New RFID protocols for hack-proofing devices soon
Singapore, Jan 1 (IANS) The threat of breaching the Radio-Frequency Identification (RFID) tags that help automated identification of your mobile phone, passport, credit cards, access passes and others could soon be mitigated, thanks to the new security features researchers are developing.
To better safeguard the everyday technologies of RFID, researchers in Singapore are designing and testing new RFID protocols with enhanced security features.
"A security breach in RFID applications would leak valuable information about physical objects to unauthorised parties," Li Yingjiu, Associate Professor at Singapore Management University said in an official statement.
Many industries, like pharmaceutical companies, use the RFID technology to track inventory and manage supply chains.
"Because RFID tags work by broadcasting information to electronic RFID readers, security breaches can occur if hackers eavesdrop on this conversation, and manage to gain access to or tamper with information," the study noted.
The researchers say that such an attack, in the context of supply chain management, for example, would mean industrial espionage and the hacker may obtain sensitive information about inventory levels, trading volumes, trading partners and even business plans.
To tackle such a potential threat, researchers are employing strategies that include making the protocol's output unpredictable, making two tags indistinguishable to the hacker and preventing them from obtaining useful information even if they manage to interact with the tags.
"In addition, there are many instances where sharing of RFID information -- between suppliers and retailers, for example, or between various components of an Internet of Things -- would have obvious benefits," noted Li.
"But without appropriate security controls, however, most companies would be reluctant to make valuable data readily available," he added.
Researchers are also designing improved access control mechanisms that protect RFID information when it is shared on the internet.
The researchers said that one of the data security field's biggest challenges is the widening gap between academia and industry.
"The future of data security, in my vision, is how to narrow the gap and bridge the two communities, which have completely different incentives and evaluation criteria," Li said.
Li and his recently reported Android framework vulnerabilities and potential attacks to Google who acknowledged its findings in its security bulletins.
Also, to give data owners a better control over who can access their data, the researchers are working to develop new solutions for attribute-based encryption.