RFID Security and Privacy

3 10 2011

Radio frequency identification (RFID) is one of the many types of automatic identification technologies that exist; it uses radio waves to transmit signals. It typically has three parts, the tag, the reader and the system to process the relayed data. The technology itself is not new, used during the 2nd world war for identifying friendly and enemy aircrafts, but there have been several new ideas on its application.

It makes the tracking and identification of assets, animals, products (e.g. for inventory tracking) and people easy; and of course to enable tracking and identification these subjects have to be tagged with a unique identifier. These tags come in different sizes, some as small as a grain of sand/rice, Hitachi developed the powder type that used electron beams to put information on them, it measured measure 0.05 x 0.05 mm. [1] , Kodak also developed a digestible RFID used for monitoring drug reactions[2]. Some of the common applications includes document tagging (e.g. for anti counterfeiting), pet tagging to make it easy to track or identify missing pets, EZpass, Passports, Ignition Keys, etc it is also used the Energy, Aviation/Aerospace, Manufacturing, Retail, Supply, Access control, Health sectors etc.

Take the health sector applications for instance; one of the applications is in the tracking of patients with mental disorders such as Alzheimer, it would enable them get tracked if they wandered off. This technology could also help health personnel provide emergency aids to people who need it. For instance in an emergency situation the subject’s health records could easily be reached to enable the right assistance be provided thus preventing medical errors. Athletes could have implants that way their vital signs can be monitored to forestall against any kind of medical problem on the field.

Apart from cost, the major challenge is with security and privacy; if the tags are covered with foil, it could block its signals from being scanned (some tags), this could lead to a denial of service, since it would make the tag unavailable and unreadable. Also anyone with a relevant reader could have access to the information; this could raise data integrity issues since there could be the possibility of it being intercepted, interrupted or modified. Security appears to be bolted on instead of built-in; in its early stage of development security might not have been at the fore of the design consideration, more like the developers just wanted something accomplished and “had to” do “this” and subsequently security came in.

Information personal to a subject could be made public and could reveal specific private details. This information can be skimmed, cloned or eavesdropped on; falling into the wrong hands, it could leave the owner at risk of having their identities stolen or abused in some other form. Also these individuals can be tracked as in the case of the human implants e.g.Verichip a glass like casing about the size of a grain of rice and is implanted under the skin. This contains the owner’s Personal ID, name, social security #, health, finance information etc. once scanned these information are available in an unencrypted format to anyone that has access to it.

There are also serious adverse health implications associated with  the implantation as stated in the company’s SEC 10k report such as adverse tissue reactions, migration of the microchip and infection from implantation. [3].

_______________________________

[1].Hitachi RFID Tags: http://www.technovelgy.com/ct/Science-Fiction-News.asp?NewsNum=939

RFID and its applications in management: http://www.g-casa.com/conferences/budapest/papers/Mockler.pdf

Security in Computing: Pfleeger and Pfleeger pg. 639 -641

[2] Kodak RFID Tags: http://www.rfidjournal.com/article/view/3100; http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220070008113%22.PGNR.&OS=DN/20070008113&RS=DN/20070008113

[3] Industry and Business Risks Related to Our HealthID Business: http://www.secinfo.com/d1awwf.q9w.htm#2wvu

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: