Radio frequency identification has been touted as a time- and money-saving solution for a wide variety of organizations, especially retailers and distributors who need to keep close tabs on their inventories. A typical system comprises any number of tiny RFID tags about the size of a postage stamp and a handful of readers. The tags are normally unpowered microchips that contain identifying data about whatever item theyre attached to, such as a case of soda or a pallet of paper towels.
When queried by a reader, a tag sends the data to the reader using radio waves; the transmission is completely in the clear and the system has no inherent security. Further, any given reader can read just about any RFID tag, no matter who owns it. This can create security nightmares for companies worried about the privacy and integrity of their data.
"Most RFID pilots have no security at all," said Dan Bailey, RFID architect at RSA Laboratories, part of RSA in Bedford, Mass. "Its almost like the early days of cell phones where no one paid any attention to security. The system is all fine and good if you trust the reader, but if not, you have problems. People just havent thought about this stuff."
The new offering from RSA Professional Services will begin with an assessment of a customers RFID implementation or deployment plans to find security risks and the effect of an exploitation of those problems. The service also includes an audit to see whether the implementation is meeting the security goals of the organization as a whole.
RSA has had discussions with several large systems integrators about working together on the new offering and is also working with groups inside of EPCglobal Inc., an RFID standards body.
RSA has been working on RFID security for some time, and has developed a technology known as the blocker tag that can jam readers and prevent them from querying specific tags. This can be useful for companies worried about competitors reading their data or for consumers who dont want retailers recording whats in their shopping bags.
The new service is available now.