Running Head: RFID

481 views

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
481
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Running Head: RFID

  1. 1. RFID -1- Running Head: RFID Radio Frequency Identification Richard Wagoner Morehead State University
  2. 2. RFID -2- Radio Frequency Identification Radio Frequency Identification, or RFID as it is most often referred to, is an emerging technology that has almost limitless possibilities. RFID is not a new technology, it has been around for years but until recently it was cost prohibitive to implement and industry standards have not been in place to make different RFID systems interoperable (RFID, 2007). This is beginning to change and this change is directing RFID application growth. This wireless technology does have a huge potential and also has some huge social, cultural, security, and personal privacy concerns that must be addressed. When discussing RFID, personal privacy is the hot topic. The RFID industry itself acknowledges that there are privacy concerns associated with the technology and suggest a marketing campaign to affect consumer opposition to use of the technology (EPIC, 2007). Considering that security and privacy are key concerns affecting the future of RFID it becomes important to know what the specific issues concerning security and privacy are and what measures and ideas are being considered to deal with those issues. To accomplish this a Google search of ‘RFID and Privacy’ has been conducted and 10 articles were selected at random. These articles were reviewed and a list of specific concerns associated with RFID has been compiled. The top five concerns have been indicated and will be discussed in further detail along with proposed measures to deal with the associated privacy issues. Table 1 shows a cross reference of privacy concern issues to which
  3. 3. RFID -3- selected article the issue was mentioned in. The concerns discussed are ranked in order from most referenced issue to least referenced issue. Table 1. – RFID Privacy Concerns and Occurrence (2004)Gross RSA (2007) Cline (2003) Singel (2006) Malone (2006) (2006)Scannell (2007)Hamblen (2006)Passport (2006)Weinberg (2004)Garfinkel Movement Tracking        In-Store Tracking       Ease of Identity Theft     Omnipresent Police State    Inventorying Personal Possessions   Introduction Point for Malicious   Attack Personal Profiling  
  4. 4. RFID -4- You can see that seven topics are listed instead of five. The last 3 topics were all mentioned twice so all three will be reviewed. This discussion will begin with a review of RFID, what it is, what it is used for, and what possibilities are available with RFID. This will be followed by a discussion of each of the listed security concerns along with some recommended actions to deal with each. RFID or Radio Frequency Identification in general terms is the automatic identification of people or objects using radio waves (RFID, 2007). This normally occurs by encoding a serial number on a microchip. The microchip is then attached to an antenna and this antenna is called an RFID transponder or RFID tag. The antenna then transmits the serial number to an RFID reader which converts the radio waves into digital information that can then be processed in any number of ways through a computer system. Even though RFID technology has recently been gaining more and more attention this is not a new technology. This technology has been around since the 1970s (RFID, 2007). However, expense and limited implementation have made use of the technology impractical. There are also several uses of RFID with proprietary technology which creates several challenges with system interoperability. These challenges are slowly being overcome most noticeably with the reduced cost of microchip manufacturing allowing RFID transponders to be made inexpensively enough and small enough to be embedded in packaging or protective plastic placed on packaging allowing leading to greater durability. Many companies also use RFID technology in closed-loop systems (RFID, 2007). Such systems are used primarily internally to track inventory or
  5. 5. RFID -5- equipment. In this type of scenario the actual RFID tags can be reassigned and reused greatly reducing the cost associated with operation. Using an RFID system requires an RFID transponder and an RFID reader. When the RFID transponder is within sufficient proximity the reader can detect the radio waves of the transponder. This leads to another challenge facing RFID; the transponder and reader must by in close proximity. The proximity of the components is then affected by the type of tag, either active or passive, the frequency of operation, the power of the read, and local radio frequency noise. In general low-frequency tags can be read from a foot or less, high frequency tags can be read from approximately 3 feet, and Ultra-high-frequency tags can be read from 10 to 20 feet. Active tags can also use batteries to boost the read range to 300 feet or more (RFID, 2007). Frequency has a dramatic effect on the read distance of RFID tags. There are four primary frequency ranges: low-frequency, high-frequency, ultra-high- frequency, and microwave (RFID, 2007). Microwave frequencies, in the 2.45 GHz range, have very limited use associated with RFID but are occasionally used. Low-frequency devices operate around 125 KHz with high-frequency operating around 13.56 MHz and ultra-high-frequency operating in the range 860 MHz to 960 MHz. The frequency must then be selected by the application need and the local environment. RFID transponders can also come in either active or passive devices. Active devices normally have longer read ranges because they have their own power source which is normally a battery. The power source or battery is used to
  6. 6. RFID -6- both run the microchip’s circuitry and also to broadcast the radio signal. In contrast, passive transponders do not have a power source. Passive devices draw their power from the reader. The antenna on a passive device detects the electromagnetic waves of the radio frequency to induce a current which is then used to power the circuitry and broadcast stored information. There is also another type that has had limited use. This is a semi-passive device. This device has a battery that is used solely to run the microchip’s circuitry and then uses antenna induction to send radio signals. Passive tags are more common simply because they are cheaper to manufacture and battery life does not affect transponder life. Now understanding the RFID technology leads us to the concerns that have been expressed about this technology. While the primary purpose to this point has been for commercial organizations inventory tracking there are great concerns that the technology has the potential to encounter serious privacy and security concerns. Movement tracking is our first topic to be discussed as shown in our list of compiled concerns. People feel that RFID transponders are becoming so small that they can be placed anywhere on your person without your knowledge and then can be used to monitor your movements and or activities. This topic was listed in seven of the 10 articles reviewed. While this is not really feasible at this time due to proximity concerns the chip does have the ability to store additional information that can be read a future date. The second topic also deals with movement tracking but is concerned with in-store monitoring. This topic appeared in six of the ten reviewed articles.
  7. 7. RFID -7- There is concern that retailers can monitor customer shopping habits through both single visit stops and also multiple visit trending. Again, the logistical challenges facing such tracking would prohibit such activity at this time. There is also great difficulty in determining how such information could currently be used. Knowing that someone is prone to visit perfumes on their visit does not mean that certain actions will be taken by the retailer, especially when talking about real-time activities. However, this is still technically an invasion of personal privacy by not informing the consumer of such activity. The third topic deals with the ease of identity theft when using RFID technology. This topic was discussed in four of the ten articles reviewed. While this is a great concern you must keep in mind that the information needed for an identity theft is currently not stored on RFID transponder chips. In addition, such chips are not widely implemented which makes the attempt quite unprofitable. This technology is in limited use through “Speed Pass” type systems but the information on the chip alone is insufficient to steal your identity. The fourth topic discussed expressed concern that our society would develop into an omnipresent police state. This topic was mentioned in three of the 10 articles reviewed. The concern that was mentioned in the previous three topics would be compounded through a governmental database gathering, tracking, and monitoring all of the information obtained through movement tracking, in-store tracking, and theft of identity information. Currently there are many individuals in both state and federal government who are proposing
  8. 8. RFID -8- legislation to deter this type of future. At this time the technology is not mature enough to meet this scale of monitoring but the potential is there. The final three topics each were referenced two times in the ten articles reviewed. These topics are inventorying of personal possessions, an entry point for malicious software attacks, and personal profiling. Inventorying of personal possessions would be difficult due to reader proximity needs while there is not widespread use of the technology and as such, software attacks would have limited effect. Personal profiling again would not benefit a user at this time because of the lack of technology usage. There is one key element that can be used to reduce the risk of any of these types of activities from occurring; inform the public about the details of RFID use and the underlying technologies. When people are informed about how RFID works they will quickly begin to understand that the technology is not mature enough or capable of being used for the topics taken from the reviewed articles at this time. There is growth potential with this technology and in the future the capabilities may advance to allow full scale identity theft but that possibility is currently a theory. Many of these types of activities will not be beneficial until such time as RFID is an homogeneous part of our everyday lives. Being able to read private information about 1 individual out of a 100,000 or 1 out of 1,000,000 does not lend itself to a profitable enterprise. Being able to scan 900,000 out of 1,000,000 individuals begins to look like a worthwhile activity from a financial standpoint.
  9. 9. RFID -9- A second action that can be taken to prevent these concerns from becoming reality deals with protection of the radio waves. There were numerous discussions concerning implementation of an encryption mechanism into the RFID tags. However, the limited storage space available on most current tags makes this difficult to do while still make the tags useful. The encryption process also requires additional power again making the RFID device larger and less useful. A final consideration mentioned dealt with use of RFID transponders within employee badges, credit cards, and other personal devices. It has been suggested that such devices be designed to allow the user or owner to modify the information stored within the device and to have some type of visual display to show when the device is being accessed, when the information has been changed by external sources, and a type of device status. This is again a good possibility but the current hardware makes this process prohibitive. RFID is a technology that is currently providing many organizations a great savings of cost and improvement in operational efficiency. The future looks promising for the technology but there are several security and privacy concerns that must be addressed before public adoption of the technology will occur. The recent public outcry has brought these concerns into the public spotlight and will hopefully lead to answers that are acceptable both users and operators of the technology.
  10. 10. RFID - 10 - References Cline, Jay (2003). RFID privacy scare is overblown. Computerworld. Retrieved on October 18, 2007 from http://www.computerworld.com/securitytopics/security/privacy/story/0,1080 1,87286,00.html. EPIC (2007). Radio Frequency Identification (RFID) Systems. Electronic Privacy Information Center. Retrieved on October 16, 2007 from http://www.epic.org/privacy/rfid/. Garfinkel, Simson L. (2004). The Trouble with RFID. The Nation. Retrieved on October 18, 2007 from http://www.thenation.com/doc/20040216/garfinkel. Gross, Grant (2004). RFID and privacy: Debate heating up in Washington. InfoWorld. Retrieved on October 18, 2007 from http://www.infoworld.com/ article/04/05/28/HNrfidprivacy_1.html. Hamblin, Matt (2007). Privacy Concerns Dog IT Efforts to Implement RFID. Computerworld. Retrieved on October 18, 2007 from http://www.computerworld.com/action/article.do? command=viewArticleBasic&articleId=305197&source=rss_topic84. Malone, Robert (2006). Can RFID Invade Your Privacy? Forbes. Retrieved on October 18, 2007 from http://www.forbes.com/logistics/2006/12/05/privacy-rfid-tags-biz-logistics- cx_rm_1207rfid.html.
  11. 11. RFID - 11 - Passport (2006). RFID and the Public’s e-Passport Security Concerns. TechNews. Retrieved on October 18, 2007 from http://www.technologynewsdaily.com/node/3894. RFID (2007). RFID Journal: The World’s RFID Authority. Retrieved on October 16, 2007 from http://www.rfidjournal.com. RSA (2007). RFID Privacy and Security. RSA Laboratories. Retrieved on October 18, 2007 from http://www.rsa/com/rsalabs/node.asp?id=2115. Scannell, Tim (2006). RFID security issues are cause for corporate concern. ComputerWeekly.com. Retrieved on October 18, 2007 from http://www.computerweekly.com/Articles/2006/08/03/217369/rfid-security- issues-are-cause-for-corporate-concern.htm. Singel, Ryan (2006). Feds Leapfrog RFID Privacy Study. Wired. Retreived on October 18, 2007 from http://www.wired.com/science/discoveries/news/2006/10/72019. Weinberg, Neal (2006). Security concerns could slow RFID. NetworkWorld. Retrieved on October 16, 2007 from http://www.networkworld.com/news/2006/040406-rfid-security- concerns.html? nltxsec=040306securityalert2&code=nlsecuritynewsal29662.

×