SubscribeOne of the popular myths about Radio Frequency Identification (RFID) technology is that it lacks security and compromises consumer privacy in sensitive applications.
What's missing from the debate is the understanding that RF tag-to-reader communication can, and in fact is, being secured with a variety of existing advanced technologies. Security is always implemented based on specific application requirements, and because RF applications are typically systems based, security is implemented across multiple layers.
Starting with the tag chip, there are layers of security built into a contactless RF-based system. Silicon technologies secure the data stored on the chip. Secure cryptographic algorithms protect the transfer of RF data between the chip and reader. Many of the RF products developed by Texas Instruments (TI) over the years to protect cars from theft or to speed contactless payment, support advanced tag-level encryption, as well as sophisticated challenge-response authentication systems between tags and readers.
Leading silicon manufacturers have continued to evolve the security features in RF products. A number, including TI, have implemented National Institute of Standards and Technology (NIST) approved cryptographic algorithms, including Triple DES and SHA.
In addition to securing the data communication channel, existing data protection and tamper resistance technologies such as probe protection, resistance to side channel and other non-invasive attacks (such as differential power analysis attacks) can protect data stored on an RF chip.
Cryptographic methods such as Message Authentication Coding (MAC), authentication mechanisms, digital signatures and data encryption are implemented in RF chips to address all of the security issues currently being raised including "man in the middle" or data integrity attacks, replay attacks, eavesdropping, snooping or unauthorized access to data, and cloning.
In the near future, we're going to see traditional RFID tags migrate to higher levels of security to not only track the movement of, but authenticate a product and its origin: Is the product and its packaging genuine? What is the product's chain of custody or pedigree? One of the first markets for authentication capabilities that protects the safety of branded products and prevent counterfeiting is item-level tagging of pharmaceuticals. Raising consumer confidence about the authenticity of their prescription drugs is the end goal for the pharmaceutical industry, especially as the number of counterfeit, gray market and diverted products continues to climb.
RFID technology combined with a secure tag data infrastructure can assure both package authenticity and pedigree. This approach for item-level tagging in a secure, yet open supply chain is applicable to a range of branded goods markets such as high-value cosmetics, apparel, consumer electronics and collectables. In all these applications consumer protection from a secure RF system not only comes in the form of product safety, but in raising the level of confidence for consumers that they are purchasing genuine goods.
It is important to understand that in any application the RFID technology is only one part of the entire system, typically only a single data storage and transmission point. Data from multiple RF tags and application data may be stored in centralized databases. Companies and government agencies applying contactless RF technology for system level applications such as item-level authentication thus must not overlook system-level issues such as database and network security. Some of these threats also need policy and legal solutions to successfully address, not just technology.
There are hundreds of millions of RFID tags used today in consumer applications, including automotive security and retail payment, where security threats exist and have been raised and addressed to allay consumer concerns. The Internet, which in its early days lacked the security and privacy needed for electronic commerce transactions, has seen acceptance and use grow as companies adopted technologies and policies to ensure secure information transfer. We expect RFID to evolve on a similar path.
Historically, concerns around security have been well addressed in RF applications, making the technology more secure than bar codes or magnetic stripe that can be more easily copied or forged. With RF tag and system-level security in place, market acceptance and adoption of RF technology will rely on user education, familiarity with the technology, and the inclusion of RF data within corporate privacy policies.
Please click this link for more information on TI-RFid™ portfolio.