Hello and welcome back to Mobile Knowledge. In my last posting “A Quantum Physicist’s Perspective”, Dr. Walraven eloquently brought the issue of privacy in the connected world of tomorrow to center stage. After all, the dream of an existence rich with contextually relevant services can easily turn into the nightmare captured in Hollywood classics like “The Matrix” and “The Net”. A world where we, the people, become the extension of our cyber presence; the puppets at the end of a wire pulled by those who control the content rich network(s) within which our identities are held hostage.
Ouch, let’s hope that this scenario is far from any realm of reality. But is it? Can we really be tagged, tracked and erased while others assume our identities and live our lives? I hope not, yet we all know that it is technically possible.
Did you know that the United States Government Printing Office has been testing electronic passports (e-passports) embedded with radio frequency identification (RFID) chips? RFID technology is a promising and affordable technology for tracking things, but is it ready for tracking people?
To answer this question I found myself turning to my dear friend and colleague, Mr. Murray Slovick. Murray is Editorial Director, Electronics Group, of Hearst Business Media, publishers of Electronic Products and Electronic Engineer's Master. It is said that many years ago when the Earth was young and volcanic, Murray was an engineer, however most of his career has been spent in publishing, wrangling with words instead of partial differential equations.
I asked Murray to share his insights on the topic; this is what he had to say…
Designed to provide fast, safe and convenient wireless payments and other transactions, radio frequency identification cards have an embedded antenna connected to a microchip, enabling the card to pick up and respond to radio waves. These cards do not require batteries or any other power source because they are powered by the electromagnetic field generated by the card reader. Just wave the card near the reader and, in theory at least, secure identification, electronic payment transactions and authentication can be completed almost instantly.
A large number of companies use RFID tags to track the movement of supplies and finished products. RFID transponders are also being used to track livestock. The tags, inserted into the ears of the animals, contain various characteristics of the animal such as its origins and lineage.
Closer to home, more than 150 million of these RFID transponders are embedded in keys for newer vehicles built by leading car manufacturers, including, for example, 2005 model Fords. Designed to thwart car thieves, the RFID system in vehicles uses a passive, un-powered transponder chip embedded in the key and a reader inside the car, connected to the fuel injection system. If the reader does not recognize the transponder, the car will not start, even if the physical key inserted in the ignition is the correct one. This innovation has greatly reduced auto theft.
The transponders are also inside more than 6 million key chain tags used for wireless gasoline purchases. In this system a reader inside the gas pump must recognize a small key-chain tag that is waved in front of it. Upon system approval, the transaction is then charged to the tag owner's credit card.
Nice system. The only trouble is that earlier this year computer scientists from The Johns Hopkins University and RSA Laboratories demonstrated that the encryption in RFID microchips in some newer car keys and wireless payment tags can be defeated with low-cost technology.
Using a relatively inexpensive electronic device, the researchers found, criminals could wirelessly probe a car key tag or payment tag in close proximity, and then use the information obtained from the probe to crack the secret cryptographic key on the tag. By obtaining this key, lawbreakers could more easily circumvent the auto theft prevention system in that person's car or potentially charge their own gasoline purchases to the tag owner's account. (See http://www.rfidanalysis.org/#about for details on how the team cracked the code).
And yes, for the past couple of years the United States Government Printing Office has been testing electronic passports (e-passports) embedded with RFID chips. The idea is Americans traveling abroad would have their passports scanned by RFID readers at points of entry into foreign countries and again when they return to the United States. By holding the passport close to a fixed or mobile handheld reader U.S. Customs officials would scan the information encoded on the embedded chip, containing all the data that is currently printed on the passport, as well as a digital image of the passport holder.
Well folks, there you have it! One could say that with the cost of gasoline topping $3 a gallon an RFID security breach could cost consumers billions. Given the work done at Johns Hopkins, as well as the national security ramifications of stolen passport information, maybe the government should re-think this program. As always, I eagerly await your thoughts and feedback. Reach me at [email protected]