These days we can easily find that Radio Frequency IDentification (RFID) technology is already in our everyday life.
This special kind of tiny chip which has wireless communication, computing and memory capability is widely used in typical RFID applications such as supply chain logistics. It provides business intelligence and efficiency in logistics by combining with information technology such as databases, data mining, and web services.
When we consider the current trends of RFID applications, RFID is moving out of typical RFID applications, that is, the business area. It is now approaching our private everyday life. A good example of this trend is the mobile RFID test-bed service, which was shown to the public at the Busan International Film Festival in 2007. The user can read the RFID code with his or her own RFID reader embedded cellular phone and then access multimedia content or value added services via the existing cellular phone network. This service is meaningful in that the RFID technology has appeared to the public for entertainment services, that is private services not business services.
However there is no magic tool in this world. RFID also has a dark side even though it has a lot of bright sides. This promising technology for realizing the ubiquitous world can be a vicious tool if it is not used in a proper manner. We have also experienced this phenomenon in Internet technology. Internet technology is surely beneficial to everyone, but it is also used for privacy infringement by gathering private information of a certain person in illegal ways and telling collected private information to the public for vicious purposes. To prevent this dark side of the Internet, security and cryptographic technology have evolved over several years. There have been many efforts to provide three principal security services -- confidentiality, integrity and availability -- in the Internet world. For example, to provide the confidentiality of our private information, many researchers have devised the cryptographic techniques to protect our private and valuable information. Such security technologies can make sure that only authorized people can access confidential information.
Regarding to overcome the dark side of RFID technology, we strongly believe that we can find ways to overcome the RFID vulnerability problem and privacy infringement problem. However, applying security and cryptographic technology to the RFID environment is not simple. As I said in the last year's article entitled ETRI Speaks About Five Technical Challenges Face Mainstream RFID Adoption, November 2006, there are several technical obstacles which are mostly due to the resource constrained characteristics of the RFID tag.
More specifically, the tiny RFID tag chips do not have sufficient room to hold existing security technology of the current Internet world. Also, the features of the RFID application are rather different from that of the Internet. It means that the technical community should develop new security and privacy enhancing technologies that are targeted to RFID.
I would like to introduce an effort to make RFID applications to be secure and trustworthy. Of course, this is just one of many activities which are conducted in academia and industry. This is an effort which is jointly being done by the Electronics and Telecommunications Research Institute (ETRI) and the KDC Corporation. They want to make a secure and reliable securities circulation market by applying RFID technology to security. Also, they applied security technology to prevent vulnerability problems in RFID applications. This system is mainly composed of an RFID reader with barcode reading capability, RFID tagged security, forgery detection and protection software, RFID middleware and an RFID Object Information Service (OIS) server. The operation scenario is as follows:
After reading and processing the barcode information on the securities, the reader obtains the password information. The reader reads the user memory data of the RFID tag. In this case, the data, which stands for the security information, was simply encrypted by the password information. It means that the unauthorized RFID reader or the eavesdropper that has no password information can't obtain the secure information. Only the authorized RFID reader obtains the security information by applying the password information to the user memory.
Then the authorized reader can decide whether the security is original or not by comparing the information with the securely stored information in the database.
This is just an example to make secure and trustworthy RFID applications. In these days, there is a fundamental approach to make secure RFID tags. Conventional RFID tags have not so much security or privacy enhancing technology in themselves. Only a kill password or write protection mechanism is provided in these RFID tags.
Therefore, it has limitations to make secure and trustworthy RFID applications.
But the new approach is the introduction of cryptographic techniques to the RFID tag. This cryptographic technique is precisely designed to enhance the privacy protection capability and provide security services for of the RFID tag. This challenging work is being done by ETRI.