NIST Issues Guidelines for Ensuring RFID Security

Apr 27, 2007

Retailers, manufacturers, hospitals, federal agencies and other organizations planning to use radio frequency identification (RFID) technology to improve their operations should also systematically evaluate the possible security and privacy risks and use best practices to mitigate them, according to a report issued today by the National Institute of Standards and Technology.

“RFID tags, commonly referred to as smart tags, have the ability to improve logistics, profoundly change cost structures for business, and improve the current levels of safety and authenticity of the international pharmaceutical supply chain and many other industries,” said Under Secretary of Commerce for Technology Robert C. Cresanti. “This important report lays the foundation for addressing potential RFID security risks so that a thoughtful enterprise can launch a smart tag program with confidence.”

RFID devices send and/or receive radio signals to transmit identifying information such as product model or serial numbers. They come in a wide variety of types and can be as small as a grain of rice or printed on paper. Unlike bar coding systems, some RFID devices can communicate without requiring a line of sight, and over longer distances, for faster batch processing of inventory. They can be outfitted with sensors to collect data on temperature changes, sudden shocks, humidity or other factors affecting products.

However, as RFID devices are deployed in more sophisticated applications from matching hospital patients with laboratory test results to tracking systems for dangerous materials, concerns have been raised about protecting such systems against eavesdropping and unauthorized uses. The new NIST report focuses on RFID applications for asset management, tracking, matching, and process and supply chain control. It lists of recommended practices for ensuring the security and privacy of RFID systems, including firewalls that separate RFID databases from an organization’s other databases and information technology (IT) systems, encryption of radio signals when feasible, shielding RFID tags or tag reading areas with metal screens or films to prevent unauthorized access, and other security measures.

Two case studies—in health care and supply chain settings—provide examples for identifying and minimizing security risks throughout the various stages of an RFID project.

Citation: T. Karygiannis, B. Eydt, G. Barber, L.Bunn and T. Phillips. Guidelines for Securing Radio Frequency Identification (RFID) Systems (Special Publication 800-98), 154 pages. Available on-line at csrc.nist.gov/publications/nis… 800-98_RFID-2007.pdf .

Source: NIST

Explore further: 3-D-printable materials deform to change surface area, enabling curvature rather than rigid folding

add to favorites email to friend print save as pdf

Related Stories

Study 'makes the case' for RFID forensic evidence management

Dec 05, 2014

Radio frequency identification (RFID) tags—devices that can transmit data over short distances to identify objects, animals or people—have become increasingly popular for tracking everything from automobiles being manufactured ...

A look at how your voice is being used to ID you

Oct 13, 2014

Businesses and governments around the world are increasingly turning to voice biometrics, which sometimes are described as voiceprints, to replace passwords and fight fraud. A look at this fast-growing technology:

Fingerprints for freight items

Sep 01, 2014

Security is a top priority in air freight logistics but screening procedures can be very time consuming and costly. Fraunhofer researchers intend to boost efficiency with a new approach to digital logistics, ...

Electromobility as privacy hazard

Jun 03, 2014

Consumers who charge an electric vehicle on a regular basis may leave a data trail. With each charging process, the system saves when and where it took place and which customer paid for it – a privacy risk, says Tilman ...

New algorithm shakes up cryptography

May 16, 2014

Researchers at the Laboratoire Lorrain de Recherches en Informatique et ses Applications (CNRS/Université de Lorraine/Inria) and the Laboratoire d'Informatique de Paris 6 (CNRS/UPMC) have solved one aspect of the discrete ...

Recommended for you

Amputee puts limb system through its paces

1 hour ago

"Amputee Makes History with APL's Modular Prosthetic Limb" is the headline from Johns Hopkins Applied Physics Laboratory, where a team working on prosthetics observed a milestone when a double amputee showed ...

EDAG car with textile skin set for Geneva show

Dec 18, 2014

Making its debut at the Geneva Motor Show 2015 is the EDAG Light Cocoon. This is promoted as a new dimension for lightweight construction, a sportscar with a textile outer skin panel. The EDAG Light Cocoon ...

Stanford aims to bring player pianos back to life

Dec 17, 2014

(AP)—Stanford University wants to unlock the secrets of the player piano, which brought recorded music into living rooms long before there were cassettes, compact discs or iPods.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.