U.Va. Team Receives $1 Million Grant To Improve RFID Security

January 9, 2009 — The National Science Foundation has awarded a team of University of Virginia engineers $1 million to improve the privacy and security of RFID chips, computer chips the size of a grain of sand that wirelessly send and receive information over short distances (generally 10 feet or less) via very low-power radio waves.

One common RFID use: the remote car-locking systems that dangle from millions of keychains all over the world.

Billions of RFID chips are already in use in a variety of applications, explained the research team's leader, David Evans, an associate professor of computer science in U.Va.'s School of Engineering and Applied Science.

Many are used to effectively replace the ubiquitous bar codes that currently identify all our products. Wireless readers of the RFIDs eliminate the need for manually scanning barcodes, providing great advantages for inventory management. Major users include Wal-Mart and the U.S. military.

RFID chips are also increasingly being used in more sophisticated applications. They provide the wireless magic behind touchless "smartcards" being used for more and more things, from touchless credit and debit cards, to building access keycards and reusable farecards for public transit systems. RFIDs are also being used in wearable and implantable medical devices, to transmit patient data for remote monitoring, said fellow researcher John Lach, an associate professor of electrical and computer engineering who has done pioneering research in the field.

Use of RFIDs for patient monitoring is a trend expected to increase in the future, Lach said, as Baby Boomers age and the rising costs of health care prompt a new emphasis on "aging in place" — allowing the elderly to remain independent while also having their health effectively monitored.

The wireless nature of RFIDs gives them myriad potential uses, but also raises security and privacy concerns. For instance, many already-implanted medical RFIDs have no security measures, Lach noted, prompting a recent outcry that an unprotected pacemaker or insulin delivery system could be tampered with externally.

More expensive RFID chips (costing more than 50 cents apiece) have enough resources (memory space and power) to allow standard encryption schemes that provide good security.

But less expensive and lower powered chips — the ones that are and will be used most widely — do not have the capacity to allow standard encryption schemes. Such chips either include no security measures or use custom cryptography, which has repeatedly proven to be a weak defense. As one example among many, U.Va. researcher Karsten Nohl and two collaborators have demonstrated how easy it is to break the proprietary encryption used in the MiFare Classic, the world's most popular smartcard RFID chip with more than a billion sold worldwide, according to its maker.

To address the problematic use of custom cryptography, the U.Va. research team will develop an encryption scheme that is relatively strong — providing some measure of privacy and security — but that can be implemented at almost zero cost by repurposing the meager hardware resources already available on common RFID tags. Providing a solution that adds virtually no cost is crucial, because these RFIDs are made by the billions, at such low costs (5 cents or less apiece) that there is no margin for any added expense.

"The ultimate goal is to make the cost as close to zero as possible," Evans said.

The new design will be published, allowing rapid and inexpensive adoption by RFID makers. "At least from a cost side, there will no longer be an excuse not to have security and privacy," added Nohl, whose 2008 doctoral thesis on RFID security is providing a foundation for some of the newly funded research.

The team is breaking new ground by using a holistic design approach that considers how all the various levels of the design — the hardware, the encryption algorithm and how it is used — work together, mindful of how an attacker will target the single weakest link in the design.

"This is really the justification for breaking systems," Evans said. "By using a big-picture approach to zero in on the most vulnerable aspects of the system, you learn how to design better systems."

The other members of the research team are Ben Calhoun, an assistant professor in electrical and computer engineering and an expert in low-power circuit design, and Abhi Shelat, an assistant professor of computer science specializing in cryptography.

RFIDs are poised to offer many cool functions and capabilities in the future. For instance, a refrigerator could read the RFIDs that identify the foods within it, and then offer a recipe suggestion to make use of what's on hand, Nohl said.

But RFID capabilities are already raising serious privacy and security concerns among consumers and the public. If the information on an RFID is not encrypted (or poorly encrypted), it can be read by anyone with an inexpensive RFID reader device.

In an activity called "skimming," a thief can simply walk by you or hang out in a crowded location and potentially steal monetary value from your smartcard, or copy your keycard for building access.

Consumer profilers could take a digital snapshot of everything in your shopping cart or backpack, possibly using it to target advertising or enable price discrimination, and could track your movements by reading the tags on the items you carry.

To avoid such pitfalls, proposed legislation in Europe would require that all RFIDs are disabled at any point of retail sale.

"It would be sad if, as a result of the discussion around RFID privacy, the decision is made to just disable them all," Nohl said. This would eliminate many potential benefits of RFIDs, and would not solve the privacy and security problems for applications like library books, subway farecards and medical devices, where the RFID needs to keep working.

The research team hopes their research will forestall that possibility, enabling RFIDs to be used in countless ingenious applications not yet dreamt of, without sacrificing privacy and security in a Faustian bargain.

— By Brevy Cannon