A company that relies on atomic-level flaws in computer chips to tell one chip from another says that its circuits could help fight counterfeiting in anything from passports to handbags. Verayo, an MIT spinoff based in San Jose, CA, says the ID tags should be more secure and relatively cheap to make.
A growing number of organizations, from the U.S. State Department to Walmart, rely on radio frequency identification (RFID) tags to keep track of various items. RFID chips in crates of DVDs tell Walmart where their shipment is and when it’s been delivered. And the tags in newer passports contain the same information printed on the page, in an encrypted format, so immigrations officials can tell the passport isn’t a forgery.
But because these tags deliver their information to a reader via radio waves, there’s always the fear that someone will eavesdrop on the conversation and copy the data to their own chip, just moving forgery to a different level. Cryptography helps prevent the copying, but adding the cryptographic circuits to the chips drives up their costs, so many RFID tags don’t include them. For RFID to be widely used–on individual products, say, instead of just on shipping crates–they can’t cost more than pennies.
The security of Verayo’s chips relies on the fact that no two chips are exactly alike. The components of a computer circuit are measured in billionths of a meter. So a stray atom here or there during manufacturing can cause a wire to turn out slightly thicker or thinner than the specs call for. That leads to miniscule variations in how fast the circuit works, and there’s nothing that can be done to prevent it.
So instead of trying to prevent it, Srini Devadas, an electrical engineering professor at MIT and the founder and chief technology officer at Verayo, decided to exploit it. A signal traveling through a simple circuit will go faster or slower depending on these physical variations. By sending a series of signals through, and measuring how fast they travel, he can generate a string of numbers unique to each circuit. This has been dubbed a “physical unclonable function”–PUF for short.
That string becomes the basis for a series of mathematical equations. Enter an input, run it through the secret equation, and you’ll get a particular output based on that equation–but the same input will lead to different outputs on different chips. Do this dozens of times and you’ll generate a series of challenge and response pairs unique to each chip. A forger can’t duplicate this, because he can’t make a chip that has the same PUF as another one.