lookup the chips encryption keys and respond with a password. Now all communications are encrypted. In order for the chip to communicate it has to encrypt its transmission, so the chip requests the key from a separate chip. The separate chip will only respond with the key if it has the correct password that was received during the handshake.

In order to thwart a brute force attack, the separate chip has a built in delay to prevent multiple failed attempts. Now the key that is returned by this chip is probably some sort of physical fingerprint unique to the chip.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...