RFID Security

Contributed by Joanne C. Kelleher

The January/February 2009 issue of Technology Review, Published by MIT included this article – RFID’s Security Problem: Are U.S. passport cards and new state driver’s licenses with RFID truly secure?

Since this is an MIT publication and I know this institution has researchers and alumni involved in the field of RFID security, I was looking forward to an in-depth investigation or new research results.

I was disappointed that this was basically a summary of previously disclosed information with some new quotes from Ari Juels at RSA Laboratories and Tadayoshi Kohno, an assistant professor of computer science at the University of Washington, who had collaborated on evaluating the Washington State enhanced drivers’ licenses and federal passport cards. Their research results were released in October – see No Surprise: Border-Crossing Cards Can Be Copied.

Although reference was made to a “University of Virginia security researcher’s analysis of the NXP Mifare Classic, an RFID chip used in fare cards for the public-transit systems” there was no mention of the MIT students who found security vulnerabilities in the Massachusetts Bay Transit Authority’s (MBTA) Boston fare cards (and the controversy that ensued when they planned to present this at last summer’s Defcon security conference, see A Quiz on Hacking Transportation Cards ).

Maybe this re-hash is a sign that 2009 will be a year with more emphasis on solving RFID security problems rather then finding them.