RFID Security Forum

Tuesday, October 24, 2006

“It’s just a number.”

Contributed by Louis Parks:

It seems like just yesterday that I attended one of my first RFID conferences to try and validate the need for security solutions on RFID tags. So it was just over two years ago that I found myself sitting in a session featuring a panel discussion on “RFID Privacy and Security”. The topic seemed important judging by the overflowing attendance but I was not ready to hear EPCglobal, an organization focused on promoting the adoption of RFID – among other things, simply summarize the situation as a “non-issue”. The speaker went on to explain, “It is just a bunch of numbers on the tag so there is no need for security…and there are really no privacy issues at the tag level.”

I have just returned from the EPCglobal US Conference 2006 where I was not surprised to be issued a conference badge – complete with embedded RFID tag. I was VERY surprised to be given a one page document as part of my registration kit explaining that my name, company, address, etc. were all encoded on the tag and available for a reader to capture – any reader. They went to great efforts to explain they were using HF chips (the evil enemy only a few months ago) with short read ranges to help protect our data and that non-RFID badges were available if we preferred. The president of EPCglobal even included a privacy and security disclaimer on the use of the badges in the opening of his keynote address.

We have always been concerned about privacy and what happens to data after it is collected but I guess everyone, including EPCglobal finally, now recognizes that there are security issues that need to be addressed when using RFID…and the sooner the better.

Labels: , , , ,

0 Comments:

Post a Comment

<< Home