- What does Cisco have against Quebec?
- Attrition.org nails another nitwit
- Diary of a deliberately spammed housewife
- Seven cloud-computing security risks
- 20 great Windows open source projects
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Radio frequency identification is a part of the present and may well be a major part of our future. This situation is, at best, a mixed bag.
It would not be quite so bad if vendors of RFID products and companies that say they want to use them better understood security and privacy.
For those of you who have been cave dwellers over the last few years, RFIDs are small electronic devices, normally with no battery or power supply, that can interact wirelessly to identify themselves to a scanner.
The best-known examples are the very simple devices that companies such as Wal-Mart are asking suppliers to put on pallets of goods and that drug companies are beginning to attach to containers in the distribution chain (see Privacy as an afterthought ). These RFIDs are basically wireless bar codes that respond with a unique serial number when queried by a wireless scanner. Companies with large database infrastructures, like Wal-Mart, can keep track of where individual cartons of goods are in their supply chain or, someday far too soon, what individual products are in a shopper's physical cart.
But not all RFIDs are that simple. Some, like those being considered for the next generation of U.S. passports, can report back a bunch of passport-holder-specific data. Others, like the electronic key used in some cars and the ExxonMobil SpeedPass, include a cryptographic challenge-response interaction in an attempt to make sure that the RFID is not counterfeit.
These have not been particularly good days for the RFID business. Researchers at Johns Hopkins University and RSA Laboratories have shown that the RFID used in the SpeedPass and in the keys for some Ford vehicles can be spoofed reasonably easily (see rfidanalysis.org). The researchers demonstrated that the RFID chips used weak encryption keys that can be broken within a few hours. Imagine thieves scanning for car owners' encrypted keys while standing next to the car owners on elevators. The thieves then could break the encrypted keys and steal the car using normal car burglary tools, knowing that they could fool the electronic interlock into thinking they had the right key.
Texas Instruments, which makes the circuits used in the Ford keys and the SpeedPass, makes similar circuits with longer and harder-to-break keys. But Ford and Exxon decided to use the less expensive, weaker chips. Texas Instruments is not immune from blame here, as it is using a secret encryption algorithm, which violates the most basic of good encryption rules.
Rss FeedRss Feed
and there is always a but... firebug doesnt work :(- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment