Addressing insecurities and violations of privacy

Abstract

RFID systems, and indeed other forms of wireless technologies, are now a pervasive form of computing. In the context of security and privacy, the most threatening (to privacy) and vulnerable (to insecurity) are the 'low cost RFID systems'. The problems are further aggravated by the fact that it is this form of RFID that is set to proliferate through various consumer goods supply chains throughout the world. This is occurring through the actions of multinational companies like Wal-Mart, Tesco, Metro UPS and of powerful government organizations such as the United States DOD (Department Of Defence) and FDA (Food and Drug Administration). This paper examines the vulnerabilities of current low cost RFID systems and explores the security and privacy threats posed as a result of those vulnerabilities. The paper will also formulate a framework for defining the problem space constructed around low cost RFID systems, and consider the challenges faced in engineering solutions to overcome the defencelessness of low cost RFID systems. Security issues beyond and including interrogators will not be considered as such concerns may be easily resolved using existing technology and knowledge, and because interrogators are powerful devices where complex encryption and decryption operations may be performed using either the embedded systems, DSPs, or using hardware implementation of encryption engines on a FPGA device onboard a reader. © 2008 Springer-Verlag Berlin Heidelberg.