RFID and Security

September 24th.

Abstract

Radio Frequency Identification (RFID) is a technology that can identify objects or people without physical or visual contact. The acronym RFID lies in fact several technologies that have very different characteristics. The classification can be done according to the communication mode (active, passive, battery-assisted), frequencies (LF, HF, UHF, SHF) or the secure exchange between RFID tags (also called contactless smartcards depending on the application) and interrogators. These classifications give different performances in terms of cost, read range, security and memory capacities.
If security is rather requested for applications dealing with sensitive personal data (access badges, contactless payment, passport, etc.), many industrial sectors imagine the use of "low cost" RFID technology to authenticate objects (anti-counterfeiting in the field of luxury, aerospace, automotive, etc..). The EPC standard (Electronic Product Code) proposed by GS1, historically reserved for logistic applications and often seen as a natural extension of barcode, now offers more advanced features such as authentication or secure access to different memory locations. RFID operators have now to face the problem of privacy of individuals who are increasingly surrounded by this type of RFID tag.
The presentation will provide an opportunity to take on different RFID technologies with a particular focus on possible levels of security. An analysis of major possible "attacks" on a RFID system will also be made and available countermeasures will be presented. Finally, we will get back to privacy issues through concrete examples and we will present the future European standard providing a method of privacy impact assessment.

Graduated from ISEN-Lille in 1991, Claude Tételin received his PhD from University of Lille in France in 1996. Professor of telecommunications at ISEN-Toulon, a Higher Institute of Electronics and Digital Communications (school of engineers) since 1996. Since December 2008, he is the chief technical officer of the French RFID National Centre. Its main tasks are the definition of the most appropriate RFID technology with regards to industrial and organizational constraints of RFID end-users, the deployment of international standards for developing applications in open loop (he is the president of the French National Committee mirror ISO / IEC/JTC1/SC31 and publisher of international standards ISO / IEC 18047-6 compliance for UHF RFID systems and performance 18046-3 RFID tags), and the establishment of trust relationships between industrial and laboratories for the development of conformance and performance testing. He is also responsible at European level for drafting standards for analysis of the impact of RFID applications on privacy.