| |
RFID's Security
Challenge
November 15, 2004
Security -- and its high cost -- appears to be the next hurdle in the
widespread adoption of RFID.
By George V. Hulme, Thomas Claburn
No one has complained of a security breach related to an RFID
deployment--yet. Businesses and vendors alike acknowledge that
security remains a question mark and that it has taken a backseat to
the focus on bottom-line results and returns on investment for
RFID-enabling their supply chains, for now.
However, with a technology as ubiquitous as radio-frequency
identification will be, there's great potential for damage, warns
Salil Pradhan, chief technology officer of RFID technology at HP Labs.
"Today with bar codes, it's a city street, and you're going at 20 or
30 miles an hour. Now you can hit someone, but the damage is only so
much," he says. "With RFID, it becomes a freeway. You increase the
velocity of goods, you're relying on this system, & if the system gets
hacked, it will be a while before you know about it."
|
|
|
That's why the industry needs to get its security house in order. "The
big issue that we face really is that the people driving the
applications--the retailers and the consumer-products
manufacturers--don't really understand what level of security they
want," says Tony Sabetti, director of supply-chain products for RFID
at chipmaker Texas Instruments Inc. "Or, I should say, what level of
security they're willing to pay for."
A number of security measures, including ISO standard 15693 for data
authentication, already are used in applications such as banking-card
authorizations and building- access systems, and could play a role in
RFID security, Sabetti says. But not all of them are being considered
for adoption by the EPCglobal Network, which provides the
infrastructure for sharing RFID-enabled information about products in
the supply chain. EPCglobal maintains the electronic-product-code
database, which identifies a manufacturer, product, and version and
serial number; provides middleware specifications for data exchange;
and administers the Object Name Service for matching an electronic
product code to information about the associated item. "I'm not
suggesting that they should adopt some of the other specifications.
I'm just saying there are a lot of great ideas in those other
specifications," Sabetti says.
Security breaches can happen at the RFID tag, network, or data level.
Part of the problem with adopting existing standards, at least at one
level, may be "the extremely low cost and therefore extremely light
functionality on the tags," says Burt Kaliski, chief scientist and
director at RSA Laboratories, the research center of security vendor
RSA Security Inc. All of the good security tools developed over the
last 20 years won't fit into the hardware that's available on most of
these RFID tags, he says. Encryption on a tag, for instance, would
chew up too much of a tag's processing power, as well as add extra
cost to tags that need to be lightweight and inexpensive for companies
to keep costs in line.
The good news is that the industry is paying more attention to the
security issue. Even Sabetti says these issues are being resolved. The
EPCglobal UHF generation 2 protocol, due to be ratified later this
year, is expected to work with ISO 18000-6C RFID wireless interface
specifications. EPCglobal was wise to enlist security vendor VeriSign
Inc. as its infrastructure provider to sort out issues surrounding
security and data sharing, Sabetti says. "I'm optimistic they can get
there," he says. "It's not a technology issue or even a concept issue.
It's just an implementation issue."
Despite the questions that revolve around security, you can't ignore
the fact that RFID ultimately provides a tremendous security boost.
"If you look at most supply chains today, truth be told, it's almost
security by obscurity," says Arvind Parthasarathi, director of product
management at supply-chain software vendor i2 Technologies Inc. "Bad
things are more likely to happen in the dark, and, in some sense,
[with RFID] you're reducing the amount of darkness out there." RFID's
ability to pinpoint the exact location of an item in inventory lowers
the risk of insider theft, because workers will know the inventory is
carefully tracked and up to date. "If you know for certain that the TV
arrived at a warehouse at a specific time, and then it ends up missing
there," he says, "that's a great deterrent."
The Tag
Such a tiny tag. So much potential for mischief.
For starters, RFID tags can be manipulated easily by hackers,
shoplifters, or disgruntled employees. That's what Lukas Grunwald, a
consultant with DN-Systems Enterprise Internet Solutions GmbH
demonstrated at the 2004 Black Hat security conference earlier this
year.
Using a small program he helped develop, dubbed RFDump, Grunwald
showed how the tags could be read, altered, and even deleted. RFDump
requires nothing more than an inexpensive plug-in tag reader attached
to a handheld, notebook, or desktop system running Windows or Linux.
The software shows how anyone could potentially destroy all RFID tag
information, change the price of an RFID-tagged item for sale, or even
switch data, which could lead to retailers having to do time-consuming
manual inventories to have an accurate count of their goods.
Most passive tags supporting EPCglobal standards are write-once, but
RFID tags that support other standards, such as ISO, provide multiple
write-to capabilities, and, by next spring, the market will be flooded
with EPCglobal UHF generation 2 protocol RFID tags that also support
multiple-write features. Because they're not write-protected, passive
tags can be changed or written to "a couple of thousand times,"
Grunwald says.
Tire manufacturer Michelin North America Inc., which is embedding RFID
tags in tires' sidewalls to help auto manufacturers and auto-parts
retailers identify them, says chip reprogrammability is a concern. It
needs to be "managed appropriately," says Pat King, Michelin North
America Inc.'s global electronics strategist. King also is a member of
the RFID Expert Group within the AIM Global Standards Action Group, a
global trade association concerned with managing the collection and
integration of data with information-management systems. "Companies
shouldn't assume or depend on keeping the data that resides in that
reprogrammable space on the tag secure. If you doubt the validity of
that information, you can always go back to the secure information on
the chip and verify it with data stored in a database."
The lack of support for point-to-point encryption (which is available
using existing standards such as ISO 14443/DESFire) and a PKI key
exchange contribute to tag vulnerability, according to IT advisory
services firm The Advisory Council. In an article on InformationWeek's
RFIDinsights.com site (informationweek.com/1011/tac_rfid.htm), The
Advisory Council also identifies other ways tags could be exploited.
"Rumors within law enforcement have reported that hijackers of cargo
trucks are already using RFID readers to help determine which shipping
pallets are worth stealing," The Advisory Council
But many say scenarios where supply-chain data could get corrupted by
"rogue" RFID tags, or that supply chains could be slowed by changing a
tag's data to random data in a denial-of-service attack, pose no
greater risk than what already exists today. "RFID provides more
security and more opportunities to prevent people from getting their
hands on the supply chain. I can't think of any scenario that could be
done because of RFID that doesn't already happen today," says Mani
Subramanyam, principal consultant for retail solutions at IT-services
company Wipro Technologies. For instance, retail customers have been
known to swap bar-code tags to try to cheat the system, he says. And,
unlike RFID tags, bar codes can be counterfeited on most any computer
and printer.
"That sort of thing is much more difficult with RFID tags than with
bar codes. You need specific technical knowledge and specific tools to
pull it off," agrees Peter Regen, VP of global visible commerce
solutions at Unisys Corp.
Security devices are being considered and are likely to ease many of
the security worries that center around RFID tags. For example,
unique, product-specific EPC codes, akin to a car's vehicle ID number,
could be created so that if anyone were to break the security, he or
she would get information for only a single product. And that's not
worth the time it will take to break the code, Regen says. "You're not
going to do it, the bar will be too high," he says.
Additionally, the new EPCglobal UHF generation 2 protocol standard
will provide enhanced security features for passive tags, says Sue
Hutchinson, director of product management at EPCglobal. The standard
provides password protection as well as the ability to encrypt the
data being sent from the tag to the reader, rather than having
encryption on the tag itself.
While companies are just starting to address security questions,
privacy advocates and legislators have for some time been attempting
to address the privacy issue, which primarily centers around the tags.
As the issue gains traction, the industry has started to focus on it,
as well. At Germany's Metro Group AG's Future Store in Rheinberg, RFID
tags on items lose their function outside the store, a spokesman for
the retailer says. A "deactivator" is available to the customer at the
exit of the store; this overwrites the numerical product code stored
on the chip and changes it into zeroes. |
| |
|
