“It’s just a number.”

Contributed by Louis Parks:

It seems like just yesterday that I attended one of my first RFID conferences to try and validate the need for security solutions on RFID tags. So it was just over two years ago that I found myself sitting in a session featuring a panel discussion on “RFID Privacy and Security”. The topic seemed important judging by the overflowing attendance but I was not ready to hear EPCglobal, an organization focused on promoting the adoption of RFID – among other things, simply summarize the situation as a “non-issue”. The speaker went on to explain, “It is just a bunch of numbers on the tag so there is no need for security…and there are really no privacy issues at the tag level.”

I have just returned from the EPCglobal US Conference 2006 where I was not surprised to be issued a conference badge – complete with embedded RFID tag. I was VERY surprised to be given a one page document as part of my registration kit explaining that my name, company, address, etc. were all encoded on the tag and available for a reader to capture – any reader. They went to great efforts to explain they were using HF chips (the evil enemy only a few months ago) with short read ranges to help protect our data and that non-RFID badges were available if we preferred. The president of EPCglobal even included a privacy and security disclaimer on the use of the badges in the opening of his keynote address.

We have always been concerned about privacy and what happens to data after it is collected but I guess everyone, including EPCglobal finally, now recognizes that there are security issues that need to be addressed when using RFID…and the sooner the better.

Will Loose Lips Sink Chips?

The October 2006 issue of DC-Velocity magazine published a RFID 101 Technology Review column titled Will loose lips sink chips? by John R. Johnson, Executive Editor. Here is our feedback:

We found this article to be a great overview of both the challenges and opportunities for passive RFID in item level tagging. We agree with most of Mr. Johnson’s overview of the market and issues around privacy but would like to point out that there may be more happening in the area of security than Kevin Ashton - VP of Marketing at ThingMagic, who is quoted in the article, may be aware of today. Also, there was a reference to “side channel attacks” in the Data at Risk section that incorrectly describes what a side channel attack is. Finally, the solution described that TI is working on has little to do with RFID or protecting a tag in the field and is really a re-working of a paper they published with Verisign almost two years ago – that they chose not to promote at that time.

In regards to Gen 2 solutions – although there are several approaches being worked on both in the academic and commercial worlds (and recently reviewed in Graz Austria at the RFID Security 06 conference - http://events.iaik.tugraz.at/RFIDSec06/index.htm) there are some solutions available today depending on the functional requirement. SecureRF Corporation has presented our solution as one of the most advanced as we are planning on delivering our first tag in the first quarter of 2007 (not 2008/09 as quoted in the article) and it will be a Gen 2 compliant tag that will provide both authentication and data protection. As a result of these functions, it will be able to prevent rogue readers from accessing data in many cases (a function described as not feasible in the article). Mr. Ashton’s view was very narrow and from a “reader company’s” perspective. We do not boost the cost of tags in any significant way and we are currently filing a patent that will allow us to work with a customer’s currently installed Gen 2 reader network without any firmware upgrades or changes! Although we are protocol agnostic – we have joined EPCglobal and plan on making our first tags Gen 2 UHF/HF compliant.

The attack Mr. Johnson describes in the Data at Risk section is “eavesdropping” and not a side channel attack. Eavesdropping occurs when a legitimate communication session is going on between a tag and a reader and a rogue reader, in the vicinity of this communication, “listens in” and intercepts the data. A “side channel attack” occurs when an individual monitors the “secure” communications and by carefully measuring things like power fluctuations and other timing points – uses the collected data to break the security (a form of crypto analysis). This is a popular attack on smart cards. In Mr. Ashton’s scenario – there is no security to break – and hence no need for a side channel attack.

Finally, the TI solution Mr. Johnson describes does not involve the tag in any way. All of the security features are happening behind the reader on the network and the encrypted and/or signed data is simply stored on the tag. There is little to prevent someone from “cloning” the tag. That is, simply copying the good encrypted/signed data and putting it on cloned tags will make counterfeit items look like the good item. Of course, as in all PKI systems, the reader will need to know which of its millions (billions?) keys to choose to authenticate the tag – and it will need to do this look up and authentication in the 400 MS the FCC gives for the entire session. Current PKI platforms run in quadratic time and are too slow which is why giants like RSA have not presented the industry with a solution at this time. SecureRF has the first solution in the world to run in linear-time which is how we accomplish this feat.

As stated at the beginning, we agree with many of the issues and concerns raised by Mr. Johnson and Mr. Ashton in this article. The industry does need to address this issues rather than simply telling everyone it is just a bunch of numbers on the tags. As time goes on more and more data about the asset the tags are attached to will be included on the tag and the industry will need a better answer.