Retailers, manufacturers, hospitals, federal agencies and other organizations planning to use radio frequency identification (RFID) technology to improve their operations should also systematically evaluate the possible security and privacy risks and use best practices to mitigate them, according to a report issued today by the National Institute of Standards and Technology.
“RFID tags, commonly referred to as smart tags, have the ability to improve logistics, profoundly change cost structures for business, and improve the current levels of safety and authenticity of the international pharmaceutical supply chain and many other industries,” said Under Secretary of Commerce for Technology Robert C. Cresanti. “This important report lays the foundation for addressing potential RFID security risks so that a thoughtful enterprise can launch a smart tag program with confidence.”
RFID devices send and/or receive radio signals to transmit identifying information such as product model or serial numbers. They come in a wide variety of types and can be as small as a grain of rice or printed on paper. Unlike bar coding systems, some RFID devices can communicate without requiring a line of sight, and over longer distances, for faster batch processing of inventory. They can be outfitted with sensors to collect data on temperature changes, sudden shocks, humidity or other factors affecting products.
However, as RFID devices are deployed in more sophisticated applications from matching hospital patients with laboratory test results to tracking systems for dangerous materials, concerns have been raised about protecting such systems against eavesdropping and unauthorized uses. The new NIST report focuses on RFID applications for asset management, tracking, matching, and process and supply chain control. It lists of recommended practices for ensuring the security and privacy of RFID systems, including firewalls that separate RFID databases from an organization’s other databases and information technology (IT) systems, encryption of radio signals when feasible, shielding RFID tags or tag reading areas with metal screens or films to prevent unauthorized access, and other security measures.
Two case studies—in health care and supply chain settings—provide examples for identifying and minimizing security risks throughout the various stages of an RFID project.
Citation: T. Karygiannis, B. Eydt, G. Barber, L.Bunn and T. Phillips. Guidelines for Securing Radio Frequency Identification (RFID) Systems (Special Publication 800-98), 154 pages. Available on-line at
http://csrc.nist.gov/publications/nistpubs/800-98/SP800-98_RFID-2007.pdf .
Source: NIST
Related stories:
Electromagnetic interference from some identification devices may pose hazards to medical equipment
The use of radio frequency identification devices appears to have the potential to cause critical care medical equipment to malfunction, according to a study in the June 25 issue of
JAMA.
Better business decisions with real-time data
They may look like ordinary washers and dryers to you, but to Hemant Jain they are the first steps into the future.
New research seeks to enhance quality and security of wireless telemedicine
A team of researchers led by Fei Hu, assistant professor of computer engineering at Rochester Institute of Technology, is working to advance the integration of radio frequency identification technology, also known as RFID, into cardiac sensor networks, a new wireless technology for telemedicine delivery. The team will also work to enhance the security of the systems used in the process, thereby reducing the possibility of identity theft and cyber-terrorism.
Laser-based device offers alternative to video surveillance
Surveillance systems take on a new look with a technology developed by researchers at the Department of Energy’s Oak Ridge National Laboratory.
Bermuda to Put RFID in All Vehicles on Island
Bermuda is using RFID technology to automate vehicle registration, compliance and enforcement.
NIST Advises on RFID Security Risks
The National Institute of Standards and Technology describes some potential dangers of implementing RFID and offers guidelines and best practices for mitigating the risks.
Protecting electronic information from theft, abuse research goal
Learning to design computers so that personal and security information can be protected from theft or abuse is the goal of Virginia Tech College of Engineering researcher Patrick Schaumont, who has received a National Science Foundation Faculty Early Career Development Program (CAREER) Award.
Researchers to Boost 'Smart Tag' Security
Johns Hopkins researchers will take part in a new multi-institution project to improve the security of "smart tags," the wireless devices that allow drivers to zip through automatic tollbooths and let workers enter a secured area with the flash of a card.