RFID Explained

SecurityFocus has a nice column summarizing the last year's worth of stories about RFID. Of course, you, diligent Slashdot reader, have read about many of these already. But for your slacker friends that need an RFID education in one easy-to-digest article, here you go.

There's a war going on,

and the only way to defend ourselves is with an electromagnetic pulse, our only defense against sentinel tags.

diligent readers

But for your slacker friends that need an RFID education in one easy-to-digest article, here you go.

Oh, you mean the slacker friend who didn't spend his Friday afternoons reading frivilous websites, who managed to get that promotion instead of me. I'll forward him the link.

Shielding RFID against security

[nhaze]

Anyone who has used an RFID-based security pass card knows that they are easily shielded. Placing your RFID-secured product in an discreetly shielded bag would render the product nonexistant from RFID-probing security. I hope store that use it to augment theft security don't get lazy and think its unbeatable.

Re:Shielding RFID against security

[MosesJones]

True.. but if using smart shelves the store will know that the item has been removed from the shelf and now is no-longer in range of a scanner... this should cause an alert as that is not normal behaviour.

Most theft is internal so identifying patterns of behaviour could be an effective way of decreasing theft.

The RF elements are the hardest part of this as the power levels are so low, in the US its 4 watts max for the READER, and in Europe its .5 watts. When you consider that the passive tags use the power that the reader puts out you can imagine how sensitive to interference these things are.

Big Brother? not necessarily.

[griffjon]

Everyone freaks out about RFIDs, but I remain in the camp that these could be really cool, as long as consumers (ok, geeks) figure out how to control them (by burning them out or just finding the darned things and removing them from unwanted places, like the back of a Yugo [1])

Ever lose your cell phone and have someone call it so you could find it? Imagin being able to do that with any random item? superglue a RFID onto it, and walk around with a semi-portable RFID scanner. OK, not as great due to the limited range of the things, but you could pretty easily determine if the keys were under the couch or not.

Now, the sucky thing will be if (when) manufacturers build RFIDs into places that you can't get to without destroying the item or voiding the warranty.

So, we need an opt-out method for RFIDs, which may be as simple as a way to find the lil' bastards and plier them flat, but beyond the scare, there's promise:

telnet homenetwork : fridgeport
Brr! it's cold in here [45F]! Can I have your username?
> JoeBachelor
And your password?
> gotb33r?
Welcome to your Refridgerator/Freezer system!
>cd fridge
>ls
Directory of /fridge:

Beer/
Beer/Shiner Bock (1)
Beer/MGD (5)

Condiments/
Condiments/ketchup package (13)
Condiments/mustard package (2.5)
Condiments/SoySauce package (1)
Condiments/Unidentifiable (5)
Condiments/mayonnaise (1) (warning: use-by-date 5 months expired!)

Vegetables/

Soda/
Coke (.5)
Mountain Dew (4)
non-caffeinated/
ActualFood/
lunchmeat_ham (1) (warning: use-by-date 1 week expired!)
cheese_cheddar (2) (warning: use-by-date is tommorow!)
End of directory. No healthy food available.
>man healthy
Sorry, you need to install the Mother or Health-Conscious-Girlfriend modules for these extensions
>make food
Unable to make food. Stop.
>exit.
Goodbye.

see?!!!!! see! this is my vision!

unrelated, I'm worried about /.s email garble today : Email
GriffJon@[ ]mail.com ['Hot' in gap]
hot in gap? what does that imply?

[1] That's a "Mall Rats" reference, for the rest of you.

Security paranoid?

[noitalever]

ok, so in the first part of this article the guy says

"When a transponder receives a certain radio query, it responds by transmitting its unique ID code, perhaps a 128-bit number, back to the transceiver. Most RFID tags don't have batteries (How could they? They're 1/3 of a millimeter!). Instead, they are powered by the radio signal that wakes them up and requests an answer."

Later he throws in this little paranoia bit about "Do you really want your car's tires broadcasting your every move?" What's that about? He knows they don't "broadcast" and that you'd have to be within several feet to monitor. You already have a frickin license plate on your car, so who cares? The good side of that is that you could prove that your tires were now living on someone else's car when they were stolen...

And in that line of thinking, how long will it take for commercial "scanners" to come around, so you can locate the chip and neutralize it? It just seems that people are freaking out about security when in reality, people can already track everywhere you go anyway. How many people out there use cash exclusively? No one I know. I can't WAIT for the day when I just walk out the door with a cart full of stuff and it's automatically taken out of my checking account. that would well be worth someone being able to count how many hammers I buy in a month.

Re:Concerns - answered in follow up to article

[jimkski]

I think one of the responders (Stefan Sokolowski) to the article did a good job of shedding a little more light on some of these concerns:

As a real security professional (i.e. one that does not go around screaming that the sky is falling) and as someone who has worked with RFID for the military and for civilian uses (mainly Post Offices) for over six years, I find your article makes a number of glaring omissions that would allow any sensible human being to make a rational judgement about this technology.

Omissions:

1) Range verses size. Very basic issue. The smaller it is, the closer you have to be to it to pick up the signal. For a small passive tag we are talking inches (3-4 feet max). In order to track something from 200 yards (maximum range currently in use), you need an active tag (i.e. with a battery) and it has to be the size of a beer mat. I think you would notice it in your jeans. The signal generator in this case is also a non-trivial device. It is the size on a lamp-post and weights in excuss of 30Kg. Hardly PDA attachment material.

2)Storage area on the device is tiny. For the small passive devices you are referring to the storage area is less than 1Kilobyte. Not much space for your medical records here.

3)The logic associated with the tyre scenario. The association of the vehicle number and the tyre would not be stored on the tag. There is no space, and Read/Write tags are much more expensive (and larger). Easy to overwrite also. So for your big brother is watching scenario, you would need to replace every lamp-post on every highway with a signal generator, have assess to the database that cross-references your vehicle ID with the tag ids, and be able to monitor all of the signal generators in real-time to see what was happening.

And all this just to find out where you are. Are you really that important? I think ringing your mobile would be easier.

There is also a problem with reading many tags at once. The current limit is around 200 tags per second for the best sensor. The tag will respond and continue to respond at regular intervals (sub-second usually but dependant on set-up). Because they are all talking at once on the same frequency, the sensor cannot distinguish and ignore tags in real-time. It may recieve many responses from the same tag, and there is no way to tell the tag to shut up. So imagine the situation across a busy highway.