Wednesday, January 5, 2011

Privacy Issues in RFID Technology

RFID, like any other information technology, has inherited security and privacy risks; some, are due to technological limitations while others are a result of a incorrect deployment and usage. Office of the Privacy Commissioner of Canada (2008) believes that “RFID may have dramatic implications for privacy protection and that it is now necessary to identify good practices for organizations subject to the PIPEDA and the Privacy Act.” Regardless, by understanding the risks and applying security best practices, one can significantly reduce the privacy exposure. Tom Karygiannis (2007) concludes that “for RFID implementations to be successful, organizations need to effectively manage that risk, which requires an understanding of its sources and its potential characteristics”. We also need to distinguish between privacy and security concerns; not every security issues is related to information privacy, whereas a proper security of personal and private information is required by privacy laws and Information Fair Usage legislation.
The main privacy concern, ability to track and identify the tag carrier, has it roots in the historical purpose of the RFID tags which is “tagging objects like shipping containers, munitions, automobile parts, or even live cattle” (Juels, Ari, and Stephen A. Weis. 2009) and since it is highly unlikely that a person would be carrying a shipping container or cattle, individual privacy was not considered an issue. By carrying an RFID enable item, a personal identity could be compromised and it could happen without owners knowledge that his/her identity was acquired by a 3rd party.
Furthermore, association could be established between a person and private information such as citizenship, medical prescriptions and personal interests. For example, from 2006 U.S. Department of State issues RFID enabled passport which “contains the name, nationality, gender, date of birth, and place of birth of the passport holder, as well as a digitized photograph of that person” (Grant Gross, 2005). and although the information is encrypted, a simple scan of a crowd in the airport could identify US citizens. Juels, Ari, and Stephen A. Weis. (2009) confirm that “even if the semantic meaning of information on tags is well protected, tags may still be recognizable between appearances, and thus subject to tracking”. Or, by caring a prescribed drug a person could unintentionally leak medical information which could be “picked up” remotely, without owners knowledge.
In addition, by needlessly storing information which is protected by privacy laws, one takes unnecessary risk, even if steps are taken to protect the information. For example, an encryption algorithm employed to protect the digital information of Dutch citizens embedded into e-passport was cracked within 2 hours of it being intercepted “giving full access to the digitized fingerprint, photograph, and all other encrypted and plain text data on the RFID tag” (Thomas Ricker 2006). Even more interesting is the fact that the same ISO 14443 RFID tag and encryption scheme is used by the RFID enabled passports issued by the U.S. Department of State.
To address security and privacy concerns, we need to understand the core of the problem. According to Marc Langheinrich (2009) “the core RFID privacy problem is that of unauthorized tag readout: with the help of wireless communication, third parties can in principle read the tags of personal items from large distances, and without any indication that such a readout is taking place” therefore by controlling the remote access to the information has the utmost importance. There are a number of possible approaches to control access to the information including tag deactivation and tag shielding. The first, could be implemented using “kill switch” or “kill command” to permanently deactivate the tag either automatically (command from a RFID reader) or manually, or by using a “sleep command” to temporary disable the attached RFID tag. The second approach is usually implemented using either The Faraday Cage, Jamming and Blocking Tag approaches (Sitlia, Hanan, Habib Hamam, and Sid-Ahmed Selouani. 2009). This approach is used by the U.S. Department of State whereby all issued passports are provided with the "antiskimming" sleeve that reduces the RFID tag effective range.
Furthermore, encryption could be used as a potential technical solition to safeguard the information stored on RFID tags, and although it is often seems as a obvious solution many porposed schemes are ingnord mainly due to difficulties assossiated with the key management. Marc Langheinrich (2009) summarises “consequently, encryption might only work well in controlled systems such as payment cards and identification systems”.
Additional technical solutions to RFID privacy concerns is reader authentication where the interegating party (the reader) has to provide a secret key before RFID tag disclose stored information. In the simples implementation, the tag will hash and compare the value of the provided “challenge response” key known only to the legitimate reaaders. An extention to the authentication scheme was proposed by Weis at al. to reduce the risk assossiated with usage of static hash value (posibility of a brute force attack).
Lastly, a number of policy makers require organizations to assign accountable for privacy compliance who “must be aware of all collections of personal information by the RFID system and all subsequent uses, disclosures and the retention period” (Office of the Privacy Commissioner of Canada, 2008). Furthermore, the accountable individual has to complete the Privacy Impact Assessment (PIA) to ensure that RFID system complies with the privacy laws.


  • Gross, Grant (2005), United States to Require RFID Chips in Passports [online]. PCWorld. Available from: (accessed January 4, 2011).
  • Juels, Ari, and Stephen A. Weis. 2009. "Defining Strong Privacy for RFID." ACM Transactions on Information & System Security (TISSEC) 13, no. 1: 7-7.23. Computers & Applied Sciences Complete, EBSCOhost (accessed January 4, 2011).
  • Langheinrich, Marc. 2009. "A survey of RFID privacy approaches." Personal & Ubiquitous Computing 13, no. 6: 413-421. Computers & Applied Sciences Complete, EBSCOhost (accessed January 4, 2011).
  • Office of the Privacy Commissioner of Canada (2008). Radio Frequency Identification (RFID) in the Workplace: Recommendations for Good Practices. A Consultation Paper. Available from: (accessed January 4, 2011).
  • Sitlia, Hanan, Habib Hamam, and Sid-Ahmed Selouani. 2009. "Technical Solutions for Privacy Protection in RFID." European Journal of Scientific Research 38, no. 3: 500-508. Academic Search Complete, EBSCOhost (accessed January 4, 2011).
  • Spiekermann, Sarah. 2009. "RFID and privacy: what consumers really want and fear." Personal & Ubiquitous Computing 13, no. 6: 423-434. Computers & Applied Sciences Complete, EBSCOhost (accessed January 4, 2011).
  • Tom Karygiannis, Bernard Eydt, Greg Barber, Lynn Bunn and Ted Phillips (2007), Guidelines for Securing Radio Frequency Identification (RFID) Systems [online]. National Institute of Standards and Technology (NIST). Special publication 800-98. Available from: (accessed January 4, 2011).
  • Thomas Ricker (2006). Dutch RFID e-passport cracked -- US next? [online]. Available from: (accessed January 4, 2011).

No comments:

Post a Comment