Friday, January 05, 2007
Dr. Ari Juels expresses concern about the unsecure RFID threat becoming real.
It is the first week of January, and forecasts here in Boston call for highs of almost 60F. In the throes of unseasonable spring fever, and with the convenience of snow-free streets, it is not easy to muster sympathy for polar bears laboring under the hardships of global warming. I know, however, that their discomfort on the northern fringes of the continent signifies a larger encroaching problem--one that may someday affect me.
What prompts me to spare a thought for those creatures in the distant north is a question about RFID (Radio-Frequency Identification), a broad term for wireless microchips. During a recent discussion about the convenient RFID (tap-and-go) transit cards recently introduced in the Boston area, a colleague of my wife asked why I care about RFID privacy so much. He added, "I don't. I've got nothing to hide."
In fact, I don't care enormously about my own privacy. And I myself fully intend to use the new transit cards; RFID is a splendidly convenient technology. Yet I care deeply about the privacy and security of RFID in a broad sense. At the fringes of deployment, these things will matter very much. And someday they could affect me.
RFID won't just be a sporadic convenience. It will underlie a pervasive infrastructure of billions or trillions of devices. RFID tags are already present in our car keys, passports, credit cards, and building-access badges. (You may be carrying several without knowing it.) Eventually, RFID tags will proliferate into our clothing, food packaging--and nearly everywhere else. As with all technologies, the RFID devices and standards that we use today, with all their quirks and flaws, will linger and proliferate for decades.
The PASS (People Access Security Service) card, a border-crossing document proposed by the Department of Homeland Security, offers an excellent object lesson in the ripple effects of RFID security. DHS advocates the use in PASS cards of a type of RFID device known as an EPC tag (Class-1 Gen-2, to be precise). EPC tags are essentially next-generation wireless barcodes, designed for use on crates and pallets and ultimately in consumer products.
For identity documents, EPC tags are an indefensible choice. The DHS favors them because of their relatively long read range: Border checkpoints could scan EPC-tagged PASS cards placed on automobile dashboards, avoiding the need for travelers to leave their vehicles. But the cloning of an EPC tag--that is, the creation of a spoof device--is a simple matter for an attacker with basic expertise. The long range of EPC tags therefore poses a twofold danger: First, an imposter could (clandestinely) scan and clone a PASS card without coming into close physical proximity; Second, the long read range of PASS cards--i.e., their very convenience--will encourage immigration officials to examine travelers at a distance and perhaps, therefore, with limited scrutiny.
You may not care personally about the privacy or security features of wireless chips on cartons of paper in a warehouse. Perhaps you don't even think you care about the risk of someone physically tracking you by means of the RFID-tagged cards in your wallet. But in the post-9/11 world it is unwise to take border security lightly.
Likewise, while you may not care about your own privacy, the physical privacy of RFID-bearing political activists at home and abroad supports political liberties that matter indirectly to everyone. While you may not care about whether someone can clone the RFID chip on your sweater, you may care if a thief can clone the chips in your credit cards, automobile keys--or passport. While it may not matter if RFID tags on pallets of carrots are vulnerable to counterfeiting, it will most certainly matter when RFID is used to secure the world's supply of pharmaceuticals.
PASS cards are one instance of a trend toward the use of RFID in official documents. The REAL ID Act mandates by 2008 what will in effect be a national ID card for the United States. RFID could well be a compulsory or strongly encouraged component of REAL ID. (A DHS report deprecates the use of RFID for human identification, but the PASS proposal does not augur well for DHS caution around RFID in practice.)
For most of us, poor RFID privacy and security are threats merely hovering far to the north. I for one, however, care very much today.
Other entries regarding: RFID , Identity Protection