Security Issues thwarting RFID adoption

24 07 2012

Radio Frequency Identification (RFID) technology had gained popularity over the past several years in the supply chain and asset management areas. The main advantage of RFID is the automated identification of products and people. Mandates from Department of Defenses and supply-chain giants like Wal-Mart to their suppliers, push wider adoption of this technology.  Automated unique identification advantages of RFID and falling tag costs help develop innovative RFID applications in areas of access control, supply chain /retail services, sub-dermal tags, tags in libraries and smart applications etc. Despite these factors, the adoption rate of RFID technology has stalled significantly in the recent years, security issues and privacy concerns are among the key factors.

RFIDs are small electronic devices that consist of a microchip and an antenna designed for wireless data transmission. The RFID reader interrogates the tags so data can be transmitted over the air. So collectively the RFID system consists of RFID Tags, Readers, communication protocols, Information systems, Networks, Lookup/Location services etc. All elements of the RFID systems need to be secured and its integration between themselves must be considered keeping data security in mind. From the consumer’s aspect, the privacy issue is more important therefore getting more media coverage.

Security and Privacy Issues

Security issues are due to good readers reading data from malicious tags. It is very easy to copy the data from the tags and develop counterfeited tags. Current RFID systems are unsafe:

  1. No authentication – No friend/foe distinction
  2. No access control – Rogue reader can link to tag and Rogue tag can mess up the reader
  3. No encryption – Eavesdropping possible
  4. No RFID protocols standardization  – Available standards are susceptible to reverse engineering
  5. RFID based worms/viruses

Privacy Concerns: The RFID tags pose exponentially greater risk to personal privacy. A malicious reader can read information from good tags leading to two common privacy threats:

  1. Tracking – Private issue happens when the product or person movements, or data is tracked or accessed without explicit permission. The user or product owner cannot turn off the tracking as tag can always be read. Even if we use encryption, only data can be encrypted and tracking can still be done.
  2. Information Leakage – When the data in the tag can reveal the sensitive information to the rouge readers this falls into privacy issues. For example, if the person carries medicines (box) implanted with RFID tags, then the information could be read and their aliments can be found thereby violating the privacy laws.

Some of the countermeasures to address security & privacy issues:

  1. RFID tagged products can be clearly labeled so consumer would have the choice to select products without RFID. One of the product, ‘Kill Codes’, which turns off all RFID tags immediately as the consumer comes into contact.
  2. ‘RSA Blocker Tags’, address privacy concerns while maintaining the integrity of the product. The item can be tracked only by the store’s authorized reader.
  3. Use challenge-response when querying for data.
  4. Good and secure distributed database and web service security.

Conclusion

While the security and privacy issues exist, RFID tags have the potential to revolutionize many areas increasing productivity and cost effectiveness. RFID technology leaders and enablers should focus on developing protocols and standardization to address to security and privacy issues, meanwhile the adoption should be based on corporation/industries being aware of the existing security issues in the RFID systems, current limitations and consumer privacy laws.

____________

  1. http://www.ibiblio.org/Dave/ar00503.htm
  2. https://www.rsa.com/rsalabs/staff/bios/ajuels/publications/pdfs/rfid_survey_28_09_05.pdf
  3. http://www.thingmagic.com/rfid-security-issues
  4. http://www.edri.org/docs/EDRi_RFID_Security_Issues.pdf
  5. http://features.techworld.com/mobile-wireless/1178/security-issues-swamp-rfid/
Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: