That includes having a rogue reader introduced by a competitor or intruder onto an unsecured network and shipping all the data it scans off to that person, says Forrester analyst Laura Koetzle. "Another place to worry is having the data taken in by your readers hijacked between the readers and the repository of that data," she says.

The solution is to make sure all the readers on your network are authenticated before they can pass on any information to middleware that feeds enterprise systems and that the data traffic between the reader and the back-end system is encrypted. "There are some very sensible measures that should be taken when deploying RFID readers to make sure that they authenticate themselves properly to the corporate network and also that they're not broadcasting meaningful, useful information through the air that could be subject to eavesdropping by other people," Ashton says. For instance, readers based on technology from companies such as Symbol Technologies and ThingMagic support standard networking technologies, including built-in authentication features to prevent unknown entities from getting access.

One way to deal with eavesdropping on the relatively high-powered emissions of RFID readers is to use a method called "silent treewalking," says Burt Kaliski, chief scientist and director at RSA Laboratories. Within the confines of the continuously available wireless interface of RFID installations, silent treewalking ensures that the information on the tag is never repeated by the reader. Rather than having RFID tag numbers broadcast by the reader, they would instead be referenced indirectly, and the receiving middleware would know how to interpret this reference, but an eavesdropper wouldn't.

The Data
The key benefit of RFID is that it increases transparency along the supply chain. But that very transparency brings added concerns about data security. Businesses need "a very strong sense of comfort about the level of security around all the data," says Beth Lovett, solutions marketing manager for VeriSign. "And it's not just their data. It's also their trading partners' data that includes information that could relate back to their business."

As of now, no decisions have been made about which standards will be used to secure data on the EPCglobal Network. For example, when it comes to authentication, Lovett says that "this is still part of the standards-development process under EPCglobal."

It's critical to have these in hand as more companies scale up their supply-chain initiatives and start sharing data with one another, says Forrester analyst Christine Overby. "Let's just say theoretically that Wal-Mart uses the EPC Network to pass individual supply-chain information back to both Procter & Gamble and Kimberly-Clark about diapers," she says. "Kimberly-Clark and Procter & Gamble are competitors in this category. So Procter & Gamble needs to know that Kimberly-Clark can't see that supply-chain movement from Wal-Mart, and vice versa. So when this information is all pointed to over a public network, that does become a concern."

"The whole premise behind RFID is to have this item-level availability of information about the whereabouts of any tag in the field," says Burt Kaliski, chief scientist and director at RSA Laboratories. "And that information needs to be available to authorized parties only. But the set of authorized parties is constantly changing," making access management a priority for businesses.

The expectation is that existing security methods such as firewalls and other access-management technologies will be used to keep data safe and available only to authorized parties as it's exchanged over the EPCglobal Network, VeriSign's Lovett says. VeriSign is helping to sort out these questions, and EPCglobal Network security standards should be finalized by the first half of 2005.

In the meantime, companies with good data-security practices already in place will be transferring them to their RFID projects. "The problems we talk about in terms of sharing information between companies--how do you make sure that the wrong company doesn't get the information--all that is done through classical IT systems where we understand the security quite well," says Pradhan of HP Labs.

And further developments are on the way. For instance, SAP is working with partners on a new database-query technology that lets manufacturers and retailers exchange RFID data without creating copies of it on servers not controlled by the owner of the data, says Amar Singh, VP of global business development at SAP. Some data is stored in a central, virtual repository, but other key data is queried on an individual basis. "Rather than the retailer publishing that information in a virtual environment somewhere, our technology can actually go in on an individual query basis to pull data for the manufacturer and answer that question." The more places data resides, the more places it's at risk.

And if companies really do want to see returns on their investments in RFID, then they've got to be proactive about reducing risk--regardless of the costs.

--with Laurie Sullivan

Illustration by John Hersey