NIST Issues Guidelines for Ensuring RFID Security

April 27, 2007

Retailers, manufacturers, hospitals, federal agencies and other organizations planning to use radio frequency identification (RFID) technology to improve their operations should also systematically evaluate the possible security and privacy risks and use best practices to mitigate them, according to a report issued today by the National Institute of Standards and Technology.

“RFID tags, commonly referred to as smart tags, have the ability to improve logistics, profoundly change cost structures for business, and improve the current levels of safety and authenticity of the international pharmaceutical supply chain and many other industries,” said Under Secretary of Commerce for Technology Robert C. Cresanti. “This important report lays the foundation for addressing potential RFID security risks so that a thoughtful enterprise can launch a smart tag program with confidence.”

RFID devices send and/or receive radio signals to transmit identifying information such as product model or serial numbers. They come in a wide variety of types and can be as small as a grain of rice or printed on paper. Unlike bar coding systems, some RFID devices can communicate without requiring a line of sight, and over longer distances, for faster batch processing of inventory. They can be outfitted with sensors to collect data on temperature changes, sudden shocks, humidity or other factors affecting products.

However, as RFID devices are deployed in more sophisticated applications from matching hospital patients with laboratory test results to tracking systems for dangerous materials, concerns have been raised about protecting such systems against eavesdropping and unauthorized uses. The new NIST report focuses on RFID applications for asset management, tracking, matching, and process and supply chain control. It lists of recommended practices for ensuring the security and privacy of RFID systems, including firewalls that separate RFID databases from an organization’s other databases and information technology (IT) systems, encryption of radio signals when feasible, shielding RFID tags or tag reading areas with metal screens or films to prevent unauthorized access, and other security measures.

Two case studies—in health care and supply chain settings—provide examples for identifying and minimizing security risks throughout the various stages of an RFID project.

Citation: T. Karygiannis, B. Eydt, G. Barber, L.Bunn and T. Phillips. Guidelines for Securing Radio Frequency Identification (RFID) Systems (Special Publication 800-98), 154 pages. Available on-line at csrc.nist.gov/publications/nistpubs/800-98/SP800-98_RFID-2007.pdf .

Source: NIST

Explore further: Research examines global security and surveillance technologies

Related Stories

GE Global Research works on RFID tag for detecting explosives

February 17, 2015

Tech sites are talking about an explosives detector the size of a postage stamp. This is a wireless RFID (radio-frequency identification) sensor tag, battery-free. The tags are specially capable of chemical sensing. The company ...

NIST Advises on RFID Security Risks

May 1, 2007

The National Institute of Standards and Technology describes some potential dangers of implementing RFID and offers guidelines and best practices for mitigating the risks.

The perfect clone: Researchers hack RFID smartcards

November 3, 2011

Professional safecrackers use a stethoscope to find the correct combination by listening to the clicks of the lock. Researchers at the Ruhr-University Bochum have now demonstrated how to bypass the security mechanisms of ...

Recommended for you

Swiss unveil stratospheric solar plane

December 7, 2016

Just months after two Swiss pilots completed a historic round-the-world trip in a Sun-powered plane, another Swiss adventurer on Wednesday unveiled a solar plane aimed at reaching the stratosphere.

Solar panels repay their energy 'debt': study

December 6, 2016

The climate-friendly electricity generated by solar panels in the past 40 years has all but cancelled out the polluting energy used to produce them, a study said Tuesday.

Wall-jumping robot is most vertically agile ever built

December 6, 2016

Roboticists at UC Berkeley have designed a small robot that can leap into the air and then spring off a wall, or perform multiple vertical jumps in a row, resulting in the highest robotic vertical jumping agility ever recorded. ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.