No one has complained of a security breach related to an RFID deployment--yet. Businesses and vendors alike acknowledge that security remains a question mark and that it has taken a backseat to the focus on bottom-line results and returns on investment for RFID-enabling their supply chains, for now.
However, with a technology as ubiquitous as radio-frequency identification will be, there's great potential for damage, warns Salil Pradhan, chief technology officer of RFID technology at HP Labs. "Today with bar codes, it's a city street, and you're going at 20 or 30 miles an hour. Now you can hit someone, but the damage is only so much," he says. "With RFID, it becomes a freeway. You increase the velocity of goods, you're relying on this system, and if the system gets hacked, it will be a while before you even know about it."
That's why the industry needs to get its security house in order. "The big issue that we face really is that the people driving the applications--the retailers and the consumer-products manufacturers--don't really understand what level of security they want," says Tony Sabetti, director of supply-chain products for RFID at chipmaker Texas Instruments Inc. "Or, I should say, what level of security they're willing to pay for."
A number of security measures, including ISO standard 15693 for data authentication, already are used in applications such as banking-card authorizations and building- access systems, and could play a role in RFID security, Sabetti says. But not all of them are being considered for adoption by the EPCglobal Network, which provides the infrastructure for sharing RFID-enabled information about products in the supply chain. EPCglobal maintains the electronic-product-code database, which identifies a manufacturer, product, and version and serial number; provides middleware specifications for data exchange; and administers the Object Name Service for matching an electronic product code to information about the associated item. "I'm not suggesting that they should adopt some of the other specifications. I'm just saying there are a lot of great ideas in those other specifications," Sabetti says.
Security breaches can happen at the RFID tag, network, or data level. Part of the problem with adopting existing standards, at least at one level, may be "the extremely low cost and therefore extremely light functionality on the tags," says Burt Kaliski, chief scientist and director at RSA Laboratories, the research center of security vendor RSA Security Inc. All of the good security tools developed over the last 20 years won't fit into the hardware that's available on most of these RFID tags, he says. Encryption on a tag, for instance, would chew up too much of a tag's processing power, as well as add extra cost to tags that need to be lightweight and inexpensive for companies to keep costs in line.
The good news is that the industry is paying more attention to the security issue. Even Sabetti says these issues are being resolved. The EPCglobal UHF generation 2 protocol, due to be ratified later this year, is expected to work with ISO 18000-6C RFID wireless interface specifications. EPCglobal was wise to enlist security vendor VeriSign Inc. as its infrastructure provider to sort out issues surrounding security and data sharing, Sabetti says. "I'm optimistic they can get there," he says. "It's not a technology issue or even a concept issue. It's just an implementation issue."
Despite the questions that revolve around security, you can't ignore the fact that RFID ultimately provides a tremendous security boost. "If you look at most supply chains today, truth be told, it's almost security by obscurity," says Arvind Parthasarathi, director of product management at supply-chain software vendor i2 Technologies Inc. "Bad things are more likely to happen in the dark, and, in some sense, [with RFID] you're reducing the amount of darkness out there." RFID's ability to pinpoint the exact location of an item in inventory lowers the risk of insider theft, because workers will know the inventory is carefully tracked and up to date. "If you know for certain that the TV arrived at a warehouse at a specific time, and then it ends up missing there," he says, "that's a great deterrent."
Such a tiny tag. So much potential for mischief.
For starters, RFID tags can be manipulated easily by hackers, shoplifters, or disgruntled employees. That's what Lukas Grunwald, a consultant with DN-Systems Enterprise Internet Solutions GmbH demonstrated at the 2004 Black Hat security conference earlier this year.
Using a small program he helped develop, dubbed RFDump, Grunwald showed how the tags could be read, altered, and even deleted. RFDump requires nothing more than an inexpensive plug-in tag reader attached to a handheld, notebook, or desktop system running Windows or Linux. The software shows how anyone could potentially destroy all RFID tag information, change the price of an RFID-tagged item for sale, or even switch data, which could lead to retailers having to do time-consuming manual inventories to have an accurate count of their goods.
Most passive tags supporting EPCglobal standards are write-once, but RFID tags that support other standards, such as ISO, provide multiple write-to capabilities, and, by next spring, the market will be flooded with EPCglobal UHF generation 2 protocol RFID tags that also support multiple-write features. Because they're not write-protected, passive tags can be changed or written to "a couple of thousand times," Grunwald says.
Tire manufacturer Michelin North America Inc., which is embedding RFID tags in tires' sidewalls to help auto manufacturers and auto-parts retailers identify them, says chip reprogrammability is a concern. It needs to be "managed appropriately," says Pat King, Michelin North America Inc.'s global electronics strategist. King also is a member of the RFID Expert Group within the AIM Global Standards Action Group, a global trade association concerned with managing the collection and integration of data with information-management systems. "Companies shouldn't assume or depend on keeping the data that resides in that reprogrammable space on the tag secure. If you doubt the validity of that information, you can always go back to the secure information on the chip and verify it with data stored in a database."
The lack of support for point-to-point encryption (which is available using existing standards such as ISO 14443/DESFire) and a PKI key exchange contribute to tag vulnerability, according to IT advisory services firm The Advisory Council. In an article on InformationWeek's RFIDinsights.com site (informationweek.com/1011/tac_rfid.htm), The Advisory Council also identifies other ways tags could be exploited. "Rumors within law enforcement have reported that hijackers of cargo trucks are already using RFID readers to help determine which shipping pallets are worth stealing," The Advisory Council writes.