What are the advantages of using RFID technology?
The primary advantage of using RFID technology is that it is non-line-of-sight (nLOS). This means that cartons or pallets do not require particular orientation for scanning, unlike barcodes. This ability significantly aids the automation of many tasks throughout the supply chain that have typically been labour intensive roles such as checking and scanning incoming inventory. Organisations also have an accurate picture of stock levels which in turn means lower inventory costs and less out-of-stock occurrences. Other advantages of RFID include: labour reduction due to operator free checkpoints, enhanced visibility, asset tracking to aid in the minimisation of product shrinkage, item level tracking, traceability and quality control and improved inventory management.
How does RFID technology work?
RFID is a wireless data collection technology which, through the RF portion of the electromagnetic spectrum, uses electrostatic or electromagnetic coupling to identify objects, animals and humans as unique entities. A simple RFID system consists of an antenna and transceiver (often seen combined as a ‘reader’) and a transponder or tag. The reader components of the RFID system scan the radio frequency and transmit any information gathered to a processing unit. Conversely, the transponder is an integrated circuit containing the RF circuitry and information to be transmitted.
What are the disadvantages of using RFID technology?
There are disadvantages inherent in every radio technology, RFID is no exception. For this reason, security has to be identified as the number one disadvantage of RFID. Although it should be stated that researchers are working hard to overcome this hurdle, offering a variety of partial solutions. Coupled with the notion of security is privacy. Privacy advocates are worried that if RFID tags are placed in common items, the product may continue to be tracked once purchased by consumers. It should be stated that privacy concerns have the ability to cripple the widespread adoption of a technology. Companies like Benetton and WalMart have temporarily bent to consumer backlash, announcing RFID trials and then ceasing tests, only to continue with their RFID mission at a later date. From the perspective of the retailer and manufacturer are other disadvantages that include: the cost of the tags (although these have substantially decreased as adoption has increased), software and equipment upgrades to accommodate the new technology as well as changes to business process workflows, and even a lack of RFID standards (depending on which sector the company implementing belongs).
How secure is RFID technology, how easy would it be for a hacker to be able to access or the information on the chip?
It is kind of difficult to answer the ‘security’ question without a context. One might like to make the comparison between barcode, magnetic-stripe and RFID. Both barcode and magnetic-stripe technology have been around for over 40 years in the retail and banking sectors. Both of the technologies are very insecure but a worldwide infrastructure has been built around them (for product and article identification and for debit and credit cards). Barcodes can be read by just about any reader on the market today, and magnetic-stripe tags require merely a four digit personal identification number (PIN) which can be skimmed using an inexpensive device. I would definitely not advise the use of RFID for access control types of applications. When a new technology enters the market, hackers are presented with a new challenge. And so the race begins for who can ‘crack the code’ so to speak.
While standards are beginning to emerge like EPCglobal, there are a great number of proprietary specific RFID standards on the market. The standard denotes how a message is stored, the length of a message (e.g. 128-bit) and a sequence of bits that tell a reader when to start and stop reading, as well as additional error-checking bits. It is as simple as acquiring the relevant reader, and working out what each bit in the message means, and interpreting that information correctly. Bits can be encoded using a particular scheme, but once the scheme is identified, the information can be read. Given RFID is wireless, you need be in the proximity of 90 centimetres (dependent on the range requirements of the tag) to intercept the radio signal- so once you have read the chip you simply can play back the signal you picked up and pretend to be someone you are not. This has major implications for active tags because it means the hacker cannot only read information but write to the tag as well, and even change variables.
What are RFID chips used for?
RFID chips are being used in a variety of applications including for object, animal and human tracking and monitoring. They come in a number of different forms such as cards, tags, transponders, wedges, keys, and chip implants. At a national level, RFID is now being used to regulate agriculture (especially the tagging of livestock for traceability), for passports for citizens of a state, and for baggage tracking at airports. Some tech-savvy enthusiasts are using RFID implants for keyless door entry, and companies like VeriChip are offering transponder implants for people who want their medical history stored with them wherever they go, in case of an accident. Companies like Gillette and Proctor and Gamble have also tagged selected high-end products like razorblades and shampoos in a bid to minimise product shrinkage in the supply chain, and save on costs, product recalls, and even extortion attempts. Manufacturers are also beginning to use RFID on the factory floor, to track expensive tools and equipment, to identify inventory, and to monitor employee productivity. There are also niche applications that take advantage of RFID like the Texas Instrument’s Championchip attached to shoelaces and used for marathons to keep accurate times of athletes. Applications on the market today can be summarised as control, convenience or care-centric applications. RFID is already being used to track prison inmates and even dementia sufferers, and some have predicted that it will not be long before banks request account holders to use RFID for withdrawals in lieu of magnetic-stripe cards or smart cards.
How can users protect the information they have RFID chips?
A number of options have been suggested on how to protect the information on the RFID chip. These include killing the tag after a certain time and date stamp, encrypting the information on the chip, including passwords on tags, giving each tag a set of pseudonyms, hard and soft blocker tags, using antennae energy analysis to gauge the distance of a reader from a tag, and storing a biometric onboard the RFID chip. Some of these proposed solutions are considered more privacy-based rather than security-based but the two areas almost cannot be considered separate to one another in this case.
How does this protection work?
All of the RFID security-privacy solutions being proposed today are only partial solutions and each has its benefits and limitations. At the crux of the matter is the unique ID of the actual RFID tag, how this information is stored (perhaps using cryptographic techniques), and whether or not passwords have a role to play, and how anonymity is ensured. Two main approaches have been adopted by researchers- either a separate piece of hardware is required (hard solution), or a software based solution is adopted (soft solution). Blocker tags (i.e. ancillary RFID tags) can also help solve the problem of hacking by preventing unauthorised scanning of items. To a degree this can be considered a form of spamming from the tag back to the dubious reader so that the reader is not successful in identifying the tag. Authorised readers proceed to access the information on the tag. However, this latter approach, while workable, is still not foolproof in every instance.
What kind of developments have there been recently to protect information on RFID chips?
More recently, developments for humancentric applications have now seen RFID go into the subdermal layer of the skin in the form of a transponder. The argument for this latest development to ‘protect’ information is simple- if it’s beneath the skin the ID chip cannot be stolen, is with you everywhere you go, is lightweight (you cannot even feel it), it cannot be duplicated, a perpetrator does not know you have something implanted (the chip cannot be seen), and the RFID chip can be accessed at crucial times with your prior consent. The so-called benefits however, are misleading. Chips can still be read by persons in close proximity to an implantee, or even by unobtrusive readers that can trigger the device to emit a signal. It should be noted that though an implantable chip is potentially a deterrent to someone who wishes to commit a crime, there have been documented incidents showing that person’s whose biometric granted access to particular locations (like luxury cars), have had their finger amputated or have been forced to surrender their biometric on demand. RFID also has the potential to store multi-modal biometrics on board. We are already seeing the widespread introduction of passports with RFID jacket-covers, it may not be too long before the two automatic identification techniques are working together.
What kind of situation would require the use of extra protection on the chips?
Researchers at Johns Hopkins University and RSA demonstrated in 2005 that RFID chips could in fact be duplicated, i.e. cloned. This has had major implications for companies considering RFID as a solution for automobiles or banking. I believe that any situation that links a person with anything else (e.g. an animal or asset) needs to have extra protection. By extra protection I do not mean RFID implants, nor do I suggest storing one’s DNA onboard an RFID chip. From a company perspective, I would say that any high-end product that is manufactured or used in the process of manufacture needs to be tracked from the manufacturer through to the retailer. While they need to be tracked throughout the supply chain to prevent loss and to maintain productivity, the assets also require extra protection so that the tag is not tampered with and incorrect data recorded as a result.
This article can be read together with this media report by Elizabeth Latham: http://www.katinamichael.com/media/2007/2/12/is-rfid-safe-and-secure?