RSA Laboratories

Securing RFID Tags From Eavesdropping

To serve as a successful alternative to barcodes, RFID tags must be very inexpensive. While more expensive RFID tags for special environments can do cryptography, “affordable” tags lack the resources to do sophisticated computing, and certainly cannot perform the standard cryptographic operations necessary to offer privacy and security. Securing basic RFID tags therefore presents a considerable challenge. But scientists and researchers have come up with techniques that have potential for privacy and security.

Protecting RFID Tags from Eavesdropping in Enterprises

For enterprises, eavesdropping on RFID readers is a major threat. It can be a highly effective form of corporate or military espionage. RFID readers themselves can broadcast RFID tag data over long distances – often up to hundreds of meters away. It is difficult to shield the radio emissions of readers effectively without impeding their use. This means that an eavesdropper with an antenna and some basic receiving equipment can gather the same RFID tag information that is compiled by your enterprise’s own warehouse!

Scientists have proposed two different techniques for addressing the enterprise eavesdropping problem. One, proposed by researchers at MIT, is known as silent tree-walking. Silent tree-walking involves a modification to the basic reading protocol for RFID tags that eliminates reader broadcast of tag data.

A second technique, proposed by RSA® Laboratories, involves the use of pseudonyms. In this proposal, tags carry multiple identifiers, and emit different identifiers at different times. Thus the appearance of a tag is changeable. Legitimate readers are capable of recognizing different identifiers belonging to a single RFID tag. An eavesdropper, however, is not. Pseudonyms can prevent an adversary from unauthorized tracking of RFID-tagged objects.