RFID Security Forum

Wednesday, October 25, 2006

“Kill Bill”

Louis Parks discusses the Veto of California RFID Bill:

At the end of September, Governor Schwarzenegger vetoed California Bill SB768 which would have introduced limited requirements for security when RFID technology was deployed in a state government setting.

Many herald this as a win for RFID and its use since it eliminates a few potential barriers to deployment. Most of the RFID players and their related action groups lobbied for this veto but it may come back to bite the industry in the end (yes, both meanings).

The public is already skeptical of new technologies like RFID and they are becoming more sensitized to “Privacy” by our media daily. The industry's efforts to fight the need to implement security will also likely be interpreted by the public as not having their best interest at heart. Think of it as joining “big oil” or “Washington lobbyist” – I removed the word “bad” that we all subconsciously insert into those titles when we read them.

There are both technologies and methods that can be deployed today to address security and privacy. The RFID industry needs to start thinking about getting out ahead of this issue and showing they are going to address the public’s concerns or the next bill, written under the growing wind of privacy fears, may be far more punitive and not as easily killed.

Labels: , , ,

Tuesday, October 24, 2006

“It’s just a number.”

Contributed by Louis Parks:

It seems like just yesterday that I attended one of my first RFID conferences to try and validate the need for security solutions on RFID tags. So it was just over two years ago that I found myself sitting in a session featuring a panel discussion on “RFID Privacy and Security”. The topic seemed important judging by the overflowing attendance but I was not ready to hear EPCglobal, an organization focused on promoting the adoption of RFID – among other things, simply summarize the situation as a “non-issue”. The speaker went on to explain, “It is just a bunch of numbers on the tag so there is no need for security…and there are really no privacy issues at the tag level.”

I have just returned from the EPCglobal US Conference 2006 where I was not surprised to be issued a conference badge – complete with embedded RFID tag. I was VERY surprised to be given a one page document as part of my registration kit explaining that my name, company, address, etc. were all encoded on the tag and available for a reader to capture – any reader. They went to great efforts to explain they were using HF chips (the evil enemy only a few months ago) with short read ranges to help protect our data and that non-RFID badges were available if we preferred. The president of EPCglobal even included a privacy and security disclaimer on the use of the badges in the opening of his keynote address.

We have always been concerned about privacy and what happens to data after it is collected but I guess everyone, including EPCglobal finally, now recognizes that there are security issues that need to be addressed when using RFID…and the sooner the better.

Labels: , , , ,

Monday, October 16, 2006

Does SecureRF belong in the Doghouse?

SecureRF Corporation replies to comments in the Schneier on Security blog.

Not to our surprise, Bruce Schneier put SecureRF in the “Doghouse” in his October 9th blog. Bruce provides interesting views and opinions on his blog, often coming from brief observations or encounters with a security or privacy issue. Unfortunately he took the same “brief” approach here and chose to weigh-in with perhaps little more than the memory of meeting the SecureRF founders nearly ten years ago on a different technology and a brief visit to our website. This has led to several incorrect assumptions and statements that were compounded by an additional series of incorrect or misdirected statements from many of Bruce’s readers. Oddly, his blog also revealed a bias for “old and comfortable” math whether it is working or not.

In regards to his quickly penned comments, his remark that SecureRF is “harnessing a relatively obscure area of mathematics: infinite group theory…” is factually incorrect. Group Theory, which includes Infinite Group Theory, dates back to the early 19th century and can be found in most of our math, physics and science of today. It does not come from knot theory. Bruce may have been confused from some earlier, but unrelated work of our founders, that he had been briefed on nearly 10 years ago that pertains to Braids.

We are offering two white papers and request, at the reader’s option, that they enter a name and affiliation for our records. Unlike many other sites we do not require that they complete any field before hitting the submit button, a fact which Bruce may have missed.

Bruce points out that we do not reference a published cryptography paper which is partly true. This is because it usually takes two to three years to get a paper published in a reputable journal on a new breakthrough or claim. One of the white papers offered on our site and available since December 2005 was submitted to a juried publication of the American Mathematical Society - and was accepted for publication in their Contemporary Mathematics series this December. In fact, it is being published less than eight months after its final review/acceptance which we are very proud of. You can get a copy of this publication at http://www.ams.org/bookstore?fn=20&arg1=conmseries&item=CONM-418.

Finally, Bruce’s view that no “New Math is good math” would seem to fly in the face of science and our general approach to innovate and create new and better solutions. It has become quite apparent from recent demonstrations of the weaknesses in many of the older protocols (old math?) that new solutions, likely requiring new math, are badly needed. A recent posting to the Notices of the American Mathematical Society by Susan Landau begs for new math in the form of a hash function.

In regards to the many readers who picked up on Bruce’s incorrect assumptions and proceed to comment here are a few factual responses. One reader correctly points out that a braid-based solution would not be small enough or efficient enough to fit on a passive RFID tag. This is likely correct which is why we do not use it here. It should also be noted that several readers went on to question the security of braids but referenced the work of the Koreans and not our founder’s protocol which is a very different method - with several published papers pointing out that the attacks on the Korean’s method do not work on the braid method of our founders.

Other readers raised issues around the use of the word “geometrically”. This word does not appear anywhere on our site or in our materials but rather comes from the writings of another blogger. A more accurate phrase would be to say that RSA and Elliptic Curve scale quadratically and SecureRF does not.

As one blog commenter put it “…cryptography is a really hard problem…” and we could not agree more. The foundational work that SecureRF is built on comes from decades of work by our founders. We also understand the need for ongoing peer review to ensure the validity of our claims and to continue the development and improvement of our solutions. This is why we have presented our breakthrough to the American, German and Austrian Mathematical societies for review. Our technical white paper, which Bruce has never asked to see, has been requested by and sent to many of the notable names in security and cryptography in the world over the last year. In fact, one of the first things we did after filing our patent was call up RSA and arrange to meet at their offices to show them what we have for their comment and review.

It is unfortunate that Bruce has taken the position of a “nay-sayer” when the cryptography world really needs cheerleaders promoting the research and presentation of new ideas. At last years RSA Conference, Mark Hellman, in his keynote discussion, sadly remarked that if a competition for a new public-key method was held today, similar to NIST’s AES competition, he would be surprised if there was even a single entry. We have chosen to take up this challenge and, at the same time, address the need for better privacy when using RFID-based solutions through our security methods. We look forward to the constructive peer review that will come from the AMS publication and from those who chose to request our white paper - http://www.securerf.com/white.html. Perhaps then it will be appropriate to determine if we are the next best thing since “sliced bread” and should be let out of the doghouse.

Labels: , , , ,

Monday, October 09, 2006

Will Loose Lips Sink Chips?

The October 2006 issue of DC-Velocity magazine published a RFID 101 Technology Review column titled Will loose lips sink chips? by John R. Johnson, Executive Editor. Here is our feedback:

We found this article to be a great overview of both the challenges and opportunities for passive RFID in item level tagging. We agree with most of Mr. Johnson’s overview of the market and issues around privacy but would like to point out that there may be more happening in the area of security than Kevin Ashton - VP of Marketing at ThingMagic, who is quoted in the article, may be aware of today. Also, there was a reference to “side channel attacks” in the Data at Risk section that incorrectly describes what a side channel attack is. Finally, the solution described that TI is working on has little to do with RFID or protecting a tag in the field and is really a re-working of a paper they published with Verisign almost two years ago – that they chose not to promote at that time.

In regards to Gen 2 solutions – although there are several approaches being worked on both in the academic and commercial worlds (and recently reviewed in Graz Austria at the RFID Security 06 conference - http://events.iaik.tugraz.at/RFIDSec06/index.htm) there are some solutions available today depending on the functional requirement. SecureRF Corporation has presented our solution as one of the most advanced as we are planning on delivering our first tag in the first quarter of 2007 (not 2008/09 as quoted in the article) and it will be a Gen 2 compliant tag that will provide both authentication and data protection. As a result of these functions, it will be able to prevent rogue readers from accessing data in many cases (a function described as not feasible in the article). Mr. Ashton’s view was very narrow and from a “reader company’s” perspective. We do not boost the cost of tags in any significant way and we are currently filing a patent that will allow us to work with a customer’s currently installed Gen 2 reader network without any firmware upgrades or changes! Although we are protocol agnostic – we have joined EPCglobal and plan on making our first tags Gen 2 UHF/HF compliant.

The attack Mr. Johnson describes in the Data at Risk section is “eavesdropping” and not a side channel attack. Eavesdropping occurs when a legitimate communication session is going on between a tag and a reader and a rogue reader, in the vicinity of this communication, “listens in” and intercepts the data. A “side channel attack” occurs when an individual monitors the “secure” communications and by carefully measuring things like power fluctuations and other timing points – uses the collected data to break the security (a form of crypto analysis). This is a popular attack on smart cards. In Mr. Ashton’s scenario – there is no security to break – and hence no need for a side channel attack.

Finally, the TI solution Mr. Johnson describes does not involve the tag in any way. All of the security features are happening behind the reader on the network and the encrypted and/or signed data is simply stored on the tag. There is little to prevent someone from “cloning” the tag. That is, simply copying the good encrypted/signed data and putting it on cloned tags will make counterfeit items look like the good item. Of course, as in all PKI systems, the reader will need to know which of its millions (billions?) keys to choose to authenticate the tag – and it will need to do this look up and authentication in the 400 MS the FCC gives for the entire session. Current PKI platforms run in quadratic time and are too slow which is why giants like RSA have not presented the industry with a solution at this time. SecureRF has the first solution in the world to run in linear-time which is how we accomplish this feat.

As stated at the beginning, we agree with many of the issues and concerns raised by Mr. Johnson and Mr. Ashton in this article. The industry does need to address this issues rather than simply telling everyone it is just a bunch of numbers on the tags. As time goes on more and more data about the asset the tags are attached to will be included on the tag and the industry will need a better answer.

Labels: , , , , , , ,