Home > Information Security Magazine > Features > Mixed Signals
EMAIL THIS LICENSING & REPRINTS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Mixed Signals
by Mark Baard
Issue: Jan 2007
printer-friendly
licensing & reprints
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >

Gen 2 vs. Gen 3
By the time the Auto-ID Center at MIT released EPC Generation 1 (and set up the EPCglobal standards body), many in the RFID industry were already talking about Generation 2. Perhaps that's one reason co-founder Kevin Ashton is confident that he will rally technologists and EPCglobal board members, including Sanjay Sarma, to his proposed EPC Generation 3 standard.

EPC Gen 2 does more to improve on privacy than security, says Ashton. EPC Gen 2 includes a kill command, for example, with a 32-bit tag-specific password that most cryptographers agree can be picked up via a side channel attack.

EPC Gen 3 tags might include stored encrypted serial numbers and tag-and-reader authentication. Such measures would foil would-be tag counterfeiters and operators of rogue reader devices.

--MARK BAARD

Turbulent Debate
Once again, Ashton, a former brand manager for Proctor & Gamble, has his critics. But this time, the ACLU and end-time Christians are not among them. Rather, it is Ashton's RFID industry colleagues who are objecting to the EPC Gen 3 proposal, which he and his ThingMagic co-workers made in a recent EPC security whitepaper (http://thingmagic.com/ html/pdf/generation%202%20-%20security.pdf). (See "Gen 2 vs. Gen 3")

"P&G is wholly satisfied with Gen 2, and discussion about the evolution of Gen 3 at this time is misplaced and premature," P&G spokesman Paul Fox wrote in an email. Fox called the threats to most RFID deployments "theoretical."

Other retailers and their suppliers, at least for the moment, apparently consider the security provided by EPC Gen 2 tags to be adequate for their needs.

"So far, we did not experience any problems with hacks or comparable attacks," says Christian Maas, spokesman for European retailer Metro AG, also via email. "We are applying EPC Gen 2 standard in our logistical processes, which is secured in several ways, for instance, random number masking."

Random number masking is an EPC Gen 2 feature that adds a random number to a tag's ID to deter eavesdropping, and requires the tag and reader to exchange a digital handshake before they can exchange any data. The aim is to lock a tag so that only an authorized interrogator can write any data to it. But Ashton and others feel the random number masking is ineffective against a side-channel attack because the number is not encrypted.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts