[LINK] RFID Blocker from RSA

Roger Clarke Roger.Clarke at xamax.com.au
Tue Apr 6 16:53:54 EST 2004 

A good article from Karen Dearne in the Oz, copy at bottom.

The key bits:

"RSA Security has unveiled a prototype Blocker Tag that effectively 
"spams" any scanner that attempts to read RFID tags without the right 
authorisations.

[Sounds like a circumvention device to me  (:-)} ]

"RSA's patent-pending Blocker Tag works by "shielding" chips within 
close proximity, but the blocker does not interfere with normal RFID.

"Blockers can't be used to circumvent theft-control systems or to 
mount denial-of-service attacks," Kaliski says. "Instead, they work 
by creating a hostile environment for scanners that are not 
authorised to read information from legitimately purchased items."
__________________________________________________________________________


  Blocker tag protection from RFID
The Australian IT Section
Karen Dearne
APRIL 06, 2004
http://australianit.news.com.au/articles/0,7204,9197418%5E15321%5E%5Enbv%5E15306,00.html

PERSONALLY-controlled blocker tags may offer a technical solution to 
unwanted consumer tracking by radio-frequency ID chips as retail 
stores begin to adopt (RFID) for inventory and anti-theft purposes.

RSA Security has unveiled a prototype Blocker Tag that effectively 
"spams" any scanner that attempts to read RFID tags without the right 
authorisations.

[Sounds like a circumvention device it me  (:-)} ]

RFID tags -- essentially a microchip on an antenna that transmits 
data via radio over short distances -- are widely seen as a 
next-generation form of barcode that will slash costs through new 
efficiencies within commercial supply chains.

To date, RFID has mainly been used within warehouses, but the 
prospect of fine-grain control over every single item in every single 
store is driving retail interest.

But consumer and privacy groups warn that the unique serial number 
transmitted by each RFID tag could be used to surreptitiously track 
people or goods. They fear shoppers may unwittingly broadcast 
information about their purchases and even the brands of clothing 
they are wearing as they shop.

Scanned data also could be linked to other customer information to 
create detailed marketing profiles, or to credit card payment records.

At the very least, customers risk inadvertent exposures of private 
information if sensitive purchases, such as medication, are 
intercepted.

"In a naive, RFID-enabled world, there's a risk that sensitive 
information will be secretly visible to anyone with a suitable 
scanner," says Burt Kaliski, chief scientist of RSA Laboratories, 
RSA's research arm.

"The privacy threats posed by RFID in retail environments have 
already triggered a consumer outcry.

"But RFID also introduces risks for businesses -- a whole new 
dimension to corporate espionage, for example."

RSA Labs chose the pharmacy scenario to demonstrate its prototype 
blocker at RSA Conference 2004 in San Francisco recently. Kaliski 
says the idea is that people should be able to "enforce" their 
privacy by blocking unauthorised scanning.

RSA's patent-pending Blocker Tag works by "shielding" chips within 
close proximity, but the blocker does not interfere with normal RFID.

"Blockers can't be used to circumvent theft-control systems or to 
mount denial-of-service attacks," Kaliski says. "Instead, they work 
by creating a hostile environment for scanners that are not 
authorised to read information from legitimately purchased items."

The Blocker Tag is just one of a range of new RFID privacy 
technologies being developed by RSA, which is also involved in 
international RFID standardisation efforts.

This work is important, Kaliski says, because RFID technologies will 
struggle for acceptance until the security challenges are resolved.

"Whereas retailers think about tracking inventory, consumers worry 
about what happens when RFIDs leave the store," he says.

"We believe consumers ought to know where RFID tags are and for what 
purpose, and to that extent labelling and disclosure efforts are a 
good a thing."

Karen Dearne attended RSA Conference 2004 as a guest of RSA Security Australia.

-- 
Roger Clarke              http://www.anu.edu.au/people/Roger.Clarke/
			            
Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                 Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au            http://www.xamax.com.au/

Visiting Professor in the eCommerce Program, University of Hong Kong
Visiting Professor in the Baker Cyberspace Law & Policy Centre, U.N.S.W
Visiting Fellow in Computer Science, Australian National University

More information about the Link mailing list