We know that the data stored within your RFID system is valuable to you and your customers. This also means that, unfortunately, someone else might find it valuable as well. So how can you protect your sensitive data from falling into the wrong hands? In this article, we’ll discuss how uninvited parties might try to get ahold of your information and eight different ways you can prevent that from happening.
First, you need to know how individuals outside of your organization could be accessing your RFID stored data illicitly. Two common methods of this are skimming and eavesdropping:
1. Skimming: To skim is to surreptitiously read a tag, often through the use of a handheld reader. If your system is configured according to a widely used protocol, it may be at risk of being skimmed.
2. Eavesdropping: Although we can’t see it or hear it, the conversation between tag and reader happens in the physical space, the air interface, between the tag and the reader. Eavesdropping occurs when someone uses a receiver to pick up on this conversation which happens out in the open. Without proper protection, this receiver could steal data during a legitimate exchange between a tag and reader.
So, how can you protect your information from these threats?
Switches require that someone physically press a button, or a switch, in order to activate the tag. Meaning that the tag cannot be read until the person responsible for it has consented to it being read. Skimmers, therefore, would not be able to access the tag’s data without coming into physical contact with it. This method is more effective for personal belongings which need protecting.
Shields are another physical measure which can be taken to protect a tag’s data. In this case, an insulated shield surrounds the tag and can be removed when the owner of the tag wishes for it to be read. Again, this method would work well on a personal level, but it would be highly labor intensive in a warehouse setting.
The remaining methods all rely on some form of encryption, so that the tag and reader can communicate in a way that is indecipherable to outsiders. Since these security measures are encrypted within the tags themselves, they require less effort from the people operating them. However, if the encryption methods are very complex, they will require more computation from the tag’s integrated circuit, which can impact the cost, read rate, and read ranges of your RFID system.
3. Mutual Authentication
In this process, the sensor will send a line of code to the tag, which will decipher it using the key which is known to both entities. If the tag is successful, it can then send a line of code to be similarly deciphered by the reader. Once both tag and reader are certain that neither is an imposter, they can transmit their data. This method prevents anyone from stealing the data through skimming (as no other reader will know this special key), and eavesdropping (as the key itself is never sent between the reader and tag).
4. Kill Code
Encryption can also be employed to kill a tag. However, this is not always the best option. Once a tag has been killed, it will be rendered permanently unresponsive, to skimmers and legitimate readers alike.
5. Lock Password
A lock password is a 32-bit password which must be transmitted before a tag will transmit its data. Skimmers will be unable to access the data since they can’t provide the password (a 32-bit password has 4,294,967,296 possible combinations). This is a simple and popular way to protect passive UHF systems, which often have limited computational abilities.
6. Basic Access Control
The reader must supply a specific key before the tag will reveal any personal information, blocking potential skimming. This method is commonly applied to protect the sensitive data stored in passports from being read by outsiders.
7. Cover Coding
A reader’s signal is louder than a tag’s, making it easier for outsiders to pick up its transmissions. Cover coding takes advantage of this disparity in order to prevent eavesdropping. Initially, the reader requests a random number from the tag and the tag (quietly) responds with this number. The reader then encrypts future communications using this number, making them difficult to decipher by a third party.
8. One Sided Encryption
Another measure which prevents both eavesdropping and skimming is one sided encryption. This is a simpler option in which only the reader takes part in the encryption of a tag. Any data transmitted to the tag has already been encrypted, and any data which returns to the reader through the tag will be decrypted by the reader. All of the computation occurs within the reader, keeping the tag simpler and therefore cheaper. Also, any data skimmed from the tag or communications between tag and reader which are ‘overheard’ will be meaningless to outsiders.
Your security needs may vary, depending on the purpose your RFID system serves. However, ensuring that only you and your trusted partners can access your data will increase the value of your RFID solution dramatically. Choosing the right security measures for your RFID plan is only one of several factors you’ll need to consider prior to implementation, and will definitely be part of the conversation if you’re working with a reputable RFID integration partner. If you’re interested in discussing your implementation strategy with Computype, give us a call!