Time Machines, Computer Memory, and Brute Force Attacks Against Smartcards - Slashdot

Slashdot

Time Machines, Computer Memory, and Brute Force Attacks Against Smartcards 49

Posted by Unknown Lamer on Monday August 06, 2012 @10:02PM
from the one-too-many-questions dept.

An anonymous reader writes "IEEE Spectrum reports on a method that exploits the decaying contents of unpowered computer memory to create an hourglass-like 'time machine' that rate limits brute force attacks against contactless smartcards and RFIDs. The paper takes an odd twist on the 'cold boot' attack reported four years ago at USENIX Security. Not quite as cool as a hot tub time machine though. " Full paper (PDF).

This discussion has been archived. No new comments can be posted.

Time Machines, Computer Memory, and Brute Force Attacks Against Smartcards

Search 49 Comments Log In/Create an Account

Comments Filter:

Re:What? (Score:5, Informative)

by Baloroth (2370816) writes: on Monday August 06, 2012 @11:25PM (#40901733)

SRAM looses coherency in a statistically predictable pattern for a few seconds/minutes after it looses power. That means an otherwise powerless and clockless RFID chip can detect when it was powered on recently, and deny access attempts until at least a few seconds after the last access, rendering brute-force attempts vastly less practical (those normally use thousands of access attempts a second). Also, potentially annoying the hell out of anyone for whom the card doesn't work the first time, but security has always been a tradeoff with practicality (and if it is just a matter of seconds, not a huge deal).

Parent Share
twitter facebook linkedin
Re:Neat trick... (Score:4, Informative)

by Baloroth (2370816) writes: on Monday August 06, 2012 @11:47PM (#40901853)

If the attacked has lengthy, exclusive access to the chip and sufficiently advanced resources, basically nothing will stop them cracking it. This technique is simply a software added trick that can be used with cheap existing RFID technology to prevent drive-by attacks, not dedicated cracking. The key is "cheap": nearly free, in fact, rather than a more complicated method (my first thought was to use a simple RCI circuit to detect if the card has had power in the last few seconds to achieve the same effect as this, but that of course would add complexity and cost and most importantly couldn't be used with existing chips. Also potentially crackable, but it would help).

Parent Share
twitter facebook linkedin

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

546 commentsChanging the Ratio of Women In Tech: How Etsy Did It
334 commentsLast Forking Warning For Bitcoin
288 commentsResearcher Evan Booth: How To Weaponize Tax-Free Airport Goods
274 commentsBotched Security Update Cripples Thousands of Computers
234 commentsFedora 19 To Stop Masking Passwords

Advancement in position.