RFID Security & Privacy
- details of the basics of RFID security and RFID privacy issues and how RFID security and privacy issues can be addressed.
Security and privacy is a major issue for many elements of technology these days. RFID security and RFID privacy are no exception. RFID security and RFID privacy are major features of the technology and they feature highly in the way in which RFID systems are designed, set up and operated.
RFID security is an issue from several viewpoints including prevention of the system being hacked, to issues of personal security or privacy and access to personal location information, etc. Both RFID security and RFID privacy go hand in had, issues of one affecting the other.
A major concern over the increase in use of RFID tags is the personal security associated with the illicit tracking of RFID tags.
Private organisations have expressed their concern over this with the increasing use of electronic product code tags being embedded in consumer products. In addition to this the US Department of Defense (DoD) is looking at the problem with their use of tracking assets.
There are a number of ways in which these RFID security issues arise:
- The unique identifiers within RFID tags can be used for profiling and identifying consumer and individual patterns.
- Stealth readers can track people with RFID tags on them - RFID tags will normally remain active after an item has been bought, and when wearing a garment, for example, it is possible to utilise this tag illicitly.
- Hidden tags could be placed within on or within an item to enable stealth tracking to be undertaken.
To help overcome these issues a number of approaches can be adopted:
- Blocker tags: These tags spam any unauthorized readers into assuming that there are many tags in the vicinity and thereby preventing access to any tags that may be on the individual.
- Kill switches: When consumer items are purchased, or if an RFID tag needs to be deactivated for any reason, tags can be disabled. This function is incorporated into many newer RFID tags, although not all. It also does not stop the possibility of illicit tags being placed and used for tracking.
While these measures are available, personal security can still remain an issue as the possibility of RFID security for individuals is not widely recognized.
RFID tag cloning
There are many other issues associated with RFID security, one of which is RFID tag cloning. RFID security systems need to be able to prevent cloning as this would open the overall system to a variety of forms of security attack.
Typically when RFID tag cloning occurs, the responses of RFID tags are received by rogue monitors. Information received can then be used to replicate tags.
To enable RFID security to overcome this vulnerability, cryptographic techniques are used and embedded into the chips used. A number of approaches may be adopted:
- Rolling code approach: This approach to RFID security uses a scheme where the identifier given by the RFID tag changes after each read action. This reduces the usefulness of any responses that may be observed. It requires the RFID reader and RFID tag to have the same algorithm for changing the identifier. If multiple readers are used, they must be linked so that tracking can occur.
- Challenge response authentications: These systems use cryptographic principles. Here the reader issues an enquiry to the tag which results in a response, but as secret tag information is never sent over the interface between the RFID reader and tag the system cannot be compromised. Both reader and tag compute information from internal cryptographic algorithms, and the results are sent and the correct responses required for a successful information interchange. The system is essentially the same as encrypting data to send over a normal radio link.
In view of the additional processing required, the tags have a very much higher cost, and they are also far more power hungry. As a result deployment of these RFID secure tags is limited to areas where the cost can be justified.
RFID security and RFID privacy both remain as issues. In many cases the limited range provides the level of security required by many. Also there is often not a direct gain that can be made by criminals, so RFID security is not an issue in the same way as that for credit cards.
By Ian Poole
Want more like this? Register for our newsletter