While radio frequency identification technology (RFID) promises unprecedented efficiency in monitoring the great supply-and-demand chain of everything from pencils to petroleum to penicillin, this new technology has its fair share of soft spots. Glitches and potential security breaches are just a few problems that researchers and vendors are racing to amend before this fledgling technology spreads its wings.
RFID tags transmit data via radio waves from antennas on chips to special readers. The potential of the system looks great; RFID readers will be capable of scanning products as they leave factories or distribution centers and wirelessly send the data to authorized computers. “It’s all about creating technology that meets a company’s needs, whether that’s servers in a data center, pallets of wine, clothing or computers on a loading dock,” says HP spokesperson Dayna Fried.
But can it be relied on in an environment crowded with information? HP hopes to discover this and correct any potential problems. In a new RFID “Noisy Lab,” HP will reproduce a real-world environment to test the technology. “The new lab will enable manufacturers and retailers to verify RFID specifications as well as test equipment,” says Fried.
To replicate a manufacturing and distribution center, HP built a “racetrack” conveyor belt that reaches speeds up to 600 feet per minute. For cases of consumer products, the belt first passes an RFID printer that both electronically and physically imprints each item with its own number. At the other end of the belt products pass a read station, simulating the destination of the product; the information gathered from the RFID tag is then compared to the actual printed label.
“These types of devices are now appearing in many different forms,” says Ari Juels, principle research scientist at RSA Laboratories. “The idea is to address weaknesses in the technology before they become more pervasive and costly.”
RSA and researchers at Johns Hopkins University, who tested the vulnerability of Texas Instruments’ Registration and Identification System (TIRIS) discovered another RFID weakness. Automobile manufacturers currently use TI’s system, which ensures, for instance, that even if a physical key inserted in the ignition works, the car will not start unless the RFID reader in the fuel-injection system recognizes the signal from a chip embedded in the authorized key.
While RSA Laboratories managed to crack the TI system, which is used by more than 150 million newer vehicles, VeriSign recently began collaborating with EPCglobal about security for the emerging technology. In April, VeriSign plans to hold its own EPC Developer’s Conference alongside the RFID Journal Live show in Chicago. Paul Strzelec, VeriSign’s director of marketing, says the pair will make announcements about new security enhancements then. TI also responded to the possible risk, saying, “We recognize that security needs to continually evolve to stay ahead of illegal attacks on RFID systems, and we remain committed to our plan in meeting our customers’ security and encryption requirements.”