TARDIS: Time and Remanence Decay in SRAM to Implement Secure Protocols in Embedded Devices without Clocks

Lack of a locally trustworthy clock makes security protocols challenging to implement on batteryless embedded devices such as contact smartcards, contactless smartcards, and RFID tags. A device that knows how much time has elapsed between queries from an untrusted reader could better protect against attacks that depend on the existence of a rate-unlimited encryption oracle. The TARDIS (Time and Remanence Decay in SRAM) helps to locally maintain a sense of time elapsed without power and without special-purpose hardware. The TARDIS software computes the expiration state of a timer by analyzing the decay of existing on-chip SRAM memory. The TARDIS enables coarse-grained, hourglass-like timers such that cryptographic software can more deliberately decide how to throttle its response rate. Our experiments demonstrate that the TARDIS can measure time ranging from seconds to several hours depending on hardware parameters. Key challenges to implementing a practical TARDIS include compensating for temperature and handling variation across hardware. Our contributions are (1) the algorithmic building blocks for computing elapsed time from SRAM decay; (2) characterizing TARDIS behavior under different temperatures, capacitors, SRAM sizes, and chips; and (3) three proof of concept implementations that use the TARDIS to enable privacy-preserving RFID tags, to deter double swiping of contactless credit cards, and to increase the difficulty of brute force attacks against e-Passports.

Joint work with Amir Rahmati, Mastooreh Salajegheh, Dan Holcomb, Jacob Sorber and Wayne Burleson. To appear at USENIX Security 2012.

Speaker Details

Kevin Fu will join the University of Michigan as Associate Professor of Computer Science and Engineering in January 2013. His research is in the area of trustworthy computing and low-power embedded devices. In addition to systems security, RFID-scale computation, and energy-aware architectures, Dr. Fu’s interests include medical devices and health IT.

Dr. Fu received his PhD in Electrical Engineering and Computer Science from MIT in 2005 and is currently Associate Professor of Computer Science at University of Massachusetts Amherst.

Dr. Fu has served as a visiting scientist at the Food & Drug Administration, the Beth Israel Deaconess Medical Center of Harvard Medical School, and MIT CSAIL, and is a member of the NIST Information Security and Privacy Advisory Board. He previously worked for Bellcore, Cisco, HP Labs, Microsoft Research, and Holland Community Hospital. He is the recipient of a Sloan Research Fellowship, the NSF CAREER award, and best paper awards from USENIX Security, IEEE S&P, and ACM SIGCOMM. Dr. Fu was named MIT Technology Review’s TR35 Innovator of the Year in 2009, and is a Senior Member of the Association for Computing Machinery.