Home
News
E-mail Newsletters
Blogs
Tech Dispenser
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Print Subscriptions

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 

Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

Securing RFID information

Industry standards are being strengthened to protect information stored on RFID chips
Mark Willoughby   Today’s Top Stories    or  Other Business Intelligence Stories  
 

Sign up to receive Security Resource Alerts

December 20, 2004 (Computerworld) -- Industry standards are being strengthened to protect information stored on RFID chips and to prevent hackers from using sensitive data stored there in nefarious exploits.
Radio frequency identification data is vulnerable when stored on the chip itself and also when it is written to, or read from, the chip. A much-publicized new exploit exhibited in August by Lukas Grunwald at the Black Hat 2004 conference in Las Vegas, RFDump, exposes the vulnerability. Anybody with a card reader plugged into a laptop can use RFDump to read data from within 3 feet of a passive RFID chip.
"[Grunwald] is doing what RFID is supposed to do," said security author and Counterpane Internet Security Inc. Chief Technology Officer Bruce Schneier. "This is serious. He didn't hack anything. RFID technology originally was designed to be completely open; that's its problem. He went to the spec, read it and followed it. If you query the chip, you will get this info. If there were security countermeasures on the chip that were thwarted, then we could talk about hacking."
RFDump is a threat to data stored on passive RFID chips used today. According to industry sources, the vulnerability has been known for some time, and a new standard was approved in June to shield RFID data. The lack of security isn't expected to constrain the growth of the RFID marketplace, which is expected to grow from $91.5 million to $1.3 billion in 2008, according to market research company IDC in Framingham, Mass.
Sue Hutchinson, director of product management at EPCglobal U.S., a Lawrenceville, N.J.-based industry trade association that supports the use of electronic product codes, says most of this growth will be fueled by supply chain applications, such as tracking goods from manufacturers, through shippers and warehouses, to the retailer or final consumer destination.
"Our end users provided a detailed set of requirements, and our users provided us with some good security requirements" for supply chain applications, when work began on the second-generation RFID standard last year, Hutchinson said.

"Part of our standards development was a second-generation UHF [ultra high frequency] air interface protocol, the protocols that manage data moving between the tags and readers. It includes some protections for data on the chip," she said. The new standard will secure passive tags, such as those exploited by RFDump and found in most supply chain applications, with "a secured forward link."
"When data is written to the tag, the data is masked going over the air interface. All of the data coming from the reader to the tag is masked, so parts of the write can't be intercepted as it's coming from the reader to the tag.

Continued...
1 | 2 | NEXT  



Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story

Blogs

"We don't need al-Qaeda to blow us up. We are perfectly capable of lighting the fuse ourselves, courtesy of our..." Read more...
"Analyzing data from online and your network may be a little easier because of a new browser. Yes, a browser...." Read more...
Read more Business Intelligence posts or See all Blogs

Security researcher devises rootkit for Cisco's routers
FAQ: Windows XP SP3 reboot hell (and how to get out of it)
WiMax vs. Long Term Evolution: Let the battle begin
More top stories...
Developers target XP over Vista by wide margin
Phishing botnet expands by hacking legit sites
HP-EDS deal spurs range of customer reactions

Shuttle Columbia's hard drive data recovered from crash site
Specialists have retrieved about 99% of the data on a disk drive on board the crashed space shuttle Columbia. Don't miss the photographs of the recovered drive.
The top 15 vaporware products of all time
These big ideas were supposed to revolutionize technology, but they never actually appeared. In a few cases, you'll be glad they didn't.
Opinion: Malware vs. anti-malware, 20 years into the fray
Nearly 20 years after the first Internet worm, Steven J. Vaughan-Nichols takes stock of the malware/anti-malware landscape and spotlights how the two sides are approaching the battle.
Leopard at six months: Does it live up to the early hype?
Though some thought it was released too soon, Mac OS X 10.5 has matured into a solid operating system, says reviewer Michael DeAgonia.

FROM THE BLOGOSPHERE

Windows Vista A to Z
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.
IT Careers 2010
Four years from now, the IT field will be a vastly different place. Will you be ready?
All Zones
Application Performance Zone
Enterprise-Class Security Zone
Enterprise Solutions Zone
The File Data Management Zone
Grid Computing on Windows Zone
Security Management Zone
ITIL Best Practices Zone
The SAS Zone
Storage Virtualization Zone
The Data Center Management Zone


Ads by TechWords

See your link here
Computerworld Report: Storage Gets Strategic
Download this Computerworld Report, free, compliments of HP.
(Source: Computerworld) Data Storage has emerged from the back room to become a key part of regulatory compliance, disaster recovery and strategic tecnhology plans. Learn more in this new this Computerworld report, a $49.95 value, available free for a limited time, compliments of HP.
Download this executive briefing download
Long Tail Supplier Collaboration - What's In It For You?
Long Tail Supplier Collaboration - What's In It For You?
Download this webcast, free, compliments of Sterling Commerce
Go to the webcast 
The Advantages of a Hosted Messaging Security Solution
Get this report now!
(Source: Microsoft Office Live Meeting) Messaging management is becoming more difficult thanks to the growing malware threat. At the same time, messaging system administrators are under enormous pressure to push their messaging infrastructures to do more than ever, including archiving messaging content for regulatory compliance, archiving to support legal discovery and for overall litigation support, providing services to a growing body of mobile users, and ensuring continuity by making the messaging system more reliable, and managing policies for message encryption.
Download this white paper go
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Web Security SaaS: The Next Generation of Web Security
PRIMEQUEST Overview
New Fujitsu High-End Itanium Windows- and Linux-Based PRIMEQUEST Servers Offer the Utmost in High Availability
View more whitepapers 
SAS Information Management Kit

SAS is the leader in business intelligence and analytical software and services. Only SAS offers leading data integration, storage, analytics and business intelligence applications within a comprehensive enterprise intelligence platform. SAS gives 97 of the top 100 companies in the 2007 Fortune 500 THE POWER TO KNOW®.
Webcast: The Information Management Roadmap
Imagine high-quality data, cleansed, analyzed and delivered throughout your organization. Join Computerworld, IT visionary Thornton May and a panel of experts to learn how SAS® can help you make it happen.

View this webcast 
Research Report: Information Management Initiatives at Midsize and Large Organizations
See the top-line results of this Computerworld sponsored survey to see how IT and business leaders are handling information management implementation.

Download this report 
White Paper: Information Management: Better Information for Winning Decisions.
This white paper explains how the SAS Information Evolution Model aids companies in assessing how they use this information to make strategic decisions and drive business.

Download this white paper 

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDG Connect IDG World Expo Infoworld
The Industry Standard ITworld JavaWorld LinuxWorld MacUser Macworld Network World PC World Playlist
Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.