CybersecurityHack-proofing RFID-equipped persona devices

Published 4 January 2017

Radio-frequency identification (RFID) tags have become almost ubiquitous – look carefully, and you will notice them in passports, credit cards, library books, office access passes, and even pet cats. The technology, which allows fast, automated identification of physical objects, is also a staple for many industries. But what would happen if RFID technology were compromised?

Radio-frequency identification (RFID) tags have become almost ubiquitous – look carefully, and you will notice them in passports, credit cards, library books, office access passes, and even pet cats.

The technology, which allows fast, automated identification of physical objects, is also a staple for many industries – factories and warehouses use it to track inventory and manage supply chains, pharmaceutical companies deploy it to track drugs, and courier services use it to tag deliveries. But what would happen if RFID technology were compromised?

A security breach in RFID applications would leak valuable information about physical objects to unauthorized parties,” says Li Yingjiu, Associate Professor at the Singapore Management University (SMU) School of Information Systems. Singapore Management University says that Professor Li, an expert on RFID security and privacy, as well as other aspects of mobile security, is endeavoring to build better safeguards into the technology.

Improving RFID security protocols
Because RFID tags work by broadcasting information to electronic RFID readers, security breaches can occur if hackers eavesdrop on this conversation, and manage to gain access to or tamper with information.

The consequences of such an attack could be serious, says Professor Li. “In the context of supply chain management, for example, this means industrial espionage may obtain sensitive information about inventory levels, trading volumes, trading partners, and even business plans,” he explains.

To protect communications between tags and readers, Li and his team are designing and testing new RFID protocols with enhanced security features, such as those in 2010 study, “Achieving high security and efficiency in RFID-tagged supply chains”, published in the International Journal of Applied Cryptography. These strategies include making the protocol’s output unpredictable, making two tags indistinguishable to the hacker, and preventing hackers from obtaining useful information even if they manage to interact with the tags.

In addition, there are many instances where sharing of RFID information – between suppliers and retailers, for example, or between various components of an Internet of Things – would have obvious benefits, says Professor Li. But without appropriate security controls, however, most companies would be reluctant to make valuable data readily available. To address this problem, Professor Li’s team is also designing improved access control mechanisms that protect RFID information when it is shared on the internet.