RFID "Security": Point/Counterpoint
BusinessWeek published an interview last week with Scott McGregor of Phillips Semiconductor. Phillips is a leader in developing radio frequency identification (RFID) technology; Mr. McGregor breezily waves away concerns about the impact RFID use would have on privacy.
EFF's Chris Palmer took a quick look at the article; below, he responds to Mr. McGregor's assertions:
McGregor: "When I buy a garment, one of the first things I do when I get it home is cut off the tags. You can cut off RFID tags the same way."
RFIDs are tiny and will only get tinier. How do you cut them off when they're
embedded in an item? Sure, you can still zap them--but why should people have to zap all of their new purchases to avoid shedding data?
McGregor: "When the laser scanners were coming out [in supermarkets], everybody was saying, retailers are going to collect information about what you
buy. And none of that happened."
All of that happened.
McGregor: "Medical identification: Your medical information is stored on a chip, so if you have an emergency and are in a hospital, doctors can read your medical history in a secure way."
Your private medical information stored on a chip? How will it be secure? Is the
data to be encrypted? Cryptographic key management is a total debacle (DeCSS, anyone?).
And if the tag only stores and reports an index into a database, then the database itself becomes a giant book of keys. Is this database intended to be available on the Internet? If so, it's an open book.
McGregor: "Plus, contactless payments are cool--and Visa, when it implements them, will be able to give customers a higher-end, interesting product."
Having your card charged by some random thief because he doesn't require your signature is neither "cool" nor "interesting."
McGregor: "RFID could replace your keys, too. Most car manufacturers we're talking to will have a card you keep in your wallet or embedded into your cell phone. You get in your car, push start, and the reader in the car will read the card in your phone to make sure you're the car's owner."
Forged RFIDs will make car theft easy. Simply scan someone's RFID from a distance, then make an RFID that responds with the same information that theirs did.
But perhaps that problem would be solved with the use of cryptography--by having the host computer/cell phone perform the cryptographic protocol. But when it comes to cryptography...
McGregor: "We're the only company that can do high-level, triple DES encryption in a contactless RFID tag."
As Bruce Schneier and Niels Ferguson point out in Practical Cryptography, triple DES encryption is nothing to write home about: "3DES has a larger key [than DES], but it inherits both the weak keys and the complementation property from DES, either of which is enough to disqualify the cipher by our standards. It is also severely limited by its 64-bit block size, which imposes severe restrictions on the amount of data we can encrypt with a single key."