16.2 A Keccak-based wireless authentication tag with per-query key update and power-glitch attack countermeasures

Counterfeiting is a major problem plaguing global supply chains. While small low-cost tagging solutions for supply-chain management exist, security in the face of fault-injection [1] and side-channel attacks [2] remains a concern. Power glitch attacks [3] in particular attempt to leak key-bits by inducing fault conditions during cryptographic operation through the use of over-voltage and under-voltage conditions. This paper presents the design of a secure authentication tag with wireless power and data delivery optimized for compact size and near-field applications. Power-glitch attacks are mitigated through state backup on FeRAM based non-volatile flip-flops (NVDFFs) [4]. The tag uses Keccak [5] (the cryptographic core of SHA3) to update the key before each protocol invocation, limiting side-channel leakage to a single trace per key.