The Next Generation of RFID - securing our world
Posted by P. Krishna on Mon, Oct 24, 2011
Version 2 of the international UHF RFID standard is about to be come reality. It's all about talk between tag and reader. The communication of captured tag data by the reader over to the network side is protected by secure network protocols like TLS and is not of concern. The security concerns in RFID are primarily surrounding its weakest link – i.e., the RF communications between the reader and tag, where an unauthorized party could get access to tag’s information such as EPC identifier, user memory contents and passwords.
In Gen2, the singulation negotiation between the reader and tag uses a random pseudonym (handle) which when acknowledged allows the tag to send its EPC identifier. The identifier is backscattered at a very low power by the tag, but is sent in the clear. A perpetrator can gain access to the identifier information and possibly create a clone of the tag.
In Gen 2, when the reader has to write sensitive information to the tag, such as the passwords or even sensitive user data, the write command is invoked using a random cover code generated by the tag and sent to the reader. The reader uses this code to conceal the write data sent over the high-powered link to the tag. It is possible for a perpetrator to snoop on the cover code from the tag as it sends it over to the reader and use it to intercept and intepret the reader data.
Lastly, there is no mechanism in Gen 2 for authenticating the two parties (reader or the tag) – i.e., no protection from a byzantine or unauthorized reader or tag.
Due to these security and privacy weaknesses, an unauthorized party could collect personal information, track users, steal (i.e., clone) identities or cause other privacy related issues. It may also be possible to embed malicious code into the Gen2 tags, which when read, can be inserted into end-user systems.
All this is possible despite security measures such as shielding the reader-tag communications.
Compared to first generation RFID protocols, Gen2 had made major advances with respect to security – using random cover codes for tag writes, access and kill passwords stored in locked memory regions, elimination of high-powered transmission of the EPC by the reader. However as pointed out above, the security in Gen 2 V1.2.0 is not strong enough to keep away serious perpetrators – it may be just enough to discourage casual mischief.
I should however mention that some of the fears are unfounded (e.g., malicious code in the tag infecting an end user system), but, such claims could easily damage the reputation of UHF passive RFID industry and impact its growth. And so, it needs to be addressed.
The thought leaders of UHF Passive RFID have been aware of these shortcomings and GS1/EPCGlobal standards body is working very hard to develop V2 of Gen2 protocol that addresses these concerns – specifically surrounding, security, anti-cloning, authentication, and privacy protection. I’m sure the updates will not stop at Gen 2 but also extend to LLRP and TDS. Having worked on EPCGlobal standards in the past, specifically, as editor of LLRP, I’m confident the Gen 2 working group will come up with a robust solution that addresses the security and privacy concerns in a scalable and performant way.