Executive Summary

This report provides an enumeration of the security requirements desired of a near term deployment of the technology. Security and privacy risk assessments of the passive RFID System are provided, with a description of potential countermeasures to address the stated risks. eneral analysis of RFID technology indicates that several mitigation strategies are availa!le to alleviate privacy and security concerns. Security mitigation strategies include the use of encryption, implementation of anti"collision algorithms to ensure reader availa!ility and data integrity, the use of filters and audit trails to permit detection of counterfeit tags or replay attacks, and education of tag holders a!out the use of physical shielding. privacy protection strategies include the implementation of Fair Information #ractices, including educating the pu!lic a!out RFID technology and su!sequent placement of tags in travel documents, assignment of a new a"ID num!er whenever a new or replacement a"ID is issued, and educating tag holders a!out the use of physical shielding that can prevent their tags from !eing read.

Introduction
RFID stands for Radio-Frequency Identification. The acronym refers to small electronic devices that consist of a small chip and an antenna. The chip typically is capa!le of carrying $,%%% !ytes of data or less. RFID uses the low"end of the electromagnetic spectrum. The waves coming from readers are no more dangerous than the waves coming to your car radio. The RFID device serves the same purpose as a !ar code or a magnetic strip on the !ack of a credit card or &T' card( it provides a unique identifier for that o!)ect. &nd, )ust as a !ar code or magnetic strip must !e scanned to get the information, the RFID device must !e scanned to retrieve the identifying information. Radio Frequency Identification *RFID+ technology uses radio waves to identify people or o!)ects. There is a device that reads information contained in a wireless device or ,tag- from a distance without making any physical contact or requiring a line of sight. RFID technology has !een commercially availa!le in one form or another since the ./0%s. It is now part of our daily lives and can !e found in car keys, employee identification, medical history1!illing, highway toll tags and security access cards. International standards have !een adopted for some very specific applications, such as tracking animals. 'any other standards initiatives are under way. The International 2rgani3ation for Standardi3ation *IS2+ is working on standards for tracking goods in the supply chain using high"frequency tags *IS2 .4%%%"5+ and ultra"high frequency tags *IS2 .4%%%"6+. 7#8glo!al, a )oint venture set up to commerciali3e 7lectronic #roduct 8ode technologies, has its own standards process, which was used to create !ar code standards. 7#8glo!al intends to su!mit 7#8 protocols to IS2 so that they can !ecome international standards

Objective of the study

Investigate the security and privacy issues that arise from the proposed use of RFID Technology &ssess the capa!ility of availa!le technology to resolve those issues #rovide recommendations to help meet security and privacy requirements Security 2!)ectives9

.. 8onfidentiality 8onfidentiality is the assurance that only authori3ed entities share and access system resources and data. The confidentiality o!)ectives within the RFID System include9 &ll data within the system should !e protected from unauthori3ed access The algorithms for creating a"IDs cannot !e reverse engineered from known a"IDs 8ommunications channels within the system should !e protected from unauthori3ed access The data on the RFID Tags should !e protected from access !y unauthori3ed RFID Readers. $. Integrity Integrity is the assurance that data is complete, un"modified and authentic.

This principle introduces requirements to protect against the modification of system data and resources9 RFID Tag data should !e protected from unauthori3ed modification The RFID interrogation channel and su!sequent RFID data trail !etween the RFID System components should !e protected from unauthori3ed modification &ll data within the system should !e protected from unauthori3ed modification The presence of multiple tags should not cause loss of system integrity Duplication of RFID Tags should !e prohi!ited. 5. &vaila!ility &vaila!ility is the assurance that authori3ed entities are a!le to access resources when needed. The following availa!ility requirements are relevant to the RFID System9 &ll system components are operational $: hours a day, 0 days a week The presence of multiple tags should not cause system outage The presence of multiple readers should not cause system outage Data accessed from the !ack end enterprise system should !e availa!le to multiple authori3ed personnel at any one time.

:. ;on"repudiation ;on"repudiation is the assurance that a sender or recipient cannot deny data modifications and data transmissions. The assurance of this principle allows for entities within a system to trust one another and trust data integrity. &s such, we state the following requirements within this principle9 'utual authentication !etween the RFID Tag and RFID Reader should occur 'utual authentication !etween the RFID Reader and 'iddleware should occur

Scope of the study

<ork towards9 The esta!lishment of a common frame of reference for security and privacy protection in organi3ations, professions and the pu!lic domain( The e=change of practical e=perience( The dissemination of information on and the evaluation of current and future protective techniques( The promotion of security and privacy protection as essential elements of information processing systems. The clarification of the relation !etween security and privacy protection.

How RFI wor!s"

& Radio"Frequency Identification system has three parts9

& scanning antenna & transceiver with a decoder to interpret the data & transponder " the RFID tag " that has !een programmed with information.

The scanning antenna puts out radio"frequency signals in a relatively short range. The RF radiation does two things9

It provides a means of communicating with the transponder *the RFID tag+ &;D It provides the RFID tag with the energy to communicate *in the case of passive RFID tags+.

This is an a!solutely key part of the technology( RFID tags do not need to contain !atteries, and can therefore remain usa!le for very long periods of time *may!e decades+. The scanning antennas can !e permanently affi=ed to a surface( handheld antennas are also availa!le. They can take whatever shape you need( for e=ample, you could !uild them into a door frame to accept data from persons or o!)ects passing through. <hen an RFID tag passes through the field of the scanning antenna, it detects the activation signal from the antenna. That >wakes up> the RFID chip, and it transmits the information on its microchip to !e picked up !y the scanning antenna. In addition, the RFID tag may !e of one of two types. &ctive RFID tags have their own power source( the advantage of these tags is that the reader can !e much farther away and still get the signal. 7ven though some of these devices are !uilt to have up to a .% year life span, they have limited life spans. #assive RFID tags, however, do not require !atteries, and can !e much smaller and have a virtually unlimited life span. RFID tags can !e read in a wide variety of circumstances, where !arcodes or other optically read technologies are useless.

The tag need not !e on the surface of the o!)ect *and is therefore not su!)ect to wear+ The read time is typically less than .%% milliseconds ?arge num!ers of tags can !e read at once rather than item !y item.