RFID should have encryption

The head of the R&D labs at RSA, mr. Burt Kaliski, states that RFID security needs a major boost before the technology is fit for common use. He expects public opinion to turn against RFID if this key issue is not addressed properly by the industry. Consumer confidence is at the heart of enabling any major roll-out. Kaliski states that many tag signals can be 'intercepted' without much difficulty. Flexibility of tags that can be read by various types of readers, at the same time means a threat to confidentiality of any data on the tags. Most current tags contain no security mechanisms whatsoever.

Given the plans of several governments to create passports where personal identification data is written on RFID chips, the security issue becomes paramount. To illustrate this point: the current security mechanism of TI's RFID chips is based on 40 bit coding. The algorithm was recently broken by RSA researchers in cooperation with John Hopkins university.

There are several ways to secure RFID chips:

• encrypt data on the chip, and only send encrypted data
• use a blocker tag to prevent an RFID tag's data from being read
• use an authentication mechanism to restrict the number of readers that can access the data on the RFID chip

Obviously, the more the security mechanism is embedded in the hardware, the better the solution could be - both in terms of actual protection, and in terms of transparancy for the user.