Naik, As we know the RFID is a contactless identification technology that augments real-world objects with remotely-powered computing capabilities. Even though RFID-tagging of objects such as passports, pets, prisoners, and even the elderly seems revolutionary and unprecedented, RFID technology itself has a rich history that began with Identification Friend or Foe (IFF) systems during World War II. Lets charts out the RFID technology and its security and privacy threats and solutions.
Historical RFID-based systems faced constant security threats, and many of these attacks (and their defenses) have since been canonized as classical signal warfare and countermeasures. Examining RFID and its threats from a historical perspective lets us learn from past experiences. More importantly, looking back provides us as researchers with inspiration to devise new solutions, so we can lead RFID security research into the future. Lets come up with some good recommendations or ideas which can be implemented. The first step for us would be to know in & out of RFID. I have good links, which gives us lots of information on this subject: http://en.wikipedia.org/wiki/Radio-frequency_identification http://www.rsa.com/rsalabs/node.asp?id=2115 Moreover, I just wish to look into it from national security point of view as well because you know that the same RFID concept is being used for Delhi Metro (Railways domain), the rapid transit system in New Delhi (might come to more places in india). The impact on this domain wrt to RFID based hacks would be more compare to its utilization in other domains (Say: Asset tracking, product identification, access authentication, etc). To know more about Delhi Metro: http://en.wikipedia.org/wiki/Delhi_Metro Surprisingly, now that it has been demostrated that these ticketing system in Delhi metro based on RFID tokens can be hacked, we shall come up with the best security recommendations which anyone can follow incase of use of RFIDs. Please refer the below link for more information and video on Delhi Metro RFID hack: http://www.gadgetted.com/?p=193 Everyone can share your thoughts to come up with best-in-class recommendations for RFID technology. Lets document it and share it with appropriate officials in government. Thanks! Regards Sandeep Thakur On Fri, May 28, 2010 at 8:29 AM, Srinivas Naik <[email protected]> wrote: > > A British scientist has been > implanted<http://www.reading.ac.uk/sse/about/news/sse-newsarticle-2010-05-26.aspx>with > an RFID chip that contains a computer virus. The virus is reportedly > able to infect RFID readers and in this way spread to further RFID chips. > > In first tests for his proof-of-concept study, Mark Gasson at the > University of Reading has reportedly already managed to transfer the virus > to other systems from the chip implanted in his finger. Gasson, who became > known for such projects as his research into coupling the human nervous > system with computers, has launched these tests to highlight the risks of > the increasingly popular medical RFID implants. > > Such implants can serve a variety of purposes, including the identification > of Alzheimer patients or unconscious patients. In early 2002, for instance, > a family in the US caused a stir because all the family members wanted to > have transponder chips implanted for medical reasons. However, vendor > PositiveID <http://www.positiveidcorp.com/>, formerly called VeriChip, in > addition to RFID chips that provide identity also manufactures implants > which measure blood sugar levels and can be read using wireless technology. > > Gasson criticises that the use of RFID implants (with dubious benefits) has > become increasingly popular and commercialised, especially in the US. The > scientist points out that the technological advancements of critical > implants such as pacemakers and cochlear implants also make these components > vulnerable to unauthorised access and manipulations. Gasson intends to > present further results of his studies at the forthcoming "International > Symposium for Technology and Society" in Australia. > > Mark Gasson's concerns aren't new, as Minix creator Andrew Tanenbaum > already presented very similar ideas in mid 2006. Tanenbaum even wrote a > virus for vendor Oracle's RFID middleware which managed to use the 128 bytes > of available transponder memory to store a virus capable of spreading > through a database. > > *****Further details of times newspaper article is explained in this mail > technically. > > Source: TIMES INDIA > > Regards, > > Srinivas Naik > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<nforceit%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/nforceit?hl=en-GB. > -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
