RFID Security Does Not Get Enough Attention, Yet

Filed in archive Privacy and Security on March 31, 2006

RFID presents a conundrum. On the one hand, for it to be useful it has to be easy to read by a variety of readers across different organizations. On the other hand, when tags are easy to read, then tag data can be stolen and used -- and not just by those that you intend to be able to read it:

"When a consumer item is in transit, being unloaded or being purchased, its tag's data is available to anyone interested in reading it. Since RFID tags and interrogators need to be standardized (proprietary tags and readers defeat the purpose), anyone with an interest can access the data."

The above quote is from an article written by Ray Cavanagh appearing in RFID Journal.

Ray is President of Cavanagh Consulting Group. He is one of the friendly people I met at the recent Smart Labels USA Conference. During one of the conference breaks, he and I rang each other on our mobile phones to locate one another so we could meet, and then had an interesting talk.

Ray's company helps end users of RFID implement security solutions.

Notice I'm talking about security, not necessarily privacy. Lack of security may result in violations of privacy, but it has other ramifications as well. Proprietary information can be inadvertently revealed to competitors. Systems might be hacked into and compromised. Tag data may be duplicated and used to work fraudulent schemes or pass counterfeit goods.

Ray says tag encryption is what's needed to secure tag data, to make sure tags can be read by those you intend to read them, but kept out of the hands of those you do not. Not enough attention is being placed on RFID security -- yet -- Ray emphasizes, although he said he was pleased to see some of the speakers at Smart Labels USA address security concerns in their presentations.