RFID Security

Contributed by Joanne C. Kelleher

Bert Moore, Editor of AIM Global’s RFID Connections newsletter, asked in today’s issue “Will this be the year that RFID security is finally implemented?”

With the long lead time to get to a full project implementation, we think that Bert’s thesis is correct – although the timeframes may still continue to push out a bit.

Moore points out that there are many options for providing RFID security (including simply reading the tag ID, tag/reader authentication, specialized cards that can only be read when activated by the user, high levels of public key encryption, and back-end security), adding a second or even third layer to security makes it far less likely that a criminal can successfully hack a system, and that adequate tag data security is essential in addressing privacy issues by securing data against unauthorized access.

Moore suggests that perhaps a revision to Murphy’s Law should be posted in every office of anyone designing, implementing or using RFID in order to trigger security conscious thinking: “Anything that can be hacked will be hacked.”

SecureRF and other members of the RFID Security Alliance discussed the state of the RFID marketplace in December and also see more emphasis on security and some positive changes on the way in 2010.  See the summary of this discussion at http://rfidsa.blogspot.com/2009/12/rfidsas-view-of-rfid-marketplace.html.

Like Moore, the firms in the RFID Security Alliance see the potential vulnerability of RFID (real or theoretical) not a liability, but as an opportunity to design security into the RFID products and systems we offer our clients.

I recommend you read his full article, RFID: 2010 Will This Be The Year…?, Wednesday, January 06, 2010 in RFID Connections.
http://www.aimglobal.org/members/news/templates/template.aspx?articleid=3629&zoneid=26