The following was contributed by a consultant at a large consulting firm who did not want to be publicly identified. He has years of experience in auto-ID technologies, and I felt it was worth sharing his views anonymously.
Any type of identification device cannot be relied upon in isolation to achieve robust security. It is crucially important to understand that any type of authentication system must be just that, a systems-based approach to authentication. It is fallacious to think that just because the token (tag) can be replicated -- although with orders of magnitude greater difficulty than a bar code or magnetic stripe -- that the application of RFID to authentication, tracking and tracing is fundamentally flawed (pharmaceuticals, for example), because it is not.
There are critical elements of investigation that will be part of the technology assessment being led by the HDMA (in close collaboration with EPCglobal, including academia), pursuant to meeting the FDA's proposed use of RFID systems for drug anti-counterfeiting, such as the use of "watermark codes" which are separate from and unrelated to the data (the EPC in this case), in order to make the systems more robust. This was proposed during EPC RFID tag development work, but, with the focus on Class 1 "elementary license plate" devices of minimum cost, primarily intended for tracking relatively low value FMCG products, such "high class" developments have been delayed till now. Perhaps the Class 2 tag working group will take such issues into account.
It should be noted that the apparently academically motivated "attack" on the Texas Instruments Digital Signature Transponder (DST) reported in the New York Times article on Jan. 29, was, in fact, "research" that was commercially motivated; this work was funded by RSA Security, Inc., which has a vested interest in breaking non-RSA encryption techniques.
Illustrative of the notion that there needs to be system-wide checks and balances on device (tag) authentication, note that ExxonMobil Speedpass® system incorporates robust system-wide security measures to combat the potential of fraudulent attacks on the Speedpass loyalty/payment systems, which employ the same class of RFID products as used in automotive security systems.
Note too that the referenced report declares that the students simulated -- not replicated -- just one DST keyfob tag. This distinction is important to understand in the context of seeking to replicate a tag attached to (or embedded in) drug packaging. Such [commercially motivated] hacking (in this case thinly disguised as "academic research") has consistently led to improvements in security techniques, and for this reason I applaud the work of "sophisticated hackers" continually keeping product manufacturers and software developers on their toes.
In respect of the demands for more secure methods of identifying, authenticating, tracking and tracing (four distinct but related functions) drugs—or more precisely, primary packaging for drugs—RFID unquestionably has a place, since it is demonstrably one of the most robust identification and data capture technologies on the market, many orders of magnitude more difficult to replicate a tag than, for example, a printed bar code.
The correct way of thinking about "the problem" is to address the demands from a systems (holistic) perspective, in which, RFID or other forms of data carrying or authentication technologies are simply a part of the overall "jigsaw puzzle" solution. In the domain of the data carrier, aside from the distinctions between the differing forms of code carrying devices, the problem of identification reduces to one of data.
In favor of RFID, it is demonstrable that a tag can and will carry subliminal data which permits further authentication of the device which issued (physically originated) the tag or label; for example, the MAC address of the issuing device - not the IP address, which is transient in a DHCP environment - could be embedded in the tag, and hence a "rogue tag" with apparently legitimate identification data (an EPC, for example) would also need to contain the correct issuing device IP address for the product to be deemed authentic. This, coupled with peripheral device registration and authentication, as featured in the 3M HighJump Smart Device Manager, GlobeRanger's iMotion platform (and other "RFID middleware" packages), which is especially for printer / encoders or reader / programmers that are originating EPCs (for example), and fed back to enterprise applications, is a further means of improving the security of systems developed to address the identification and authentication functions.
Login and reply to this post!
Not a member?
Signup for an account now to access all of the features of RFIDJournal.com!