Privacy vs. Security on the DASH7 Wireless Sensor Networking Blog

The concepts of security and privacy are related, but different, and people often confuse the two issues. SecureRF’s CEO, Louis Parks, tackles this topic in his first posting for the DASH7 Wireless Sensor Networking Blog.

His post, Privacy vs. Security, lays down a foundation on what is security versus privacy, in a general, non-specific product way.
Future postings will cover:

• “What is security?” and describe related tools and functions.
• How you put these tools together to create security protocols that address real world issues.
• Security on a DASH7 platform.
• Addressing and describing the security needs and solutions for different applications and industries of interest to the DASH7 Alliance.

Pat Burns, President of the DASH7 Alliance, starts the conversation with his posting - Introducing Louis Parks.

The DASH7 Alliance was formed to advance the use of DASH7 wireless data technology by developing extensions to the ISO 18000-7 active RFID standard, ensuring interoperability among devices, and educating the market about DASH7 technology.  SecureRF is now a member of this organization.

In the News - Mikoh

Fellow RFIDSA member, Neil Mitchell of MIKOH Corporation Limited, had an article published in the July/August issue of Miltary Embedded Systems.  It is titled  "RFID and asset authentication: Enabling true security measures," and can be viewed at http://www.mil-embedded.com/articles/id/?4787.

RFID Security Alliance Examines Risks

RFID Security Alliance Examines the Risks Associated with Wal-Marts Recently Announced Shift of RFID Technology from the Warehouse into its 3,750 U.S. Stores

Wal-Mart Continuing to Drive the Industry Adoption and Risk Management of RFID Tags in the Retail Market

Sausalito, CA, July 27, 2010 – With over 250 million RFID (Radio Frequency Identification) tags being put into Wal-Mart’s men’s basics, across Wal-Marts 3,750 U.S. stores, the RFID Security Alliance (“RFID SA”) has been receiving a number of inquiries from the public questioning the security and privacy of their personal information and their risks when purchasing such merchandise.

“We at the RFID SA take an active role to educate the industry and lay person of the advantages and risks associated with RFID based solutions and are deeply committed to insuring that everyone’s information remains private and secure in a well implemented RFID solution” said RFID SA Chairman Michael McCartney. He continued “In reviewing the details of this use-case we find the threat to privacy to be very low and in fact not dissimilar to that of bar codes that it is designed to replace. The removable tags are attached to the garment in the same manner as the conventional bar code tags, with a plastic or cotton loop or tie. Additionally, once removed, these tags can also be permanently disabled with a pair of scissors rendering them irrevocably unreadable so even once the tag is disposed of at the home, the tag can no longer be accessed”.

Additionally, since the information, as the RFID SA understands it, is basic inventory information used to keep track of in stock jeans and apparel items, the RFID SA seriously doubt how useful this non-personal information might be to anyone other than Wal-Mart.

At the RFID SA, we will continue to perform due diligence on this project and others to determine what is the threat level to the public’s privacy. We also will continue to educate the RFID industry on best practices and to make certain that the level of security is high enough to protect the consumer and the markets use of RFID technology. RFID can provide huge cost savings to the industry that will also be passed onto the consumer and will also allow faster and more efficient checkout and returns. While a poorly implemented system could be open to risk, the RFID SA is promoting industry best practices to insure all RFID implementations provide all the benefits with minimal risks.

About the RFID Security Alliance
The RFID Security Alliance (RFIDSA) was founded as a resource for the RFID industry, driving market education and discussion about security and privacy issues surrounding the use of RFID technologies, solutions and applications. More information about RFID SA can be found on its Web site at www.RFIDSA.com. Insights into RFID Security can be also found on the association’s blog at http://rfidsa.blogspot.com/ or contact Anna Haight at Anna.Haight@RFIDSecurityAlliance.org.

India Wide ID system and more at RFIDSA meeting on 6/10

At this month's RFID Security Alliance meeting Mohinder Sikka of Sensitel, Inc. will be providing information about the India Wide Identification system which is being implemented.  Q&A session to follow.

This open discussion will be followed by a RFID Security Alliance business meeting.


You are welcome to join us.

Meeting Details:
Thursday, June 10
10:00 a.m. – 11:00 a.m. PST / 1:00 p.m. – 2:00 p.m. EST

To participate:
Dial in Phone Number: 218.936.7999
Access code: 413685# (Follow the prompts)
Physical Location: QLM Consulting, Sausalito CA

First human ‘infected with computer virus’ - Another example of “spreading the fear”

Contributed by Neil Mitchell, RFIDSA Vice Chairperson

Another example of how RFID is “being connected” in negative technology reporting occurred this week from one of the respected news sources. The BBC reported on a University researcher who embedded himself with an RFID device that is used to open the doors in the university and enable his cell phone. However, the device was purposely embedded with a computer virus intended to infect other such similar implants. The fear factor is the potential spread of this computer virus between similar embedded devices in people (that happen to use RFID to communicate). Examples they have included Pace Makers and Deep Brain Stimulators that actually do not contain RFID readers. This fact was conveniently overlooked.

While a very valid topic (protecting human embedded devices from viruses), little attempt was made to distant the RFID technology as cause of the technology weakness. There are no cases of this “in the wild” today although this is a very valid topic that the RFID Security Alliance is also monitoring.

Fellow RFIDSA member and security consultant, Lukas Grunwald, pointed out that “This is the classical Riebeck scheme.” More information on RFID viruses can be found at Dr Melanie Rieback’s homepage: www.cs.vu.nl/~melanie/ and http://www.rfidvirus.org/.

The BBC’s story is here: http://news.bbc.co.uk/2/hi/technology/10158517.stm.

Insights into the Spring Conference Season

Members of the RFID Security Alliance have been busy attending conferences all over the globe. These attendees are going to share their insights about these recent events at our next RFIDSA meeting.

• INTERPHEX Pharmaceutical Conference - Louis Parks, CEO of SecureRF
• RFID Journal Live - Michael McCartney, QLM Consulting and Chair, RFIDSA
• United Fresh - Michael McCartney, QLM Consulting and Chair, RFIDSA
• Pan-European High Security Printing Conference - Lukas Grunwald, Neocatena

Also, Tim Downs will talk about two upcoming events:

• Smart Grid Cyber Security Summit
• Life Sciences Information Security conference

This open discussion will be followed by a RFID Security Alliance business meeting.

You are welcome to join us.

Meeting Details:
Wednesday, May 12
10:00 a.m. – 11:45 a.m. PST / 1:00 p.m. – 2:45 p.m. EST

To participate:
Dial in Phone Number: 218.936.7999
Access code: 413685# (Follow the prompts)

Physical Location: QLM Consulting, Sausalito CA

Video: The Use of RFID in Supply Chain Security

Contributed by Joanne C. Kelleher

Last week was the annual INTERPHEX Conference for pharmaceutical manufacturers and packagers. Editors of BioPharm International and Pharmaceutical Technology conducted a series of in-depth conversations with speakers, industry stakeholders and thought leaders.

RFID Security Alliance members Louis Parks, CEO of SecureRF and Bikash Chatterjee, CTO of Pharmatech Associates, along with Anthony Palermo, Director of the RFID Centre of Excellence were interviewed together about the use of RFID in supply chain security.

You can view their interview at http://interphexvideocast.com/media/index.php?vid=Bikash_Anthony_Louis.

All of the interviews conducted at INTERPHEX are at http://interphexvideocast.com/

RFIDSA at INTERPHEX 2010

Members of the RFID Security Alliance (RFIDSA) are participating in a discussion at the 2010 INTERPHEX conference titled “Securely Implementing RFID in the Pharmaceutical Supply Chain.”  The talk will be presented on Wednesday, April 21, 2010 from 2:15PM - 3:45PM at the Jacob K. Javits Center in New York, NY.

Participants include these RFIDSA members:

• Louis Parks, President and CEO of SecureRF Corporation
• Bikash Chatterjee, President and CTO of Pharmatech Associates Inc.

We hope you will be able to attend their session.  Not yet registered for INTERPHEX?  As a speaker, they have the ability to extend a 15% registration discount to friends and colleagues.  Go to http://www.interphex.com/speaker.  This link will access the official INTERPHEX website which contains complete event details including the full Conference program and online registration. The speaker discount has been programmed into the link and will automatically display reduced pricing when you begin the registration process.

RFIDSA at RFID Journal LIVE 2010

RFID Journal LIVE 2010 is next week, April 14-16 in Orlando, FL.

Michael McCartney, RFID Security Alliance's chairperson, will be speaking in the RFID for IT Professionals track. His talk, titled RFID Security: Potential Threats, Their Impact and Solutions, will be presented on 4/14 at 11:30 am.

If you are going to this conference, please attend this session and introduce yourself to Michael.

Notes on InterTraffic Conference

RFIDSA's Vice Chairperson, Neil Mitchell, shared his insights about the InterTraffic Conference. 
---------------

InterTraffic was held over 4 days this month from March 23rd – 26th in Amsterdam. The show runs every 2 years and has considerably expanded from the show 2 years ago (having almost tripled in size!). It is a broad based traffic event and not solely focused on RFID or security technologies. While some portions of the show are not relevant to MIKOH and the RFID Security Alliance there are significant key parts that are.

ITS (Intelligent Traffic Systems) and Cooperative Systems which are highly relevant took up 1/3 of the show and Safety and Infrastructure that had parts that were relevant and parts that were not took up another 1/3 of the show.

Attendance was mostly European but there were significant attendance from beyond including North and South America, Asia (including Russia and China), and Australia.

Major themes from the show were:
• Increased use of video based vehicle tracking (free flow, parking, security etc). Note: Clearly video based tracking has hugely varying read rates from 65%-95%) and if to be used as a revenue generating activity is often used in addition to a technology such as RFID to fill that significant gap (unless in a more controlled environment such as parking).
• Vehicle networking and traffic management using vehicle-to-vehicle communication (of information such as speed, time, GPS location etc). There was actually a live demo around Amsterdam of this technology. RFID tags on vehicles can be part of this solution but is likely to be used only if employed for other reasons beyond just this.

While the theme of security was present, it was mostly from the point of view of vehicle security (high level tracking and monitoring) and less so the detailed issues relating to tag security.

The show was generally, highly relevant for anyone involved in Automatic Vehicle Identification (e.g. Electronic Vehicle Registration, tolling, parking etc) and a very good meeting place for customers, partners and relevant industry bodies.

Karsten Nohl to Discuss Hacking Mifare and other 'secure' RFID on 1/13/2010

The RFID Security Alliance has changed the format of their monthly meetings and will now start with a discussion of a topic of interest. On January 13, 2010 researcher Karsten Nohl will mark the 25th anniversary month of declaring Mifare insecure by leading a discussion about Mifare and several other types of 'secure' RFID which have been broken in the meantime (HID, Legic).

Questions to be covered include:

• How have the hacks on the Mifare transit cards impacted new projects?
• How have existing systems been protected?
• What is status of Mifare Plus?
• How have other systems been broken?

Karsten bridges the three worlds of academic research, hacking, and industry. His academic research with the University of Virginia focuses on privacy protection in large networks. His hacking projects-- at H4RDW4RE in the Silicon Valley or with the CCC in Berlin--assess (and usually break) proprietary cryptography. Finally, his consulting job at McKinsey helps him understand why corporations often choose technically inferior solutions.

 

The meetings can be joined in person in California or via conference call. If you want to participate in next week's call (Wednesday, 1/13) on this topic, you are welcome to join us at 10 AM PST / 1PM EST. After this discussion and an open Q&A you can stay on the call for RFIDSA internal business topics if you wish.

Dial in Phone Number: 218.936.7999
Access code: 413685# (Follow the prompts)

RFID Security Alliance meetings are usually scheduled for the second Wednesday of each month at 10 AM PST / 1PM EST. More info about the RFID Security Alliance is at http://www.rfidsa.com/ or via the LinkedIn Group at http://www.linkedin.com/groups?gid=62849.

Contributed by Joanne C. Kelleher

RFIDSA Marketing Committee