Slashdot Mirror
Gillette Buys Half a Billion RFID Tags
prostoalex writes "Gillette announced its intent to purchase 500,000,000 RFID tags from startup Alien Technology. The company expects to introduce RFID tags into its pallets and cases, according to the article. Alien Technology was the first company to introduce an RFID tag with price lower than 10 cents, even though some people claimed it could not be done."
And why do they have a "journal?" I guess I just don't get it. I was expecting a news story, but instead there was a press-release about how cool it was that Gillette was doing this.
that it bears out everything Slashdot, the Million Book Project, Kahle and so on have been saying about the benefits of freeing IP, how this does *not* hurt large companies, and how it lets everybody do more.
The Auto-ID Centre, who developed the standard and technology are 'a not-for-profit group established by MIT to develop a system for using the Internet to identify goods anywhere in the world...It is funded by large companies who want to use RFID to track goods and who believe an open standard is critical..just as the world uses one network to share information -- the Internet -- it may be possible to use that same network to share information stored initially on an RFID tag...Strictly speaking, the intellectual property belongs to the universities where the research is being conducted. However, the intellectual property will be freely available to any company that wants to use it...the Auto-ID Center may be the first time in history that companies from different industries and different regions of the world have come together to develop technology they feel would benefit their businesses - and their competitors' businesses.' (quotes from http://www.rfidjournal.com/FAQ2.html)
These guys get it, and as they've convinced companies of the size of Gillette, Cocoa-Cola, Pepsi, P&G, Johnson & Johnson, Unilever, Wal-Mart and others to sponsor this, maybe that's a sign that these companies are, or will, getting it too. There's hope yet.
http://www.rfid.org/
yes, I am karma whoring!
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
This will almost certainly be attach to the product. In the warehouses today, ppl move product around and handle order fulfillment. In the near future, I would bet that it will be roboticisized. This will lower the need for ppl (read low-end employees), but will increase the need for higher-end maintence ppl.
Interesting. I just started doing some preliminary research on the security of RFID badge readers, based off of hazy memories that somebody had shown they were absolutely trivial to capture and replay.
:-)
Haven't been able to find that paper yet, but I can tell you what I've seen ain't great. Here's the story:
RFID stands for Radio Frequency Identification, and is essentially a Tesla-esque hack to allow contactless, bidirectional storage of small amounts of data on trivial circuits powered by the reader infrastructure itself. It's most commonly deployed nowadays as a replacement for magnetic-swipe oriented systems, as the lack of an exposed data surface and the absence of contact during scanning make RFID astonishingly reliable. The functionality is quite compelling, as Gilette's mass purchase shows -- what if you never needed to do inventory? What if you could just have a few sensors throughout your warehouse do a "mass ping" and acquire from the mass of replies precisely what needs to be restocked?
And it would only take a few sensors, too. Badge readers may only provide a few inches range, but there was a pretty big fuss a while back about RFID becoming functional at nine meters. At that point, you're quite a bit beyond the forklift knowing precisely what it's carrying. It's pretty clear that Gilette will make its $50M back within a year.
Oddly enough, Inventory Tracking is much, much better use of RFID than as a badging technology, even though the latter remains much more common than the former. Badging, like all trust management systems, attempts to differentiate the few who are trusted from the many that aren't.
The problem is, the many that aren't trusted aren't trusted for a reason -- they'll spy, they'll steal, they'll break stuff. Against that backdrop, mounting an attack against the security system isn't particularly unimaginable -- and here's where things get problematic.
You see, RFID tags make 802.11 look like Alcatraz.
Passive RFID systems are powered by the outside world -- the evil demon of Cartesian yore is handing over the battery. Given a cooperative RF field, the chip spews the same bits, over and over and over again.
When an employee is standing in front of the legitimate badge reader, this is a good thing. When an employee is sitting on the subway on his way to work and some guy walks by with a power source and 13.56Mhz sniffer in his briefcase...well, I guarantee you that briefcase ain't going to beep "Thank you for your access credentials, I'll be you now." All the attacker needs to do is forge a standard plastic badge and covertly trigger a transmitter when approaching the door -- there's no way for anyone to know the badge wasn't the source of the RFID transmissions!
Just because your badge reader only works from a few inches away doesn't mean anyone's reader will. If all I need to do to get access to your entire corporate infrastructure is sit in the lobby "waiting for someone" as your CEO strolls by, you don't actually have a security system. You just have doors
Now, I've got my suspicions of whether magnetic strips can be read at a distance, but to be honest, I'm more than willing to concede that it's a longshot at best (and a hilariously laughable descent into paranoia at worst). But RFID is not the kind of technology people should be carrying around with them at all times, assuming that as long as they still have their card, they still have the value the card represents.
To be fair, it's an extraordinarily difficult problem for TI et al to solve: The chips are necessarily trivial -- they're *powered* by the sensors, for crying out loud. Not only is it nearly impossible to build any kind of cryptosystem into a chip that small and weak, but the system itself would remain utterly defenseless against electrical skullduggery: Manipulating a chip's power source is one of the definitive ways of divining its cryptographic secrets, as Satellite TV hackers have been pointing out for quite some time.
Security hasn't been left completely unaddressed by the RFID industry; they're well aware of the problems and have attempted some manuevers to compensate. As mentioned, some RFID systems can be both read and written to. This would be perfect for creating a "universal badge" that could spoof any identity without even a separate transmission system that could be examined and recognized. So what some companies have done is create a 64 bit region that cannot be modified and remains unique to the badge itself. So you use those 64 bits as a badge identifier that authenticates the rest of the data, and trust that your vendor will never release a badge that either a) repeats identifiers (unlikely, 2^64 is a very large number) or b) can have its identifier changed.
Of course, they can't do anything about c) somebody hacks together their own badge that doesn't play by the same arbitrary restrictions.
Now, I could get up and say "Oh my god! You just can't do this, it's horrifyingly insecure, just use IPSec/SSH er wait wrong wireless technology..."
But that wouldn't be useful. Maybe this might be:
There are some techniques that can minimize the exposure from insecure RFID badge authentication systems. Exploiting the Read/Write capacity is moderately elegant and requires only a badging infrastructure that supports RW. Essentially, every time somebody attempts to enter the secure facility and provides a valid bitstream from their badge, upload a new unique bitstream and verify the badge accepted it. This reduces the window of opportunity for an attacker and significantly increases their risk of discovery, since now the bits they steal today will stop working the moment the legitimate employee uses their badge next. Furthermore, if the attacker does manage to get to a badge reader before the employee returns for another update cycle, he has two major problems: First, his equipment must be minorly more complex, because it must inform the system that it has completed updating its internal RAM with the new (possibly cryptographically signed) bitstream. This is only a minor deterrent; having the equipment to spoof the badge reader means you likely have the equipment to read from one too. Second, and more importantly, because the interloper cannot control the bitstream submitted by the reader and expected upon next examination, the legitimate card will possess an out-of-date bitstream, allowing Security to discover the unauthorized entry.
That works OK. Not great -- especially if badge access translates into an ability to hack the central authentication server to accept whatever bits the legitimate card originally had -- but OK. Really, once the attacker gets access to the card's bitstream, it's game over.
So, lets prevent that. RFID may be contactless but that doesn't mean the badges themselves are -- they're attached to a living, breathing, thinking human being. One with fingers. Fingers that, for the last hundred thousand years or so, have had the ability to pinch two things together, like contacts inside a card. "Pinch here to activate badge", if you will. Just embed a cheap "squeeze sensor" into the card such that two contacts need to be forced together for the card to respond to the RF power source. It's cheap, it's easy, and it can be designed to fail towards functionality or security (i.e. the contacts either can't be separated or can't be attached).
I did see some mention of work to embed cryptographic constructs into Passive RFID systems; one paper pointed out that hash algorithms can be made using very little silicon, so having the card read some value from the badge reader and return a that value hashed with a shared secret can be a valid solution. As I pointed out earlier, these things are *so* vulnerable to power assult that any shared secret inside of them wouldn't last for long. (It's the kind of thing where you run some data through and you look at which gates are glowing -- thus you see which memory blocks are 1 and which are 0.) But this type of analysis usually requires physical access to the security card much greater than simply walking past the mark, so there's a definite win. Plus the system is inherently immune to replay attack because the output of the card is dependant upon the particular input of a given badge reading. Excellent -- if it works(and the hash is cryptographically secure, not CRC-32!).
Of course, this is all mildly off topic. Gilette's security posture is vastly different; they're more worried about five finger discounts and overly optimistic projections than they are about a rogue batch of razor blades sneaking in the back door! But since we're only a precious little amount of time away from the definitive displays of RFID remote compromise, I thought it worthwhile to go into some depth about the security concerns of RFID.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
You put your loot in the cart. You walk up to the scanner. You swipe your credit card. You leave. No cashier to deal with. No lines. No need to even remove the items from the cart.
I love technology.
Small update.
Alien is using 915mhz/2.45ghz. I assumed they were using the tech described here:
13.56 MHz Frequently Asked Questions
There's no shortage of equipment that can capture and transmit on these frequencies; cordless phones do analog work in this domain all the time. But, again -- Alien is not trying to do badging, they're trying to do inventory control.
Very, very different problems. Worst case scenario is that a competitor drives by your facility and gets the same realtime updates of your inventory that you do.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
I shave with a straight razor. My annual shaving costs are $3, for a new bar of shaving soap.
Find an old barber to teach you how to use it. Once you get the hang of it, it's no harder than a safety razor, and it shaves just as well.
Another interesting one is hand guns. If a hand gun can be tagged and the owner recorded on the tag, then it becomes very easy to verify firearms ownership, i.e., that AK47 has a tag claiming it is a small smith and wesson revolver with the owner named Mr. Bin Laden. I guess that will go down like a lead balloon with the NRA.
See my journal, I write things there
While I can't match the parent for length and information, I can provide an example of a real-world application of security that is so insecure as to be ridiculous. Unfortunately, it's at the company I work for.
Somebody went and told our clients that "security" for information systems was a problem. The clients demanded "security", so we obligingly delivered. On the software side, it meant making the login process onerous, ensuring that multiple passwords will be written on paper and taped to every client's monitor. Wow, how secure! But the suits like it.
But the clients wanted physical security for the servers, too, and that's where the RFID badges came in. For after-hours access, we already had a system where the badge was placed on a plate (I think it read a metallic signature on the card), so they replaced that with an RFID "wave the card" receiver with a keypad. Now, we were required to wave the card *and* enter a 5-digit number -- which we all immediately wrote on the card. A message came down from data (in)security: "Don't write your number on your card!" The message was universally ignored.
But the "security" gets even better. To promote the idea that we've implemented a real security system, the company installed "optical turnstiles" at the public entrances. When you walk in the lobby, you pass between hip-high black boxes with an RFID/keypad unit. If you don't wave your card *and* enter the PIN (which you wrote on the card), you'll trip an infrared beam and the unit will sound an alarm. The purpose of this alarm is to wake up the receptionist so that she can make you pick up a visitor badge. No, that's not fair... she's not always asleep; sometimes she's on the phone gossiping. Or playing Solitaire.
The first day the unit was installed, I just jumped over the IR beams. This resulted in a well-deserved nastygram from (in)Security. After that, I just made sure to enter the wrong PIN several times... and found out that the last digit can be any one of three values! Hmmm...
And one more tidbit: a co-worker's badge quit working, and when she got a new one, she had to learn a new PIN. It looks like the badge readers aren't cross-referencing the data at all... any bozo who types in the number that his badge transmitted can probably defeat the system... though surely they've done something better for the after-hours system. (Please let me believe that...)
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
In the short term, they will, as other people have said, be attached to palettes and be used for warehouse and back-of-store inventory control. But the proponents hope that soon *everything* in your supermarket trolley will have one of these babies (good term, in view of its size) attached to it. At that point, you don't have to unpack your trolley at the checkout and have it scanned by some bored hosewife. You just wheel it past a checkout point which scans the whole trolley, works out the total and prints your bill. Swipe your credit card, maybe input a PIN or some form of biometric ID, and walk out. Saving for you - the checkout queue and the whole nauseating checkout routine. Saving for the store - all the checkout operators; one problem solver can supervise three or four checkout queues, each of which can probably handle two to three shoppers a minute. Its a *big* store that needs more than one such. Cost - perhaps 3-5% on the gross bill, but you have already saved some money in the warehouse, now more at the checkout. Better security - the goods you shoved in your pocket or under your hat get billed as if they were in the trolley.
Consciousness is an illusion caused by an excess of self consciousness.
When Gilette pushed hard for Mach 3 in advertising, many supermarket chains actually made a loss on selling Gilette due to large amount of theft. So on top af having Gilette re-imbursing them, Gilette also started putting RFID tags on most of their products priced at at $3-$4 and up.
SO now that they have experience, they are pushing it towards the US as well.
These little puppies have been sought after for airport baggage tracking for a long time. Getting the cost low enough has been the hold up. My bet is this will be the eventual prime consumer of this technology. Think about how many pieces of luggage move through all the airports every day. The ability to replace the optical barcode tags with RFID will improve the baggage system quite a bit.
Also, you would not believe the cost and panic associated with every single abandond piece of luggage in an airport. The ability to know it's grandma's will save $millions, as well as give some bomb squad dogs a rest.
slashdot troll = you make a compelling argument I do not like the implications of.
They plant these things in the scalps of newborns? Talk about big brother!
:-)
My cat has an RFID tag implanted under her skin on the right-hand side of her neck. When they "installed" it (via injection) and demonstrated it with a reader, I pulled my corp security badge out of my pocket and waved it at their reader. It registered, but as an error, and not a cat.
The system we're using is called "Home Again" and I think it's a pretty damn good idea. For a pet, that is.
I read in Frontline that one of the holy grails is to get "smart staples" that you would attach to printed documents (even one page documents) that would allow tracking of paper documents -- the price target for that application is $0.02 per tag.