• Home
• Topics
• Enterprise Identity and Access Management
• User Authentication Services
• Two-Factor and Multifactor Authentication Strategies
• What is the purpose of RFID identification?

What is the purpose of RFID identification?

Requires Free Membership to View

Login



SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

Michael S. Mimoso, Editorial Director

• E-mail Address: 

By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

RFID stands for radio frequency identification. RFID tags emit radio signals and are usually embedded in things like credit cards, passports, merchandise, or even livestock. The tag resembles a smart card when embedded in a card and may carry the same data as a smart card, but smart cards need to be swiped by a reader and don't transmit radio signals.

RFID is a fantastic technology for businesses, particularly warehousing, retail and livestock. RFID tags can be attached to merchandise in a warehouse so that employees can automatically conduct inventories with handheld readers that send data to the company's servers or databases. Users don't have to go back to a terminal to enter data manually.

The fundamental security problem of RFID is the same as that of any wireless device. It transmits data out in the open where it can be easily sniffed, captured or stolen. Thus, an attacker doesn't even have to find a network or cable for attaching a sniffer. All he or she needs is a laptop with an antenna and a wireless hookup outside the place the device is transmitting, and he or she could obtain confidential customer information leading to financial loss or identity theft.

Security guru Bruce Schneier has long been a vocal critic of the recent move by the State Department to put RFID chips in U.S. passports. He has cited the feats of security researchers in the UK who were able to steal data with simple home-built readers with parts costing under $100.

Also, RFID chips can only hold a limited number of encryption keys, which makes them more vulnerable to cracking.

In answer to the question about access controls, RFID chips, like those in smart cards, come in two varieties: programmable and fixed. Programmable chips are at higher risk, since they can be manipulated for malicious purposes, whereas pre-programmed chips aren't as susceptible.

RFID technology is still developing and maturing. To be more secure, all radio signals need to be encrypted and shielded, so they can't be read without authorization. Chips also need to be designed to carry stronger encryption keys.

RFID technology isn't going away, as evidenced by the stringent requrements Wal-Mart Stores Inc. has put in place for its suppliers. But a thorough analysis of the IT security risks should always be conducted before any implementation.

More information:

• Learn about the possible benefits of microchip implants and RFID tags for remote employees.
• Looking for more information on securing micrichip implants and RFID tags? Read this expert response.

Dig Deeper

This was first published in March 2008

More from Related TechTarget Sites

• Cloud Security
• Security Channel
• SMB Security
• Financial Security
• Security UK
• Security AU
• Security IN

• Cloud Security

  • Cloud DLP: Understanding how DLP works in virtual, cloud environments

    Applying DLP technology to virtual machines can enable cloud computing with enhanced security and compliance.

  • Leveraging Microsoft Azure security features for PaaS security

    Organizations can boost PaaS security late in the game by implementing these stopgap measures.

  • Quiz: Understanding cloud-specific security technologies

    Think you understand cloud-specific security technologies as well as expert Joseph Granneman does? Test your knowledge with this quiz.

• Security Channel

  • Biometric authentication methods: Comparing smartphone biometrics

    Biometric authentication helps ensure only authorized smartphone users can access a network. David Jacobs weighs the pros and cons of three methods.

  • F5 Vault program embraces incentives for F5 firewall, security sales

    The Vault partner program uses incentives to increase visibility for F5 firewalls and its architecture bundle.

  • Using DMARC to improve DKIM and SPF email antispam effectiveness

    DMARC aids the DKIM and SPF protocols that help keep spam out and let legitimate emails in. David Jacobs explains how.

• searchMidmarketSecurity

  • Windows Phone 7 security: Assessing WP7 security features

    Windows Phone 7 security features are proving to be a mixed bag. Sam Cattle assesses the enterprise security pros and cons of the latest Windows mobile platform.

  • Choosing the best security certifications for your career

    Whether starting your career or planning your next step as an IT security professional, this tip will guide you toward the best certifications for your interests and experience.

  • Midmarket security tutorials

    SearchMidmarketSecurity.com’s tutorials offer IT professionals in-depth lessons and technical advice on the hottest topics in the midmarket IT security industry. Through our tutorials we seek to provide site members with the foundational knowledge needed to deal with the increasingly challenging job of keeping their organizations secure.

• searchFinancialSecurity

  • Microsoft attempts legal action to disrupt some Zeus botnets

    Legal and technical actions could disrupt some Zeus botnet operations by seizing command-and-control servers in Pennsylvania and Illinois.

  • More than hype: Security big data helps bank to boost security program

    At RSA Conference 2012, Zions Bancorporation detailed how it harvested security big data using a Hadoop-based security data warehouse.

  • Web application threats: What you really need to know

    In this special presentation, Mike Rothman details today's top Web application threats and pragmatic methods to integrate security into the Web application development process.

• Security UK

  • File upload security best practices: Block a malicious file upload

    Do your Web app users upload files to your servers? Find out the dangers of malicious file uploads and learn six steps to stop file-upload attacks.

  • MDM, security vendors scramble to address BYOD security issues

    Organisations are looking beyond NAC and MDM to resolve BYOD security issues; MDM, security and hybrid vendors are responding with new products.

  • ICO fines Welsh health board £70,000 for patient record loss

    For the first time, the ICO fines an NHS organisation for sending patient data to the wrong person.

• searchSecurityAU

  • Leveraging Microsoft Azure security features for PaaS security

    Organisations can boost PaaS security late in the game by implementing these stopgap measures.

  • With mobile payments, security teams must move quickly

    As employees make payments on their mobile devices, the security team must act quickly to ensure corporate assets remain secure.

  • PCI virtualization compliance still a challenge

    No black and white when it comes to PCI compliance in virtualized environments, experts say.

• Information Security

  • Information security budgets: Five steps to obtain management buy-in

    Getting management to approve security budgets is difficult. Here are guidelines to help you prepare and present information security budgets effectively.

  • Maltego tutorial - Part 1: Information gathering

    Maltego is a powerful OSINT information gathering tool. Our Maltego tutorial teaches you how to use Maltego for personal reconnaissance of a target.

  • Android security model doing best to enable mobile malware spread

    At Information Security Decisions 2012, Dan Guido put the mobile malware focus on the Android security model and Google’s mobile app vetting process.

• About us
• Contact us
• Site index
• Privacy policy
• Advertisers
• Business partners
• Events
• Media kit
• TechTarget corporate site
• Reprints
• Site map