IT Management - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  IT Management


Homeland Security Officials Refute RFID Reports



 By: Jacqueline Emigh
2005-03-17
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this IT Management story.


Rate This Article:
Poor Best
The DHS is steaming over articles published elsewhere claiming it will use RFID technology in employee ID cards. Like other U.S. federal agencies, the DHS will deploy a different wireless technology, officials told CIO Insight.

U.S. Department of Homeland Security officials have hotly denied reports by some other publications that the agencys upcoming ID cards will use radio-frequency identification. Instead, the DHS will deploy another type of RF technology known as "ISO/IEC 14443," which is soon to be required for all federal employee ID cards—and which carries a far shorter coverage range.

In articles published last week, at least two other publications misidentified the type of wireless technology destined to appear in the DHS upcoming smart cards, according to Larry Orluskie, a DHS spokesperson.

"Those reports are 100 percent false. Under no circumstances will RFID be deployed," said another official, who works closely with the DHS smart card project. In fact, the DHS never even considered RFID, the official said, in an interview with CIO Insight.

"RFID tags are simple things, [similar to] to bar codes, for identifying goods that are moving through lines," he told CIO Insight. "RFID is completely incompatible with [ISO/IEC 14443]."

Last weeks incorrect news accounts raised a furor among some privacy advocates. Privacy groups had filed comments opposing the use of RFID in federal employee ID cards, according to Lee Tien, senior staff attorney at the EFF (Electronic Frontier Foundation.) "We do not like RFID in any kind of ID document," Tien said this week.

But DHS officials also told CIO Insight this week that, as they see it, RFIDs security isnt adequate for use with ID cards, either. "At this point, RFID has no authentication or encryption," said the source deeply familiar with the smart card project. In comparison, the DHSs future card will come with both AES encryption and PKI encryption.

Resource Library:
ISO/IEC 14443, the RF protocol actually being adopted by DHS, is one of the specifications spelled out in PIV FIPS 201, a new standard released at the end of February by NIST (National Institute of Standards), according to Curt Barker of NISTs Information Technology Laboratory.

FIPS 201 was written to carry out HSPD-12, a directive issued by President Bush last August that requires the U.S. Secretary of Commerce to create a federal standard for "secure and reliable" ID cards.

PIV stipulates two technologies—one "contactless" and one "contact"—as interfaces between the smart card and the reader device. Other specified technologies include an ICC (integrated circuit chip) and biometric mechanisms, digital certificates, private keys, and PINs for security.

ISO/IEC 14443, the contactless interface, has a coverage range of only about 5 inches, as opposed to about 50 inches for RFID, Barker said.

How did reporters for the other publications end up scrambling their facts? One of the other publications apparently misquoted a DHS staffer who spoke at a recent wireless conference in Washington, officials said during the interview.

Some people erroneously think that the acronyms "RF" and "RFID" are synonymous, Orluskie theorized. In fact, RFID is just one of many different RF technologies, each with its own "properties," or characteristics.

Even the 14443 protocol has different variants. The DHS will be using the "Type G" ("Government") modulation scheme, whereas credit card companies such as American Express, MasterCard and Visa have endorsed "Type B." A third scheme is called "Type A."

DHS forthcoming employee ID cards will adhere to all the specifications outlined in NISTs PIV FIPS 201 document, CIO Insight was told. But the agency will use the contactless interface only with systems aimed at controlling physical access to facilities.

Instead of sliding the card through a slot, for instance, DHS employees will wave it directly in front of an access control device when they arrive at work in the morning.

The DHS cards will also come with an FIPS 201-compliant "contact" interface, but this will be deployed only for controlling access to computer systems.

Fans of contactless interfaces often claim these interfaces are more cost-effective, since they incur less wear and tear on the cards.

Yet not everyone will be mollified to learn that the government will use wireless technology thats different from RFID in its employee ID cards.

"Im still skeptical," Tien said. "Using authentication and encrypting the data are better than not doing [these things], but the basic vulnerability is RF-broadcasting the data, as opposed to swiping or [using] optical barcodes."

But DHS officials told CIO Insight that the forthcoming smart cards will undergo rigorous security testing by an independent lab before seeing actual implementation at the agency.

Meanwhile, other publications were correct last week in pointing to plans by the DHS to test Bluetooth.

The agency has indeed been looking into a Bluetooth test, CIO Insight was told. Yet if this test does happen, Bluetooth will not be evaluated for access control to computers or buildings, but for connecting PCs to peripheral devices such as PDAs.



  Reader Comments: Homeland Security Officials Refute RFID Reports
>>> Be the FIRST to comment on this article!
 

 
 
>>> More IT Management Articles          >>> More By Jacqueline Emigh
 


x}ks⸶I s{?x' ]$I{VQxblo$aΟ8_N?q]K_<c&sN%ii?HaMȥ=QߣC'T>{cOUQ!QQ2dHMs!@ ;h|McbU3CjwG<|Aშ :':UC.Rc2Z1VecO'cߨ``1\4؀C< tבqG<ajF\!Q#Ѻ!QQ9ijMctD&ǶK+߃*x8݉a/DeO؀I^I"x<&j>wn52 X]jcC20-Դu!$f&]?ZQN+m5Zҽ)/vu߰`Xdq5}9e}shCf-CHS VV\)_(ʑQr7}50PNvh>͛O?w/iR^ί3ćQw[u-U`*.['v}#W/͋v@.{A~A~7"Tb1;ʼnȃ¤t8zju{ %RM7JzaߨPK%_iv$0N-bv\ãH0ƌ^8RAb9n5{ Ҽ5;םVIz͓NyX&Z*iCA11zqsڸyi]57]rFKERj]Bg: 'k*}klxmuH||䎺540R\Hj#IuL}xEd$Yɝr :]^CznyJ ݔUdLDu̎Q5 x}#J >"3E@- uje 0k:V*6kiJ )B:%qW͜5Hr Aa)#8?S%Wi8@r-XSl \N4% 3X U >hq,E[T}N}%N !F\r'FыE9Ԑ>BBp4rY?i^֤vڬ>w ҽn_uϚxHaZ`I). Ƹ@]Է7RG_)@|(/*U9%xQnx2d8,İ0>c}nYs>Y`HgI9G|FG|V{>:AGAti#Ţh _N rӇzvA.~g{ݥn]?'tno'(Ab@#CߘQϩf D#mv=LR}bt9 PhQ0\soL ˂ HˋƠ` VzPC>ڶOܣP} t@=39·;0aǀt4RBjx??k1 !@.$H#}A|t"BђF4  g3cX"M"' [AX+ a| .t@G҅=jPȣiB>ab -x[b|Lg2+Iɤp8\* #n"09X ,gZ X%ּ f>iZXOG4MhЀ%Gn]ռs:,@PC";*O\sGn~tm:VM+}tԸFX~G7n Sc8%ŵB P=6`4(KtP:%t-b[9A7ÚLGQ+og7 =5p ؇eUW3y>epG6 o   hB=Us 'A|5i!S'Xe on<Ey5Cuu.F(hJ 518 FL莺Q\Oō8|ЊOW}?ٲZdY6(V7v/KP8߯LR[k܁ RLZԵ1 E$$Y `}έeKaHīd- W6Ϟc7l`(`R59JȄiMJKx[2 ʸA:`ADLl5I)թ{b;4]$_.Iq{LumO>Y`˟(f!lgj{JkX$ M-=̄:X[  ~{2.|Nl+a@m_b8], ua[K gcpl`/R3&ğ3m[y /F_Q?{2,exY΀5mIemӴ'j1[ }Zj\.d7!Pw=> %4 ıμL׽\QaX8h]t>=F 20\ mG&R)Ö13{`binFǙmOL*IH嗠|NQ1OkMf٣;OgΨϐ0ցq_HE1y[pp BxU)L,:r-[ Hg [Qzo3Czo@zeyK& Ksݧ]=1g *1|oCz2K\\> Q^-JPs{1)'@S(f<a}{<ڗE_֙:ozٰoQӯJOo(gn&qgשEXTXe1_0a1dxTf(BY|K ZiA7 {#Mᗬ{  "gԆ jg7j@V_g,4r bK@s hj_RwU# tT# 7)X]QiRsnP9o_Q4ʧK@x(Aܚ:z, H0xV3hXa6UU)U9}6FW7k%|h#RF2<"꣗8l`S>;dV~CK)!nΚ 7&7/=/tӛiGYrzl2E8z.0do퀁ЙY"7Cj0m95b~0066,Z` |;r_"}k`kwɛ(*Cq3`3"mLt##U*Z(lZ>lwB'fwf*1㦧RPe@V^Aұg /sO}1]]894p>JkhG2gd^rHUm{\ cԡw6]f#>?/$RQr˕5΀$Ox/Eۺ;)ex4D*CuY3qŏ[oȧe6PE#IzȕO?FTIƙb^ 5`RT}'04F##uL>j ]B$r]76_.RR(^PX9H(P Yz>Gɷw>҄[X#aV*{S7/^&R@$ |C D;}Z.Wd7&3 99n>A++b@/IlS.:;l4Dޏ.mﻛVw~Hrۧ>m_e!i_;(h]5x#xx\#;RuvuȒu8*DE N8>m6SB& ˓8-q^Oeqj ieʒ~(i'ۡ ۓ^ׯG8 (Mk|wisy/PuysIyp4*i%(5^~(AB|Hy0Jg+y-.E\}+ qN48=Na.O Z{GNJ$2KHfD1ub;2x;xZ1?ݮpne9xjo{t =z{Oj]!3}A&X>~h=7 tY 7XpgMb[{oAĆ%,B("Ξefk;cݮ,K"sÑ= !6jH9arJs $ނ.3QG>l 2'|4KO$hnVw/ƭ/ZUYfc;r'c Ǿ~/ٻ|Zw[q*A5sC<-R#ۋ1M$$ZVk@**s攤d£ȄWN HFb;K0dƛ'q=+֐#CՇ}g~y!F.U?1sTxBo~]ϸ"]b*w}o}VZtCqWG ƪx/*)F%;2FE*'%:#ڮ/=اȿ LĬp|{21h띣F ?ƘU'|Ȟc4ىEk.z}X3?zԯk @[˰=DΙ x <v<.߭[ B;DJ4RUCfMk5ì§ ,'i?qVԱQ*o_O6oNւc3Ocp௥­* ZR  \鿣i{\naA ^f> \"s(ĶKCƣ3ÂUi[CYrϥWjNbߛRR%Θ{Ut! ^*ܯ }`0_x2<8mI0&CϨ cۯ ?zUOtȡba_xӶlP |QOM}8X(a6TZR© t՞rAN7r͎^OYcx"])ʤ6;eԡcXIV>;{^1'6cWCË#RCd.#JٛDV]R{ $%'q)T=*"g ⥺1l!~ҩz>;Au}$wmRPY.X=*@u)lCh<3-cot4 ?/1< '%7V 3iIn=ltāp@@!DP< Kk;]Ƀ}y9y9y9y9߸TɗKo˹&݅,]!(}4.VOС 0ڪ7IqJ,1P&C apHUC@.0dQ׶N5,PE#a(x3 DE&~C}l|G*s]l84Fjَ*tj4%?^qӶyg1['R@!c$MhBo{柏0Lو={kY`?'u} C]پ􏹇-qi" ^[7`D'!\p&3!`v"VbLK"E#Ϟ=cbMs]ed12 _~ͨo34'i6?Q?ud RzDaܔZKEj\\okmg I@p%EZ4n7z߂)au q?GmuK{[ Zoɐ;vZKMկz¬kf`8r[B *eoB/ &V?wV [&ޘbxKBDpΡ&k0Zݘpxm&]$5?h۾ea+mL ն-1O_ŋ4b{Ww@VE6,ҙ}GWO+eYX -}-ccVƝ4!]& d$`j6_fؐ+h%"Q0Me 8cY[s@w)cb M|&d, >46F(3_5/y)j闶UȱK}R1ɼ xjpO&} K\ɊbVd=-Dw߁\<@"˜nRkIk0{C_4.Ne£Ej+(So\k_AG-'ˤhgϡ6?9:ͨ$$}d:[4xqYݠ) 0.$,S 8aտG)4A;LotowUb䭽cUd?߾ o!?3^pM)((CZPZi’KMd]Ish0V55x+!CVb9>#Ÿ R".+>Bl?QXѡ2=S_7`L7Wd \sb619\P>sjpVR*z~r[ZJ,w!Ydo={?5|ֈ0PtL'f\PƂ+ T59Ĥ o~Űt@mN yM13цX50yf|6Gav7% 7cXz9Zf|[2ϖaˡWǪEcjɱb~<k q@J&/{ޝ j_$|rfs+8eGtflG&nU PH 3E h<#Ժ3\ۊ^t8|y{Ω-Fʒ2?+L6mAUK1ַg%9ڥ]b 7 bd .ȹn閡QwAx]c_b~mz.9XF6يړbM\ѡ'7}vtbh)6q.?_"ƘN(<Ļ7(W' !n%iVmI| . kp>aHwwןq+$W|V7>2Kl1Ghb#3"›|0\'&z.U{.zxX2p嵁Dp@Xȝd 죃Lw$=<|tH ]XW 3qn KsˮmOMA{"H_|9@G)׼9D#ڼԹ*%aU 1 h0*gj58U K䘌 2@: xE?]nq79m614BX\Ac]xl3ۈ$ip1O54L#|uZ:e1n]36Faŷn(l8*wxc.l|׺KG%RX"t]\P"@J>S|??~TJDmn$a:s Qj0"([]ă0>]3ȯOqW'Jg:@ 3Tf o9:@Lg>򽉁z:ǂ؍)s)aR;86/@<P, 4'6&U w1ABx`3W VjI)OӾ:C KXU;]} ӺYT^F"uӘ\I LN] / PHZ WyG`zfrMu붿닯!uri6IqӺWyѾQ֚_,'ԝvIiyi]25~F;&6/MƋBy<2 W&Sr?Ԛpi.$ "cIw]$;顱</ۄȖ$ZG0%lyї51دFؼW?&z Fj؊jm9Gj:ٙEφ)nF]۫Jc>T3%.Mp4ħEGWL-0[EEJ'(R3Rށ:Pj= rL)?姀AR?o.?oej嘋)l,RUJ9OLS7+\~/R]%2e2 >2\/S yB@)i7 aqʍz^S_xڜ醹p-%])nX_+G{1:,y&21hpVydc| bye?Sbw;]Cܤ\z.!{] r-Xѧ\~5_9x=UMDt9QUb>8O1\{#LzyM˫%KR1swa7w@az@.e*R&=f`R)KE QP%h[vbo#-ˡN!3pC&܊#DK(x.x5* ۼxTwc;7 5@>(Lo 7X - + CӞ{}[m1fhӐCKF؊%Dİ?l|vQE2ܗ>MqgQDGw ` z=y<85,JN)a Lw5r;ܗHτ[WɨCSR%M LvM8DC,jד=70aŐckCMHn_!-x'CIDErdy;Kdc%XǬ[Ddaw.f]C/~me(0z."&a|e @ VOjYcŝ1%7._Tdk?E<&W̸6% >Q‘[[?YBشS&OzFd}#Oaqq%f~0Sco =kO<ވ'8s nztϵڹ X[ݨ3K~xR n< cW32&?gITC]~k<#FOb\װnBaIgLa->meG 6{N obx{Tvbc94ɈG㽄$ A[0HW@۾~rhݙrY\tEeבe$&J1wj=Sn8zEc¨\ Bs j$ |m'n]3Q:SBݺ&]ۜ X?57L=j'>A/2M+Йa)x߃AR~h]qzF߭Uh#qM &Ap&5b8gKCJ'ҠwԴL类ä$Vm.V =n@UVAxԴ&x D~ElC `AR]م)n9ivasB!ePީ/%_vܥ11L1p$qdZ_e[a O2/C2C 3 ؆;q^'͠K(0+ i%/$u`'~,3V[CA:`0_@&s ܀}oDI WwxR}r87I 965-  `zmFx@&iV٫H\*,f1 ΋?Fύ&9qSg _((u@Eqg˫@xGmm<"^<:zqGׂ]Q籺Fa|`t-k^Fږ!gXiWJpC)tOK˰BNx on_X ( L{MN8삢u6nDOcU\3|7tZЎ%6a]`^8qe Q3|Jj胃IȽkz^4dGj0LtK d[\օu&k9/cY4~6 99.@ꋫ$ASP_Xћ],?I"'\%ƕ)zXqɩ8To~^4W=7ByھICRIPw[Xyp(z'c+FRqOT|l/ڝ, L}xK':W )h"/-(ZNh&A0|uh]+=={Tv r9F˳}`bhP4cTUVFvŶ3&HZW'%_muohl٦4*i29Z{)q-֫BmTɱ|Y#|Y;6Nv6ȄM b7F;a1Բ  +