Feb 19, 2014GS1 has ratified a new version of the EPC Gen 2 ultrahigh-frequency RFID standard, which includes features that companies in many industries will find useful (see GSI Ratifies EPC Gen2v2 , Adds Security Features, More Memory). The hardware and firmware RFID vendors are developing to support the new Gen2v2 standard will likely incorporate different features designed for specific applications. In this column, we'll examine the software implications for using the new standard to build security and anticounterfeiting applications, previously available only in active or proprietary passive systems.
The Gen 2 protocol is vulnerable to cloning, because a counterfeiter can read the unique Electronic Product Code in an RFID tag and program it into a different tag that is indistinguishable to the reader. The tag manufacturer's tag identifier (TID) can also be cloned.
Gen2v2 solves the cloning issue by providing a secret authentication key that is programmed into the tag. Unlike an EPC or TID, this key cannot be read from the tag. Instead, a reader "challenges" the tag by sending it a random number. The tag encrypts that number using the secret key and sends the response back to the reader. The reader uses the secret key to decrypt the response. If the decrypted response matches the challenge, the tag is genuine. A counterfeiter cannot read the secret key or figure it out by listening in to the conversation between a tag and a reader. Without the key, it's impossible to clone a tag that a reader will authenticate.
To use this feature, companies must consider three new software requirements when procuring or upgrading their RFID applications or middleware. The application that programs the tag must choose a secret key—typically, a random number—and program that along with the EPC and other information. The application reading the tag must instruct the reader to issue a challenge, check the response and signal an error if there is no match. And a new database must manage the keys. The programming application stores the secret key associated with each EPC, and the reading application queries the database to get the key for verification. Obviously, access to this database must be secured.
RFID solution providers say the transportation sector is eyeing the new standard, because it allows operators of electronic highway tolling systems to switch from active tags to less expensive passive tags, with confidence that vehicles have legitimate tags and not unauthorized clones.
Authentication also works in the other direction: The tag can challenge the reader. This approach might be used in an RFID tag subway pass, in which the pass accepts a command only from a kiosk (the reader) to increase the dollar balance if it confirms that the kiosk is legitimate, and not being spoofed by a thief's device.
Ken Traub is the founder of Ken Traub Consulting, a Mass.-based firm providing services to companies that rely on advanced software technology to run their businesses. Send your software questions to swsavvy@kentraub.com.