Radio-frequency identification (RFID) tags are everywhere.
The technology allows for a fast, automated identification of physical objects, but it is possible for an attacker to get in and compromise the technology.
“A security breach in RFID applications would leak valuable information about physical objects to unauthorized parties,” said Li Yingjiu, associate professor at the Singapore Management University (SMU) School of Information Systems. Li is an expert on RFID security and privacy, as well as other aspects of mobile security, and it looking to build better safeguards into the technology.
Because RFID tags work by broadcasting information to electronic RFID readers, security breaches can occur if hackers eavesdrop on this conversation, and manage to gain access to or tamper with information.
The consequences of such an attack could be serious, Li said.
“In the context of supply chain management, for example, this means industrial espionage may obtain sensitive information about inventory levels, trading volumes, trading partners, and even business plans,” he said.
While RFID technology has greatly facilitated visible supply chain management, designing a secure and efficient RFID-tagged supply chain system is still a challenge.
“To achieve high security and efficiency at the same time, we categorize RFID-tagged supply chain environments in two security levels and design an RFID-tagged supply chain system accordingly,” the authors said in a paper, entitled “Achieving high security and efficiency in RFID-tagged supply chains.”
“In the relatively secure environment, our system is set to the weak security mode, and the tagged products can be processed in a highly efficient manner,” the authors said. “While in the less secure environment, our system is tuned into the strong security mode so as to maintain a high level of security with its efficiency lower than that in the weak security mode. A set of RFID protocols are designed to enable the duel security modes.”
To protect communications between tags and readers, Li and his team are designing and testing new RFID protocols with enhanced security features, such as those in the study.
These strategies include making the protocol’s output unpredictable, making two tags indistinguishable to the hacker, and preventing hackers from obtaining useful information even if they manage to interact with the tags.
In addition, there are instances where sharing of RFID information – between suppliers and retailers, for example, or between various components of an Internet of Things – would have obvious benefits, Li said. But without appropriate security controls, however, most companies would be reluctant to make valuable data readily available. To address this problem, Li’s team is also designing improved access control mechanisms that protect RFID information shared on the Internet.
With RFID and IoT, coming up with innovative ideas to protect data is becoming more important than it ever was and that ends up being one of the data security field’s biggest challenges — the widening gap between academia and industry.
While people in industry are familiar with the market, they are mostly isolated from cutting-edge research; conversely, academics pay too much attention to research and not enough to understanding the market.
“The future of data security, in my vision, is how to narrow the gap and bridge the two communities, which have completely different incentives and evaluation criteria,” Li said.