Stop Searching.
Start Finding.

IT Management Solutions »

CIO STRATEGY

The Perfect IT Book for the Business?

Parkinson needs a book that explains IT to the business. Got any suggestions?

Supply Chain Management/Logistics

RSA Finds More Security Flaws in RFID

By Jacqueline Emigh
2005-03-23
Article Views: 9231
Article Rating:

/ 1

Table of Contents:

After discovering a flaw in one of Texas Instruments' RFID tags, researchers from RSA Labs and Johns Hopkins University say they plan to continue their testing with exploits against other RFID equipment.

Rate This Article:

Add This Article To:

Digg this

Del.icio.us

Slashdot

Y! My Web

E-mail

Furl

Google

Simpy

Spurl!

PDF Version

RSA Finds More Security Flaws in RFID - ' Page Two '

( Page 2 of 2 )

One of TI's customers, Exxon Mobil Corp., uses the DST-40 tag in its Speedpass electronic payment system.

"We've been over all of this with Exxon, and they don't see any more risk [now] beyond the risk they were at already," Sabetti said.

Ari Juels, RSA's principal research scientist, agreed that customers have a right to try to "strike a balance" between speed, cost, and security.

"But what we're saying is that if you're going to bother to build in encryption at all, you should do it correctly. You shouldn't use a proprietary encryption algorithm," Juels said.

Other companies also make RFID tags for the same general markets. Why did the researchers focus only on TI? "Because TI is the most visible." Juels said.

But TI wasn't being "picked on," he said. "We're also intending to look at a range of [other] RFID systems, [including both] active and passive RFID tags. Various [RFID systems] have various security and privacy weaknesses."

Click here to read about RSA's RFID security services.

For his part, Sabetti took issue with some of the cryptographic researchers' methods and findings.

The DST simulation system used in the attacks "took up the entire back seat of a car," he said. "[The researchers] were unable to produce an emulator which would be considered small or efficient."

Sabetti also said that the RSA and Johns Hopkins researchers had demonstrated the attack for him, and that during the demo, they hadn't been able to intercept information outside of a two-foot range.

"[Two feet] is a bit naïve," Juels said. "That is the nominal read range. Other systems, [with] a gate antenna, might achieve several feet for active scanning. Also, if an attacker waits until someone is [actually] using a Speedpass token, the potential passive eavesdropping range could be 10 feet."

But Juels admitted that the researchers used only "crude" equipment in the attack against TI's 40-bit encryption.

"Our attempt to do this was rather crude and uninformed, [and] cobbled together with some fairly inexpensive equipment. [But] once these systems have been widely deployed, there will be better equipment available. This was only a proof-of-concept [attack]," he said.

test



	>>> More Supply Chain Management/Logistics Articles >>> More By Jacqueline Emigh

Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article

FEATURED SPONSORED VIDEOS

Security and Availability Essentials for Running Your Business in the Cloud

Cyber Security Trends and Challenges for 2012

IPv6 Integration and Migration

View More Videos

Brought to You By

FEATURED SPONSORED ARTICLES

Erasable E-Paper Saves Trees, Cuts Costs

Why Smart Companies Should Adopt the Lessons of Gaming

Interest in Mobile WiFi Hotspots Fuels New Solutions

A Closer Look at Public Cloud Security

View More Articles

Brought to You By

EDITORS' PICKS

8 Dirty Little Tech Secrets

What Would You Sacrifice For A New Smartphone?

Android, iOS More Popular in the Enterprise Than BlackBerry

The CIO Insight 2011 Fall Reading List

We're Going All-In With Apple: Now What?

	LATEST STORIES
	- The 10 Hottest IT Certifications - Make 8 Popular Performance Tools Work for Yo... - CIO Careers: Why You Don't Get What You Want - Ten Enemies of Innovation - Oracle Taleo Buy Targets SAP, Salesforce.com

FEEDBACK

Send your thoughts about CIO Insight, its Web site, and any individual articles to editors@cioinsight-ziffdavisenterprise.com

	Ziff Davis Enterprise RSS Feeds
	Get CIO Insight news delivered to your desktop with RSS.


		Get up and running in as quickly as 30 days with BI. Learn how today. FREE Securing Smartphones & Tablets for Dummies Book from Sophos 77% of the Fortune 500 Manage Content Securely with Box. Leverage your virtual computing environment with Dell. Build an IT Infrastructure That Delivers the Future 5 New Technologies That Will Change Enterprise IT

CIO Insight:	Issue Index \| Contact Us \| About \| Advertise \| Magazine Customer Service \| Site Map
Quick Links:	Enterprise Mobility Zone \| Management Case Studies \| Loyalty Programs \| Term Sheet \| Strategy Maps \| Organizational Behavior \| Net Present Value Calculator \| Link to Us
	Security: Network Security Entprise Networking Infrastructure Security How To: Data IT Security News Cheap Hack Blog Security Watch Blog Storage: Storage Cloud Storage Storage Virtualization Network Access Storage Storage Reviews Data Storage News How To: Storage Storage Station Blog Computing: Apple OSX Linux Systems Windows Vista Managed Print Services Cloud Computing PC Reviews Microsoft Watch Blog Apple Watch Blog Google Watch Blog Communications: VoIP Solutions Wireless Technology Messaging Software Web Services Mobile Applications Wireless News Mobile Reviews Apps & Development: Application Development SAAS Search Engines Database Software Web 2.0 IT Project Management Emerging Tech Blog CIO Insight Blogs CIOs
	Vertical Markets: Federal Government IT Health Care IT Finance IT Mid-Market Channel Partners Careers Blog Value Added Resellers More eWeek Links: Green Computing Tech Knowledge Center Tech Newsletters Tech RSS Feeds White Papers Tech Podcasts Tech Videos Magazine Subscriptions Enterprise Websites: ZDE Home eWeek Baseline Channel Insider CIO Insight eSeminars eWeek Mid-Market Publish Online Web Buyers Guide Developer Websites: Dev Shed DeveloperShed ASP Free MS DevSource SEO Chat Codewalkers Tutorialized Scripts.com Dev Mechanic Dev Articles Web Hosters Dev Hardware Technology Websites: Device Forge Desktop Linux Linux Devices Windows for Devices TechDirect iGrep Search Engine PDF Zone Linux Watch
	Use of this site is governed by our Terms of Use and Privacy Policy Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited. eWeek is your best source for the latest Technology News. ZDE Cluster 6.

Stop Searching. Start Finding.

RSA Finds More Security Flaws in RFID

After discovering a flaw in one of Texas Instruments' RFID tags, researchers from RSA Labs and Johns Hopkins University say they plan to continue their testing with exploits against other RFID equipment.

RSA Finds More Security Flaws in RFID - ' Page Two '

test

Related Content

Stop Searching.
Start Finding.