May 13, 2008This article was originally published by RFID Update.
May 13, 2008—NeoCatena Networks plans to release a new product next month that will serve as a firewall to prevent fraudulent or malicious tag data from entering enterprise systems. The Silicon Valley startup was formed by a researcher who previously demonstrated RFID passports could be cloned, and who maintains that most RFID systems used today are insecure.
"RFID is just another data channel into the enterprise, and it is a channel that hasn't been secured," NeoCatena Networks co-founder Lukas Grunwald told RFID Update. "The security available for the internet has not been used for RFID."
In response, NeoCatena Networks is developing RF-Wall, an appliance to be installed between RFID readers or controllers and middleware servers, edge servers, or host applications in networked RFID systems. The product acts as a firewall that authenticates RFID tags prior to allowing their data to pass into enterprise systems, and also scans input to detect and block malware. RF-Wall works by using the unique tag ID to create a digital signature. If the tag has been cloned or the ID otherwise tampered with, the digital signature calculation will detect it, according to Grunwald.
NeoCatena is the second startup to recently advance digital signature-based RFID security, joining Veratag, which announced a system based on MEMS resonator technology (see Startup Adapting MEMS Technology for RFID Authentication).
NeoCatena's RF-Wall can be applied to multiple RF frequencies and has worked well with HF and UHF systems. The first release planned for late June will support the EPCglobal Low Level Reader Protocol (LLRP) standard to simplify integration with Gen2 systems, and will also support two vendor-specific reader protocols, Grunwald said. A single RF-Wall appliance can support up to 15 LLRP-compatible readers. NeoCatena will initially focus its marketing to RFID systems integrators, and will also offer it to reader manufacturers to integrate with their offerings.
Grunwald said the system would not be used in fare collection applications because it is designed for networked systems, but the technique would detect fare cards that had been counterfeited or altered, which recently became a concern (see Yet Another RFID Hack Could Affect Up To 1 Billion Cards).
NeoCatena is focusing on the supply chain market. The RF-Wall is currently in beta testing with a European pharmaceutical company and a company in the Middle East with extensive supply chain operations, according to Grunwald. Potential applications include pedigree and product authentication. The company's literature describes what it claims was a real-world hack in which an RFID tag on a bottle of Dom Pérignon was rewritten with another SKU so the champagne rang up for $4.25 at the checkout counter.
"There are plenty of attacks you can do on RFID tags throughout the supply chain," said Grunwald. "For example, the kill command for an EPC tag is one byte, so you can easily guess it."
The memory on EPC Gen2 tags can be password-protected against reading and writing, and the standard also supports other reader authentication features, but Grunwald said these measures are inadequate.
Questions about RFID security have been raised repeatedly through the years. The industry has often responded by pointing out there have been very few successful, real-world hacks, and that various RFID standards support encryption and authentication, while other security techniques can be applied to equipment and networks. The result is confusion among potential users, which a recent study confirmed (see Study: Consumers Misunderstand RFID and Its Security).
Grunwald has seemingly made it his mission to raise awareness about potential RFID security shortcomings. He is the hacker who caused a stir in 2006 when he demonstrated the cloning of German e-passports (see New RFID Passport Scare -- Does it Matter?), and was profiled by Wired and the BBC. Two years before that he authored RFDump, an RFID-hacking utility. Grunwald told RFID Update he has eight years experience in IT security and previously founded DN-Systems, an information security consulting company in Germany, which gained attention for its efforts in exposing passport flaws.
