RFID Security

Contributed by Joanne C. Kelleher

MEF is global trade organization for companies wishing to monetize their goods, services and digital products via the mobile connected device.  Earlier in the year they released their top 10 predictions for 2012 around mobile content and commerce.  I was pleased to see that their top 3 predictions overlap with the interests of SecureRF:

1. NFC:  2012 will be the year that the industry ‘gets’ NFC and there will be increased investment with some spectacular trials, but it will fail to have a significant commercial impact.

2. Security: Regulators worldwide will be brought face-to-face with the security challenges of in-app billing, and new regulations will emerge.

3. Privacy: As Smartphones and mobile connected devices continue to become more widespread, increasingly complex and diverse attitudes towards privacy will cause chaos in the industry.

It will be interesting to see if they are correct that NFC “will fail to have a significant commercial impact” in 2012.  I am feeling more optimistic about the activity related to NFC this year.

For example, in mid-December 2011, IMS Research reported that “the number of Near Field Communications (NFC)-enabled phones shipped in 2011 totaled 35 million globally” and they forecast “that significant market events and the enablement of other cellular handsets will drive that number to nearly 80 million by the end of 2012.”

With that many NFC-enabled phones, there will be firms who will create goods, services and digital products that incorporate that technology.

View the full list at MEF reveals Top 10 Predictions for 2012.

Contributed by Joanne C. Kelleher

The RFID Security Alliance holds a monthly open forum about topics related to securing radio frequency identification systems. Attendees can dial in or, if in the San Francisco, CA area, attend in person.

January’s topic is “Outlook for 2012.” What do you think is the outlook in 2012 related to RFID, NFC and security?

Share your views with other RFID Security Alliance members on what you think will be of concern this year and the open forum can discuss possible mitigation. If you have no concerns, come and listen what other people think will be happening in 2012 in the RFID and NFC landscape and where security issues may play a role.

The 1/11/2012 forum starts at 10 am PT/1 pm ET and will last about 1 hour.

To participate, email Anna.Haight@RFIDSecurityAlliance.org. She will send you the dial in details and any slides. If you wish to join in person, the physical location is QLM Consulting, Sausalito, CA.

We hope you can join us.

Future Monthly Open Forum topics (all from 10:00 AM to 11:00 AM Pacific Time) are:
Wednesday, February 8, 2012 – Topic TBD
Wednesday, March 14, 2012 – Topic TBD
Wednesday, April 11, 2012 – “RFID Journal Live Highlights & Discussion”

For more information, visit http://www.rfidsecurityalliance.org/upevents.htm

Contributed by Joanne C. Kelleher

The RFID Security Alliance holds a monthly open forum about topics related to securing radio frequency identification systems. Attendees can dial in or, if in the San Francisco, CA area, attend in person.

December’s topic is “RFID Security in Retail” presented by Justin Patton, RFID Research Center Managing Director at University of Arkansas.

Topics will include:

• Required security for UHF Passive use in retail (tag locking, passwords, etc.)
• The issue of counterfeiting/copying of tags. Why this is an issue and possible resolutions, etc.
• Effects of security lapses in serialization of tagged products
• Security issues in the store with external readers/tags

An open discussion on this topic will follow his presentation.

Justin Patton has served as Managing Director of the University of Arkansas’ RFID Research Center since its inception in 2005. In addition to being involved in most major retail RFID deployments, he has performed extensive research into RFID and other identification technologies in asset tracking, data management, aerospace, transportation, agriculture, healthcare, and logistics implementations. Justin’s primary focus is on business value with a strong emphasis on technical implementation of the technology, and is one of the primary developers of Arkansas Radio Compliance, the first baseline performance testing system for multi-partner RFID supply chain systems.

The 12/14/2011 forum starts at 11 am PT/2 pm ET and will last about 1 hour. Note that this is one hour later than usual.

To participate, email Anna.Haight@RFIDSecurityAlliance.org. She will send you the dial in details and any slides. If you wish to join in person, the physical location is QLM Consulting, Sausalito, CA.

We hope you can join us.

Future Monthly Open Forum topics (all from 10:00 AM to 11:00 AM Pacific Time) are:
Wednesday, January 11, 2012 – “Outlook for 2012″
Wednesday, February 8, 2012 – Topic TBD
Wednesday, March 14, 2012 – Topic TBD
Wednesday, April 11, 2012 – “RFID Journal Live Highlights & Discussion”

For more information, visit http://www.rfidsecurityalliance.org/upevents.htm.

Contributed by Joanne C. Kelleher

Contributed by Joanne C. Kelleher

The Connecticut Technology Council has selected approximately 65 companies, including SecureRF Corporation, as the 2011 class of “CT Tech Companies to Watch.” These start-up technology companies are from all technology verticals and represent an especially wide variety of software companies, some promising new green tech ideas and an impressive list of software and new media companies. The emerging companies will be presented and honored for their potential and innovation on October 27, 2011.

The CT Tech Companies to Watch will exhibit at the The Omni Hotel in New Haven as part of the fifth Innovation Pipeline Awards, a celebration of the most promising early stage technology companies in the state. The Innovation Pipeline Awards are part of a larger event being held that day called the Cantor Colburn / CCAT Innovation and Entrepreneurship Summit and includes a northeast angel investor summit. The October 27th event will honor emerging technology companies that are considered to have the best potential for future business success. A key aspect of the evening’s program is a technology showcase, a poster fair where all the “Companies to Watch” will participate in a mini-trade show.

If you are attending this event, please visit SecureRF’s poster display.

The full list of CT Tech Companies to Watch is at http://ct.typepad.com/c2w/2011/09/2011-ct-tech-companies-to-watch.html

Contributed by Joanne C. Kelleher

For their 50th anniversary, Frost & Sullivan have identified 50 global mega trends that will have the greatest impact on transforming society, markets and cultures. These trends include population growth, healthcare, food, transportation, energy and even robots as domestic helpers.

Given the broad scope of these trends, I was pleasantly surprised to see how many intersected with the security work that SecureRF is doing.

8. More than 900 satellites to be launched globally by 2020, creating multiple innovative applications
12. By 2020, more than $22.5 billion will be spent to develop safe and secure cities across the globe
13. Investments to counter cyber threats will account for up to 2.5% of the global security in 2025
21. Mobile Internet devices (MIDs) will surpass netbooks; one out of every five people will own a MID by 2020, and high-speed broadband of 50-100 Mbps will enable new applications and business models
22. About 50% of the overall industrial sensing market in the process industry segment will go wireless by 2020
23. Environmental monitoring and “smart structures” to be among the top end-user applications of sensors in 2020
40. The size of the global manufacturing service industry will double; smart integration technologies, machine-to-machine communication and business/manufacturing analytics-related services will help drive process and manufacturing efficiency
41. Control on the go: Proliferation of wireless systems, embedded devices, virtualization, and industrial networking will result in efficient asset monitoring, improved reliability, and safety despite cyber security threats and challenges
50. Smart materials that can sense changes in the environment around them and respond in a predictable manner will find widespread applications

Although security isn’t specifically mentioned in most of these, it will be an important consideration in the implementation of these technologies and applications.

Frost & Sullivan’s full list of 50th Anniversary Predictions is at http://www.frost.com/prod/servlet/our-services-page.pag?mode=open&sid=218649156

Contributed by Joanne C. Kelleher

The Hawaii Natural Energy Institute put together The Maui Smart Grid Project team to evaluate new smart-grid technologies and collect feedback from the community. A recent article in the Maui News, Smart Grid Project Concerns Addressed, said :

The project team considers the safety and satisfaction of participants extremely important, and there are three common concerns to clarify further:
3. Privacy/security – The data captured by smart meters will only be used to evaluate the technologies tested in the project. The security protocols implemented adhere to all standards set by the Department of Defense for wireless networks.

I thought this reference to the DOD was strange, one of those statements that sounds good to people not involved in the industry, but doesn’t really go far enough.

The DOD’s CIO office has issued several policies, some related to wireless networks, such as # 8100.02 – Use of Commercial Wireless Devices, Services, and Technologies in the DoD Global Information Grid (GIG). There are also specific standards related to top secret and classified information shared over wireless networks, which don’t apply in this situation.

However, the DOD is not responsible for setting standards related to smart grid security and privacy for public utilities.  The article, “Smart Grid Privacy And Security Risks Loom For Agencies” discusses several agencies involved in the Smart Grid, but the DOD isn’t mentioned.  The agencies and organizations that are involved include:

• Department of Homeland Security,
• National Institute of Standards and Technology(NIST)
• Federal Energy Regulatory Commission (FERC)
• Department of Energy and their Advanced Metering Infrastructure Security Task Force with 11 utility companies
• North American Electric Reliability Corporation (NERC) and their regional level committees
• Various state public utility commissions

In addition “George W. Arnold, the National Coordinator for Smart Grid Interoperability at NIST, said in a recent paper published by the Institute of Electrical and Electronics Engineers (IEEE), that there are currently more than 20 technical standards development organizations working on smart grid.”

Despite this long list, there are multiple jurisdiction issues and no one agency is in charge. “Usman Sindhu, Senior Research Analyst at IDC Energy Insights, said it would be impossible to pinpoint one particular agency that is responsible for smart grid security standardization.”

We do know that the DOD is not responsible for smart grid security, yet the security protocols implemented in Hawaii will adhere to all standards set by the Department of Defense for wireless networks.  Maybe meeting standards that don’t apply is the easy way out of the hard work that needs to be done.