RFID

VIDYA SAGAR

RFID Basicsl
If you have ever used an access card to get into a building or your car or passed through an
automated toll collection system on a highway, you have used RFID. The definition of RFID is
rather broad because it has so many uses. Let's first start with the acronym and what it means:
RFID = Radio Frequency IDentification
Now, let's break down what this means: a system of technologies that allows an object, person or
animal to wirelessly identify itself to another object, person or animal. Hence the words RF (Radio
Frequency) and ID (IDentification).
To be able to do this in so many usage scenarios, form factors, price points, thermal environments, et
cetera, the technology used for enabling RFID takes many forms. The most common ways of
subdividing the technology are by frequency and whether or not the tag is a passive device. Lets
first look at the frequency: at the lowest common frequency or LF (Low Frequency), this spans the
range of 58-148.5 kHz or 58-148.5 thousand cycles per second. This frequency allows for low cost
tags and readers with short read range (several inches to several feet), but most importantly, this
frequency allows the RF to transmit through metals a few mm thick and liquids. This makes this
technology very suitable for implanting into animals, but also for access control and electronic
article surveillance (EAS) or antitheft applications. Now, one can't easily implant a battery along
with the antenna and chip in animals or consumer goods, so the tags are read passively. The behavior
of the tag changes an incident RF field in a way that a reader can detect a unique ID. This ID may be
a single bit in the case of an EAS tag or up to 10s of bits for animal tags.
The next frequency range spans from 1.75-13.56 MHz and is the next most common use of the
technology. This frequency range is called HF, or High Frequency, and includes tags for use in
building access, public transportation and electronic payment systems. The range of these systems is
similar to LF: inches to feet, depending on the application. HF tags also work pretty well with metals
and liquids. Except for electronic article surveillance, HF tags are usually used for proximity
applications: a human gesture of moving one's arm, wallet or purse is used to provide access or
payment.

Let's briefly touch on the next frequency range: UHF or Ultra High Frequency, sometimes called
Near Field UHF. This is the primary area of focus for ThingMagic because we believe UHF allows
RFID to be used ubiquitously, that is, where the technology can be used in every place and every
time. How is this possible? UHF RFID spans the 433, 840-960 MHz and the 2.4 GHz range. At this
frequency, the RF that is produced allows for relatively efficient wave-like propagation; similar to a
radio station, but with reasonable amounts of power consumption for handhelds, laptops, trucks,

RFID

VIDYA SAGAR

printers, et cetera. Near field UHF RFID tags contain a small silicon chip and an antenna paired onto
or into an object. This allows one to create tags which can be read from
inches to 10s of feet in a passive configuration, and 100s to 1000s of
feet if used semi-passively (the tag still changes the RF that comes
back to the reader rather than transmitting, but gets a battery to help it
out) or actively (an active transmitter). The tags can also be produced
very inexpensively; the antennas can be etched with chemicals or
printed with a printer that can print metals such as copper or
aluminum, or in the case of a chip produced by Hitachi, directly into
the chip itself.
The low cost and long range of UHF RFID means that tags can be
placed just about anywhere and interrogators (or RFID readers) can
read them. This allows computers attached to these interrogators to see
the world around them; not with the lens of the visual spectrum like
humans do, but through the RF lens. It is a pretty primitive way to see
the world compared to the visual acuity and processing that human
beings are capable of, but this technology can be made to work very well and without human
intervention. It can reduce some hard machine learning problems to simple observational ones. The
technology is now starting to be used ubiquitously in hospitals, law offices and courthouses as an
ambient computer interface for objects. In the courthouse example, the technology is used to track
all documents and docket folders within their environment. Previously, near the time of a hearing, a
long and laborious process was manually run with human labor to locate needed paperwork. Now
with this new technology, the analog of an internet search can be made to search for objects in the
physical world (Ravi Pappu coined this a reality search engine). The search is done in the digital
world, but the association with identity and location in the physical world allows one to seamlessly
cross this digital-physical barrier. These applications point to a future where identification and
sensing could become ubiquitously present in every object in a user environment. This would allow
the creation of one of the ultimate ambient interfaces: each application would be created by filtering
relevant data for a particular use case.

Why use RFID

Print
Email

There are multiple reasons one would want to use RFID:

Use RFID if you want to wirelessly identify something without line of sight. Line of sight
means that one could draw a straight line going directly from the reader to the object without
interruption. This is literally what is done for bar codes via a laser, but mirrors are used to
make the laser look a little fancier. If the laser can't "see" the object it wont be read. This is
very intuitive to us whenever we go to the supermarket and a bar code reader has the bar
code faced toward the scanner beam. RF is much less precise; it's more like a big balloon of

RFID

VIDYA SAGAR
energy encircles the object allowing it to be read on all sides. The cost of this is literally
money: printed bar codes are super cheap (usually only the cost of ink or about $0.005), but
RFID usually needs a microchip to change the balloon enough to be read by a reader (usually
$0.07 to $0.25 or more). This tradeoff is essential for many applications for contactless
payments, building access, highway toll access, supply chain management, finding tools in
trucks, et cetera. Rather than us adjusting to our computing devices to orient things we can
augment the computing devices to see in a different way so that our normal human gestures
or how objects are placed in space or move in time can be seen easily.
Use RFID if you want a simple wireless means to store a small amount of information
on things, and even better: change the information dynamically. RFID tags usually
contain 96-512 bits of information on them and each tag can be read in less than 5 ms or 5
thousandths of a second. Modern standards allow hundreds or even thousands of tags to be
read in an apparently simultaneous fashion. Most tags allow you to dynamically change this
ID and other types of user data tens of thousands to hundreds of thousands of times. In short,
tags are very versatile.
Use RFID if you want a computing device but not humans to see the ID. In some
applications it is important to be able to physically hide the RFID tag in the object. All barcoded products have a very visible signature on their product marketing. A tag could be
embedded in laptop computers unobtrusively to find out their mac address without powering
them on; tools in a truck bed can have their identities embedded inside the tool; wallets can
reveal a subway pass without even leaving your pocket. One important consideration for
choosing passive or battery-assisted passive RFID over active RFID is that active devices
need to be certified by the FCC. If you want to embed RFID into a box of cereal, it would be
nice not to have to send the box to the FCC. Passive technology gives you this opportunity.
Use UHF RFID if you want a computing device to see an object from far away. One of
the significant benefits of UHF RFID is that tags can be read from far away. Passive UHF
allows objects to be read across a room, while battery-assisted-passive and active tags can be
read across buildings and in very difficult RF environments.
Use UHF RFID if you want to enable the "Internet of Things". We at ThingMagic
believe that once RFID interrogators are prevalent (the network exists) and share a common
mode of exchanging information, a network effect (or Metcalfe's law) and set of application
layers will be created from an ecosystem of identifiable objects. We believe that this will
fundamentally change the way we interact with the physical world when every object has a
digital identity. For now, these applications will be vertically-oriented or closed-loop reader,
tag and software systems, but will grow in value as these applications begin to overlap and
share information, just as computers once were before the internet.

Architectural Overview

Print

RFID

VIDYA SAGAR
Email

The major subsystems for RFID are the reading object(s), the tagged object(s) and the computing
system which will create inputs into the system, take outputs from the system and control the system.
This is shown below:

If the reading objects are known, such as a car, a warehouse door, an office room, a handheld device,
a printer, et cetera, the key architectural decision is what reader to use. For many applications that
require adding RFID, a small reader module such as the Mercury5e or the M5e-Compact will suit
the needs of the application. For some applications which require a finished product or long cables
and many antennas, a fixed reader (access-point) type reader, such as the Mercury5 will be required.
For all cases, it will be important to create or obtain software to interface with the data protocol of
the reader and to maintain the configuration and firmware of the reader, especially when many
readers are required.
Once the reading object is determined, the next thing to determine are the tagged object(s). The
material characteristics of the tagged object, read distance required and geometric area are some of
the key considerations. If the read distance is within the wavelength of the RF; 1m at 300 MHz and
.3 m at 1 GHz, near field tags must be used. Beyond that, special material spacers may be required
for metals, encapsulations for harsh environments and other special requirements must be handled
and tested.
Once the reading objects and tagged objects are configured, a survey is usually completed to make
sure there is enough margin in the system to have robustness in the application of interest. During
this time, the overall software architecture is established, implemented and tested.

RFID Security issues - Generation2 Security

Print

RFID

VIDYA SAGAR
Email

Executive Summary
RFID data security is importantSecurity is a critical issue that must be addressed correctly
from both a technical and business process point of viewto ensure widespread ubiquity of RFID
technology.
RFID must meet the public demand for data securityThe general public must perceive RFID
technology as safe and secure to alleviate legitimate concerns about data security and personal
privacy.
Todays EPC security is acceptable for nowCurrent levels of data protection provided by the
EPCglobal Generation 2 protocol represent an advance over previous protocolsand are acceptable
for todays limited RFID deployments within the supply chain.
The key security threats are to front-end RF communicationIP communication between RFID
readers and the network is secure, thanks to standard IP network security solutions. The real threat is
RF communication between tags and readers. These issues must be addressed by future protocols
and additional research and development.
Data security threats take different formsRogue/clone tags, rogue/unauthorized readers, and
side-channel attacks (interception of reader data by an unauthorized device) all threaten data
security.
Future deployments will need new security and a new protocolAs deployment of RFID
reaches the consumer-item level, new security enhancements will be needed, triggering a need for a
new Generation 3 protocol.
Security comes at a costNew security measures must balance effectiveness with cost and
complexity implications.
Data security is an evolving storyFuture generations of tag protocols will enable RFID to take
security to a new level.

1. RFID Security: An Introduction

Identity theft, stolen credit card information, viruses, hackers, and other threats have raised data
securityonce an arcane topic relevant only to programmersto high levels of public awareness.
Keeping data secure is a vital concern for individuals, corporations, and governments. Data security
is an issue that has broad implications for business practices and technology. And its a highly
emotional issuewhat could be more personal than your Social Security number, address, or
personal preferences?

RFID

VIDYA SAGAR

Increasing adoption of Radio Frequency Identification (RFID) technology opens a new frontier for
data threats and data security measures. Broadly speaking, RFID includes a full spectrum of wireless
devices of varying capabilities, power, and sophisticationincluding ExxonMobil SpeedPasses,
vehicle immobilizers, Electronic Product Code (EPC) tags, and more. RFID tags are small, wireless
devices that emit unique identifiers upon interrogation by RFID readers, which emit powerful
electromagnetic fields and read tag information.
This white paper focuses on the simpler, low-cost EPC tags that are used increasingly to bring new
efficiency to commercial supply chainsserving as a 21st-century evolution of bar codes. As
implementations of RFID technology of this type become more widespread, ambitious, and
ubiquitous, they create new potential data security threats, new concerns among consumers, and new
misconceptions.
This white paper explores the key types of data security threats raised by RFID and highlights
possible solutions using the capabilities defined by the EPCglobal (the RFID industry standards
group) Class 1 Generation 2 standard, known as Generation 2. It explores the current data security
needs and suggests best practices for optimizing the capabilities of Generation 2. It also looks
beyond Generation 2 to envision new data security capabilities. And it highlights and evaluates
several recent news stories about RFID data security.
i. Defining Data Security

Its important to have a clear idea of what data security means right from the start. Only then can you
truly measure whether an RFID implementation is truly secure. Here are three qualities that define
data security in an RFID context:

Controlled access to the dataonly authorized entities (people, systems) can read and write
information.
Control over access to the systemOnly authorized entities can configure and add to the system,
and all devices on the system are authentic and trustworthy.
Confidence and trust in the systemUsers share a general perception that the system is safe and
secure. This is a more subjective criteria, but important.

ii. Levels of Data Security

Every communication system has its own appropriate level of data securityfrom wireless devices
to the Internet. Not every type of data merits the highest level of security. Escalating levels of
security tend to introduce extra cost and technological complexity, and RFID is no exception. Its
critical to balance security threats against security costs.
iii. Public Perception of Data Security

At some point, Internet users became confident enough in online commerce that they would
participate in potentially risky processessuch as buying products or trading stocks. Why? Because
the level of data protectionand the perception of ithad reached a high enough level that the

RFID

VIDYA SAGAR

general public had confidence and trust in the system. For widespread acceptance, RFID technology
must achieve a similar level of confidence and trust.
iv. Stakeholders in RFID Data Security

Who is concerned about RFID data security?

ConsumersWant to ensure that their personal information isnt misused, and that RFID tags are
used responsibly.
CorporationsWant to use RFID technology to increase efficiency, serve consumers better, and
gain a competitive advantage.
GovernmentsWant to create standards that ensure the public trust.
RFID Solution ProvidersWant to ensure the reliability and security of their systems, as well as
their usefulness and competitiveness.

2. Where Security Matters

Security is only as strong as its weakest link. In your home, the most powerful locks on your door
will do nothing to keep your house secure if your windows are open. So it is with RFID security. All
elements of an RFID system need to be secure, and the links between each element must be carefully
considered with data security in mind.
i: The Importance of the Tag Reader

In RFID systems, tag readers are the communications crossroadsand pivotal junctures in the
security of the entire system. Tag readers communicate in two directions, and each must be secure:

Back-End Communication (via IP)Tag readers convey data via Internet Protocol (IP)
communication.
Front-End Communication (via RF)Tag readers provide and collect data to and from tags via lowpower Radio Frequency (RF) communication.

ii: Back-End Network Security

The key threat on the back-end communication side is unauthorized access to the network. No
company wants to implement a system that leaves a clear opening for rogue devices (or just plain
rogues) to access their network. Again, it would be like leaving all the windows open in a house
not good for security.
Fortunately, network security is a highly evolved, mature technology, one that brings plenty of
powerful tools and technologies to bear on the challenge of keeping networks safe. RFID reader
makers can implement standard, proven security technologies, such as Secure Sockets Layer (SSL)
and Secure Shell (SSH). They can close ports that are not secure (e.g., with Telnet). And they can
implement secure processes, such as certificates for authentication, which keep out unauthorized
readers, competitors, hackers, and other potential threats.

RFID

VIDYA SAGAR

In short, the data security story for back-end communication is simple and strong. Security at this
juncture is controlled by RFID reader manufacturers (e.g., ThingMagic), which have plenty of
powerful, standard tools available to ensure data security. These proven, widely used security
capabilitiesde facto standard features of todays IP networksexist to support data security, and
should be an essential feature of any RFID reader and RFID implementation. They are not yet
common in RFID products, however. So users should be diligent in ensuring that the RFID readers
they select conform to industry-standard security practices.
iii: Front-End RF Security

The front-end side of the RFID reader is a different storyone that is more challenging, complex,
and evolving. The vital connection between tags and readers occurs in the air via RF
communication. This connection enables of the powerful capabilities of RFID, but it also leaves the
window open to several key threats:

Unauthorized access to tags

Rogue and clone tags
Side channel attacks

These threats are explored in more detail in the following sections. However, its important to point
out that front-end RF security is the weakest link in todays RFID systems.
This area, controlled by the tag protocol standards process, has evolved in the latest standard
introduced by EPCglobal, Generation 2. But there is still plenty of research and development and
innovative thinking necessary before the front-end is as secure as the back-end. Today, front-end RF
communication is vulnerablethe Achilles heel of RFID systems.

3: Key Front-End RFID Security Issues

Most of the front-end threats to RFID security involve deception, manipulation, or misuse of the RF
communication between tag and reader. Here we explore three common threatsunauthorized
access to tags, rogue and clone tags, and side channel attacks.
i: Unauthorized Access to Tags

Tags are evolving quickly in complexity, power, and flexibility. However, all types of tag share a
critical vulnerability to rogue RFID readers. A rogue reader can read a tag, recording information
that may be confidential. It can also write new, potentially damaging information to the tag. Or it can
kill the tag. In each of these cases, the tags respond as if the RFID reader was authorized, since the
rogue reader appears like any other RFID reader. This capability has broad implications, since tags
may contain data that should not be shared with unauthorized devices.

RFID

VIDYA SAGAR

Example: Unauthorized Access to Tags

A rogue RFID reader might be able to measure the inventory on a store shelf and chart sales of
certain itemsproviding critical sales data to a rival product manufacturer. This unauthorized
information could play a key role in developing a competitive strategy informed by corporate
espionagee.g., negotiating more shelf space or better product placement.
ii: Rogue and Clone TagsOn the other end of the tag-reader connection, consider the threat of rogue
and clone tags. Rogue tags are tags from unauthorized sources, while clone tags are unauthorized
copies of real tags. These tags connect with the RFID reader via RF and send false data.

Example: Rogue and Clone TagsA bootleg product could appear to be an actual product if it bears
a clone tag. A rogue tag placed within proximity to a RFID reader could contribute false data to the
reader. In both cases, these tags affect the integrity of the system, and undermine security for both
consumers and the companies that rely on RFID.

RFID

VIDYA SAGAR

iii: Side Channel Attacks

The biggest vulnerability in todays RFID systems occurs when interloper RFID readers or other
rogue devices eavesdrop on authentic transactions and RF communications between authorized tags
and readers. The rogue device can access passwords or data using standard, inexpensive lab
equipment. Like wiretapping (without the wires) this capability exposes confidential information to
others who may put it to new and nefarious uses.

Example: Side Channel Attack

A rogue device outside a large retail store might gather confidential datasuch as whos buying
anti-depressantsthat could conceivably be sold to competitors, the tabloid press, or others.

4. An Assessment of Generation 2 Security

RFID security is an evolving story, driven by the needs of the marketplace, the technological
ingenuity of engineers engaged in developing next-generation solutionsand above all, the tag
protocol standards process.
i. Evaluating Current Security Levels

The Generation 2 protocol is an improvement on Generation 1 and previous tag protocols. It includes
key capabilities that companies implementing RFID can leverage to help ensure security:

Kill commandTags can be killed or permanently rendered inoperable by command under the
Generation 2 protocol. Killing tags at point-of-sale enables greater data security and personal
privacy. In short, dead tags dont talk. The Generation 2 kill command is protected by a tagspecific, 32-bit password, which offers a basic level of security to the tag and helps protect against
inadvertent or malicious disablement of tags.

RFID

VIDYA SAGAR
Disguised EPC numberDuring most transactions, the tags EPC number (its unique identifier) is
somewhat disguised, helping protect tag identityand tag data.

Does Generation 2 provide sufficient security? Yes and noyes given current deployments, and no
for next-generation, broader deployments that will take RFID into more public environments. The
current security features add up to an acceptable level of security given the current state of the
market. In a time when RFID is still evolving, deployment levels are relatively low. And the focus of
most implementations is on the back-end of the supply chainprimarily case and pallet-level
taggingwhere security risks are inherently lower, since physical access to the system is limited to
employees and therefore somewhat controlled.
ii: Shortcomings of Generation 2

Simply killing tags isnt enough to cure all security issues inherent in RFID. Under the Generation 2
protocol, there are several clear issues that serve as potential roadblocks to more ubiquitous
deployments at the consumer level:

Weak data encryption - Potentially private or sensitive data (an EPC could identify a personal
product, such as Viagra) is not encrypted, but cover coded by means of a pseudo-random number
transmitted by the tag. This code can be compromised very easily by a side-channel attack.
Weak password protection - Like data, passwords are not encrypted, but cover coded - which is less
robust than a strong cipher.
No tag or reader authenticationLack of authentication introduces the risk of rogue/clone tags or
rogue/unauthorized readers to an RFID implementation.

Clearly, the level of security in Generation 2 is not sufficient to meet the original criteria of data
security discussed at the outset of this white paper. Access to the data is not tightly controlled.
Access to the RFID system is similarly open to manipulation and attack via the three main types of
front-end threats. And most importantly, security levels are not high enough to generate the high
levels of consumer trust that will enable widespread acceptance of RFID at the item level.
iii: Current Best Practices

Given the current level of data security provided by Generation 2, what can companies using RFID
technology do to help achieve maximum security? Here are some basic considerations and best
practices to consider:
Back-End Security

Ensure that your back-end security uses industry-standard network technology

Front-End Security

Avoid putting confidential information on the tag

Use information pointers, rather than actual information

RFID

VIDYA SAGAR

iv: Impact of Ubiquity on Security

As RFID moves toward great ubiquity in the marketplacesuch as widespread item-level tagging
it will become more and more vulnerable to attack. The key contexts for EPC tags represent an
evolving progression toward ubiquity via three general phases:

Phase 1. Inside the supply chain (now)factories, transportation, retail backrooms

Phase 2. Transition zone (near future)customer-facing portions of retail stores, where tagged
items are purchased by consumers
Phase 3. In the outside world (future)locations including consumer homes and beyond

As deployments move through these phases, tags become more widely used. More tags (item-level
tagging will result in many more tags than case- or pallet-level tagging) and more RFID readers
(ubiquitous tags will result in wider deployment of readers) mean new opportunities for attack, and
new threats designed to exploit security shortcomings. Side channel attacks are a particular risk once
tags are deployed at the item level. And new threats will emerge as RFID becomes more of a target
for espionage and hacking.
The success of RFID in the marketplace will place new security demands on itand an increased
need for robust security in emerging tag protocols.

5. Beyond Generation 2
From this examination of security threats to Generation 2, its clear that a future EPC Generation 3
protocol will need to add higher security levels to RF front-end communication to ensure broader
use of RFID technology. New technical and policy approaches will have to solve the real privacy
and security concerns identified by industry analysts, technologists, and public watchdogs. If not,
restrictive legislation or public backlash could thwart widespread acceptanceand limit the
powerful benefits that RFID offers businesses and consumers.
i: Technologies that Enhance Security

Possible technological approaches that can enhance security in future protocols include:

EncryptionCryptography provides greater data security by storing encrypted serial numbers on

tags. However, it raises the significant technological challenges of key management
(distributing/managing the corresponding decryption key). Encryption doesnt eliminate tracking, it
simply makes it more complex. And any onboard encryption operations would boost the
computational demands on tagsintroducing new overhead and boosting the price per tag.
Tag passwordsBasic RFID tags already have sufficient resources to verify PINs or passwords, which
could be a possible solution for data protection. For example, a tag could emit critical information
only if it receives the correct password. However, password management poses a significant
challenge.
Tag pseudonymsAnother approach to password-based security is the use of tag pseudonyms.
Under this approach, RFID tags arent programmed with passwords, but change serial numbers each

RFID

VIDYA SAGAR
time they are read. This approach would make unauthorized tag tracking more difficult, but also
introduces issues of pseudonym management.

These are just some of the approaches that can help bring new security to RFID implementations.

6. Next Steps Toward Greater Data Security

Careful consideration and investigation by key players in the RFID technical community, as well as
an open and rational public debate, will help identify the approach that provides the right level of
securitywithout introducing burdensome computational demands, technological complexity, or
manufacturing cost increases.
Future generations of the EPCglobal protocol will lead the way to greater data RFID securityand
broader acceptance of RFID technology in the marketplace. It is clear that while EPC Generation 2
technology represents a step forward in RFID security, it is not the end of the journey. We should
not try to force-fit security into the existing Generation 2 protocol. Item-level tagging will require a
higher level of security that can only really be attained with new, Generation 3 technology.

RFID Security in the News

As a controversial new technology, RFID security issues often get attention in the press. Here we
summarize some of the latest stories and evaluate the real level of threat.
1. RFID Virus1

A group of Dutch scientists from the Faculty of Sciences in Amsterdam wrote recently in a joint
paper that RFID systems were vulnerable to viruses because RFID tags could be compromised and
infected with viruses by hackers. In short, they claimed that viruses could be transmitted via tags,
breaching the security of the RFID systems.
Level of Risk: Very low
This scenario is highly theoretical and unlikely in real-world implementations. Hackers cannot infect
an RFID system by compromising the tag, unless that system treats data as if it were codean
improbable and amateurish security mistake. Any well-designed RFID implementation would
eliminate the risk entirely.
2. Cell Phone Side Channel Attack2

At the 2006 RSA Security annual conference, cryptographers and data security specialists described
a side channel attack on a Generation 1 RFID tag using power-analysis of the systems energy
consumption. The attack required an oscilloscope and directional antenna. However, the group
predicted that similar power analysis attacks could be performed using common devices, such as a
cell phone. These devices could be modified to eavesdrop on an RFID system, infer passwords, gain
access, and send inappropriate kill messages.

RFID

VIDYA SAGAR

Level of Risk: Low

The technical complexity of this experimentconducted by expert cryptographersis very
daunting. Eavesdropping on RFID systems is quite possible, even using less-complicated equipment,
i.e., a rogue reader. However, the 32-bit password protection provided in Generation 2 provides a
higher barrier to eavesdropping. And power analysis is not something most hacker is going to be
capable of performing. In short, this attack is too complex to be worthwhile, and unlikely to succeed
in almost any scenario.
3. ExxonMobil SpeedPass Hack3

Researchers at Johns Hopkins University recently performed a successful hack of the Texas
Instruments RFID Digital Signature Transponder (DST) used in ExxonMobil SpeedPass systems. In
a detailed academic paper, the authors highlighted the steps they took to crack the key from a
deployed DST device using advanced, but widely available equipment, and some very smart
thinking. They used the information gathered to access the ExxonMobil system and purchase
gasoline.
Level of Risk: Real
This experiment highlights the need for stronger password protection within any RFID system.
However, its important to point out that the type of tags (DST) used within this level of RFID
system are very different than those used within EPC implementations. SpeedPass systems use older
technology with weak password protection. And the researchers conducting this experiment had
access to information on the password design that they located on the Internet. Less agile hackers
would have had a harder time making this security breach happen, but it is entirely possible. This
attack highlights the need for strong password protection and careful design to reduce the likelihood
of an attack within an EPC RFID implementation.

Sources
1. "Is Your Cat Infected With A Computer Virus" http://www.rfidvirus.org2/
2. "EPC Tags Subject to Phone Attacks" RFID Journal
http://www.rfidjournal.com/article/articleview/2167/1/1/
3. "Analysis of the Texas Instruments DST RFID" RFID Analysis http://rfidanalysis.org/

ThingMagic-powered Generation 2 RFID readers are available from a number of qualified partners.
Cisco, Cisco Systems, the Cisco Systems logo, and the Cisco Square Bridge logo are registered
trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other
countries. Other marks may be protected by their respective owners. ThingMagic, Mercury4 and
Reads Any Tag are protected marks of Trimble.