RFID Security & Privacy
RFID security and privacy are linked issues but with the growing level of devices of all forms security is a major issue.
RFID Tutorial Includes:
RFID basics
Coupling techniques
Tags & smart labels
Readers, writers & printers
RFID antennas
Frequency bands & spectrum
Security
Standards
Wireless technology can be open to security issues, and as a result RFID security is a major issue.
Linked to RFID security, another associated issue is that of privacy. When RFID tags can be tracked, this can lead to privacy issues. In addition to this, it can be particularly important if the RFID system is not secure.
As a result, RFID security and RFID privacy are inextricably linked and both need to be taken very seriously.
RFID tag cloning
One area of particaulr concern with RFID security is that of tag cloning. RFID security systems need to be able to prevent cloning as this would open the overall system to a variety of forms of security attack.
Typically when RFID tag cloning occurs, the responses of RFID tags are received by rogue monitors. Information received can then be used to replicate tags.
To enable RFID security to overcome this vulnerability, cryptographic techniques are used and embedded into the chips used. A number of approaches may be adopted:
- Rolling code approach: This approach to RFID security uses a scheme where the identifier given by the RFID tag changes after each read action. This reduces the usefulness of any responses that may be observed. It requires the RFID reader and RFID tag to have the same algorithm for changing the identifier. If multiple readers are used, they must be linked so that tracking can occur.
- Challenge response authentications: These systems use cryptographic principles. Here the reader issues an enquiry to the tag which results in a response, but as secret tag information is never sent over the interface between the RFID reader and tag the system cannot be compromised. Both reader and tag compute information from internal cryptographic algorithms, and the results are sent and the correct responses required for a successful information interchange. The system is essentially the same as encrypting data to send over a normal radio link.
In view of the additional processing required, the tags have a very much higher cost, and they are also far more power hungry. As a result deployment of these RFID secure tags is limited to areas where the cost can be justified.
RFID privacy
A major concern over the increase in use of RFID tags is the personal security associated with the illicit tracking of RFID tags.
Private organisations have expressed their concern over this with the increasing use of electronic product code tags being embedded in consumer products. In addition to this the US Department of Defense (DoD) is looking at the problem with their use of tracking assets.
There are a number of ways in which these RFID security issues arise:
- The unique identifiers within RFID tags can be used for profiling and identifying consumer and individual patterns.
- Stealth readers can track people with RFID tags on them - RFID tags will normally remain active after an item has been bought, and when wearing a garment, for example, it is possible to utilise this tag illicitly.
- Hidden tags could be placed within on or within an item to enable stealth tracking to be undertaken.
To help overcome these issues a number of approaches can be adopted:
- Blocker tags: These tags spam any unauthorized readers into assuming that there are many tags in the vicinity and thereby preventing access to any tags that may be on the individual.
- Kill switches: When consumer items are purchased, or if an RFID tag needs to be deactivated for any reason, tags can be disabled. This function is incorporated into many newer RFID tags, although not all. It also does not stop the possibility of illicit tags being placed and used for tracking.
While these measures are available, personal security can still remain an issue as the possibility of RFID security for individuals is not widely recognized.
Security is a major issue for RFID as with any other wireless or wired communications technology. Fortunately the short ranges of RFID mean that some forms of hacking are not possible, but this does not mean that security should not be taken very seriously. If there is a hint of any gain that can be made by hackers then the opportunities will be seized. In addition to this the issues of privacy also need to be considered, especially with the growing awareness of privacy in all is aspects.
Written by Ian Poole .
Experienced electronics engineer and author.
Wireless & Wired Connectivity Topics:
Mobile Communications basics
2G GSM
3G UMTS
4G LTE
5G
Wi-Fi
Bluetooth
IEEE 802.15.4
DECT cordless phones
Networking fundamentals
What is the Cloud
Ethernet
Serial data
USB
LoRa
VoIP
SDN
NFV
SD-WAN
Return to Wireless & Wired Connectivity