RSA Laboratories

Protecting Consumer Privacy

In the near term, barcode-type RFID tags are unlikely to reach the hands of consumers on a regular basis—but they will eventually. As a result, consumer privacy is becoming a major issue around RFID in the media, and a critical concern for deployers of would-be RFID.

Industry approaches to consumer privacy vary. Some enterprises are proposing policy guidelines for use of RFID information. EPCGlobal proposes, for instance to enforce clear labeling of RFID-tagged products, among other measures. Policy-based approaches to RFID privacy will help. It is the position of RSA Laboratories, however, that policy guidelines are in and of themselves insufficient to guarantee consumer privacy. After all, RFID-tag reading is not a visible process. Consumers can have no easy way of knowing when RFID policies are adhered to or breached. In fact, RFID tags can be so small and easily embedded in products, that consumers may not even know when they are carrying them!

So what technologies can help protect consumer privacy? Here are a few approaches proposed by scientists:

  • Kill codes: Perhaps the most straightforward approach to protecting consumer privacy is to ensure that consumers do not carry live RFID tags in the goods they purchase. With this aim, EPCGlobal standards support kill codes on RFID tags. These are PIN-protected commands that cause RFID tags to disable themselves permanently, so that they are no longer readable. There have been some difficulties in making this approach workable in field tests. However, once these difficulties are overcome, kill codes are likely to be an important mechanism for protecting consumer privacy.
  • RSA® Blocker Tag: Kill codes have a drawback. If tags do not function in the hands of consumers, then consumers can’t benefit from them. Many envisioned benefits -- like “receipt-less” item returns, “smart” RFID-enabled appliances, and so forth -- would be unworkable. RSA Laboratories’ proposal, the RSA Blocker Tag, aims to provide consumers with the best of both worlds: privacy and usable RFID tags.
  • One may think of a the RSA Blocker Tag as "spamming" any reader that attempts to scan tags without the right authorization (the RSA Blocker Tag is designed to manipulate the reading protocol to make the reader think that RFID tags representing all possible serial numbers are present). When a Blocker is in proximity to ordinary RFID tags, they benefit from its shielding behavior; when the Blocker tag is removed, the ordinary RFID tags may be used normally.
  • Thanks to their selective nature, blockers do not interfere with the normal operation of RFID systems in retail environments. They prevent unwanted scanning of purchased items, but do not affect the scanning of shop inventories. Thus RSA Blocker Tags cannot be used, for example, to circumvent theft-control systems or mount denial-of-service attacks. They can only to be used to protect the privacy of law-abiding consumers.
  • Distance measurement: In initial experiments, scientists at Intel® have noted that RFID tags might be able to employ the signal-to-noise ratio of the transmissions they receive from a reader to estimate the distance of that reader from the tag. As distance implies trust in many circumstances, this might serve as a privacy-enhancing feature in RFID tags.

Protecting RFID Infrastructure

It is not only tags and readers, but all parts of an RFID infrastructure that present important security challenges -- particularly with the rich business intelligence that RFID data carry. Thankfully, many well trusted data-security tools for device authentication, end-to-end communication encryption, and database security may be applied to RFID systems. With its own special characteristics, RFID does present some unusual challenges. These will unfold as enterprises deploy RFID and learn their security needs, and will preset an important challenge to data security specialists.