Identity Antitheft

‘Fingerprinting’ microchips can help secure confidential transactions.

Nov 1, 2003

The microchips in smart cards and other devices often store digital keys-long strings of 0s and 1s-used to authenticate users and encrypt data in secure transactions. But specialists know that pirates can steal the keys by analyzing the chips’ hard-wired connections. MIT computer science professor Srini Devadas might have found a virtually unbreakable scheme: let the chip itself act as the key. At the microscopic scale, circuits are never identical, even on chips manufactured the exact same way, and signals take different times to propagate through silicon and metal paths. Devadas has designed a very simple chip that includes a huge number of paths and a circuit that acts as a stopwatch. By timing the delays along a few hundred of the paths, Devadas can generate a unique fingerprint for each apparently identical chip. That fingerprint-recorded when the chip is made and stored in a database-can act as a key to, for instance, unlock proprietary software, or authenticate an online transaction. Devadas says the secure chip would cost about as much as those used in smart cards but offer much higher security. He and his coworkers have filed a patent and are in discussions with electronic-products manufacturers and smart-card companies about production of the chip, which could be on the market in one to two years.