Thursday, February 21, 2013

NXP's silicon fingerprinting promises to annoy the heck out of ID hackers


NXP's silicon fingerprinting promises to annoy the heck out of ID hackers

It's 2013 and white hat hackers like Adam Laurie are still breaking into ID chips that are supposed to be secure. How come? Partly it's the way of the world, because no man-made NFC or RFID security barrier can ever be truly impervious. But in practical terms, a chip's vulnerability often stems from the fact that it can be taken apart and probed at a hacker's leisure. The secure element doesn't necessarily need to have power running through it or to be in the midst of near-field communication in order to yield up its cryptographic key to a clever intruder who has sufficient time and sufficient desire to breach the security of a smartphone, bank card or national border.

Which brings us to the latest device in NXP's SmartMX2 range -- a piece of technology that is claimed to work very differently and that is expected to hit the market next year. Instead of a traditional key stored in the secure element's memory, every single copy of this chip carries a unique fingerprint within the physical structure of its transistors. This fingerprint (aka Physically Unclonable Function, or PUF) is a byproduct of tiny errors in the fabrication process -- something chip makers usually try ! to minim ize. But NXP has found a way to amplify these flaws in a controlled way and use them for identification, and it'd take a mightily well-equipped criminal (or fare dodger, or Scrabble cheater) to reverse engineer that.

Filed under: , ,