As RFID use grows so do concerns about authentication and encryption to protect sensitive information. The primary issues are the low power consumption and related processing power of wireless RFID sensor nodes.
Cryptographic algorithms are typically designed to run on high performance systems (32 or 64 bit processors). This is quite a difference from the 4 or 8 bit processors used in RFID solutions. Further, power not used by the processor is needed for the RF transceiver embedded in the sensor. If the length or number of messages exchanged between the tag and the sensor increases, additional scarce power will be consumed. Finally, as authentication/encryption processing power needs increase, there is less power available for the intended function of the device.
Kaps, Gaubatz, and Sunar wrote in the February 2007 issue of Computer that wireless sensor “Hardware developed specifically for radios combines a low data rate, low power consumption, and the ability to interface directly with low-power controllers” (“Cryptography on a Speck of Dust”, p. 38). With these constraints, is it even possible to provide adequate security for RFID networks? The answer is maybe.
On March 12, 2007, SecureRF announced the pending publication of their method of providing authentication and encryption on RFID devices. The details of how the new technology works appears in a peer-reviewed article (“Key Agreement, The Algebraic Eraser and Lightweight Cryptography”) in Volume 418 of the American Mathematical Society’s Contemporary Mathematics series.
According to SecureRF, the technology behind their authentication/encryption solution is the Algebraic Eraser. The Algebraic Eraser supports public and private key protocols on passive, passive/active, and active RFID tags. It does this using a revolutionary approach that increases processing requirements as the size of the key increases. This provides for the possibility of high-speed, low-power encryption.
SecureRF’s first secure RFID tag, the LIME Tag, will be released in March 2007. The new tag is EPCglobal Gen 2 compliant. It remains to be seen how this might affect the security of future wireless RFID networks.
Tom is a security researcher for the InfoSec Institute and an IT professional with over 30 years of experience. He has written three books, Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide (to be published in Q1/2013). Before joining the private sector, he served 10 years in the United States Army Military Police with four years as a military police investigator. He has an MBA and CISSP certification. He is also an online instructor for the University of Phoenix.