Recommendation to Overcome RFID Security Risk - NIST - Department of Commerce

As already have been issued for several years, current radio frequency identification (RFID) technology and its implementation has some possible security holes to be exploited. Manufacturers, retailers, federal agencies, hospitals and other organizations planning to use RFID technology to improve their operations should evaluate the possible security and privacy issues.

RFID tags (transponders) and readers/writers, transmit identifying information via radio signals. Unlike bar coding systems, RFID devices can communicate without requiring a line of sight and over longer distances for faster batch processing of inventory. As RFID devices are deployed in more sophisticated applications, concerns have been raised about protecting such systems against eavesdropping and unauthorized uses.

National Institute of Standards and Technology (NIST) of Department of Commerce, released the guidelines for better RFID security. NIST report give organizations practical checklists and specific recommendations to overcome potential RFID security risks.

NIST publication focuses on RFID applications for asset management, matching, supply chain control and tracking. Here are some points of the recommendations:

• encryption of radio signals when feasible;
• firewalls that separate RFID databases from an organization’s other databases and information technology (IT) systems;
• authentication of approved users of RFID systems;
• audit procedures,
• logging and time stamping to help in detecting security breaches;
• shielding RFID tags or tag reading areas with metal screens or films to prevent unauthorized access;
• tag disposal and recycling procedures that permanently disable or destroy sensitive data.

You can read full report at NIST Issues Guidelines for Ensuring RFID Security [PDF]