RFID Explained

SecurityFocus has a nice column summarizing the last year's worth of stories about RFID. Of course, you, diligent Slashdot reader, have read about many of these already. But for your slacker friends that need an RFID education in one easy-to-digest article, here you go.

Shielding RFID against security

[nhaze]

Anyone who has used an RFID-based security pass card knows that they are easily shielded. Placing your RFID-secured product in an discreetly shielded bag would render the product nonexistant from RFID-probing security. I hope store that use it to augment theft security don't get lazy and think its unbeatable.

Re:Shielding RFID against security

[MosesJones]

True.. but if using smart shelves the store will know that the item has been removed from the shelf and now is no-longer in range of a scanner... this should cause an alert as that is not normal behaviour.

Most theft is internal so identifying patterns of behaviour could be an effective way of decreasing theft.

The RF elements are the hardest part of this as the power levels are so low, in the US its 4 watts max for the READER, and in Europe its .5 watts. When you consider that the passive tags use the power that the reader puts out you can imagine how sensitive to interference these things are.

Re:Concerns - answered in follow up to article

[jimkski]

I think one of the responders (Stefan Sokolowski) to the article did a good job of shedding a little more light on some of these concerns:

As a real security professional (i.e. one that does not go around screaming that the sky is falling) and as someone who has worked with RFID for the military and for civilian uses (mainly Post Offices) for over six years, I find your article makes a number of glaring omissions that would allow any sensible human being to make a rational judgement about this technology.

Omissions:

1) Range verses size. Very basic issue. The smaller it is, the closer you have to be to it to pick up the signal. For a small passive tag we are talking inches (3-4 feet max). In order to track something from 200 yards (maximum range currently in use), you need an active tag (i.e. with a battery) and it has to be the size of a beer mat. I think you would notice it in your jeans. The signal generator in this case is also a non-trivial device. It is the size on a lamp-post and weights in excuss of 30Kg. Hardly PDA attachment material.

2)Storage area on the device is tiny. For the small passive devices you are referring to the storage area is less than 1Kilobyte. Not much space for your medical records here.

3)The logic associated with the tyre scenario. The association of the vehicle number and the tyre would not be stored on the tag. There is no space, and Read/Write tags are much more expensive (and larger). Easy to overwrite also. So for your big brother is watching scenario, you would need to replace every lamp-post on every highway with a signal generator, have assess to the database that cross-references your vehicle ID with the tag ids, and be able to monitor all of the signal generators in real-time to see what was happening.

And all this just to find out where you are. Are you really that important? I think ringing your mobile would be easier.

There is also a problem with reading many tags at once. The current limit is around 200 tags per second for the best sensor. The tag will respond and continue to respond at regular intervals (sub-second usually but dependant on set-up). Because they are all talking at once on the same frequency, the sensor cannot distinguish and ignore tags in real-time. It may recieve many responses from the same tag, and there is no way to tell the tag to shut up. So imagine the situation across a busy highway.