ArticlePDF Available

RFID implants: Opportunities and challenges for identifying people

Article

RFID implants: Opportunities and challenges for identifying people

Abstract

Information and communication technologies (ICT), in general, and the Internet, in particular, have to a digitalization information and to "always-on" remotely accessible services. To ensure that these services are accessed with appropriate levels of security and privacy, the need for the identification and authentication (I&A) of individuals has increased. For most applications, the I&A process is the first line of defense, which aims to prevent unauthorized access to computer systems. Identification is the means by which a user provides a claimed identity to the system, while authentication relates to the verification of that person's identity, i.e., it ensures that a person is who he/she claims to be.
RFID implants: opportunities and challenges in the
identification and authentication of people
Paweł Rotter1, 2, Barbara Daskala3, Ramón Compañó1
1European Commission, Joint Research Centre,
Institute for Prospective Technological Studies (IPTS)
*
{pawel.rotter, ramon.compano}@ec.europa.eu
2 On leave from: Automatics Department,
AGH-University of Science and Technology in Kraków, Poland
3European Network and Information Security Agency (ENISA)
barbara.daskala@enisa.europa.eu
1. Introduction
1.1 Identification and authentication of people: established technologies
Information and communication technologies (ICT), in general, and the Internet, in particular,
have led to a ‘digitalisation’ of information and to ‘always-on’ remotely accessible services. To
ensure that these services are accessed with appropriate levels of security and privacy, the need
for the identification and authentication (I&A) of individuals has increased. For most
applications, the I&A process is the first line of defence, which aims to prevent unauthorized
access to computer systems [1]. Identification is the means by which a user provides a claimed
identity to the system, while authentication relates to the verification of that persons identity, i.e.
it ensures that a person is who he/she claims to be [2].
I&A methods can be clustered in three main groups:
1
Something the individual knows (e.g. a password or Personal Identification Number (PIN)).
Passwords and PINs are usually used in combination with user IDs and allow I&A in a single
process. Simplicity and affordable operational costs have contributed to a wide diffusion of
this method. A drawback to authentication by ‘something you know’ is the way users manage
their passwords, often sharing them or keeping them in an unprotected way (e.g. in post-it
notes on computer screens), which invalidates security. In addition, passwords can be
obtained through cracking,
2
eavesdropping
3
or social engineering.
4
Something the individual has (using a token, e.g. a smart card). Token-based systems
similar to PIN based ones are quick and convenient. Tokens may have the form of contact
smart cards or may be contact-less. The latter have become increasingly popular over the last
*
The views expressed in this publication are purely those of the authors and may not in any circumstances
be regarded as stating an official position of the European Commission.
The views expressed in this publication are purely those of the author and may not in any circumstances
be regarded as stating an official position of the European Network and Information Security Agency.
- 2 -
decade because of the extra convenience. However, the need for a physical medium with
particular interfaces makes this technology, in general, more expensive than passwords.
Something the individual is. Biometric technologies make use of peoples physical traits such
as fingerprints, iris patterns, face images or behavioural characteristics, like signatures or
their way of walking. In principle, well-implemented biometrics can be considered as a
reliable method for authenticating people. Nevertheless, the statistical nature of biometric
matching, the relatively high cost of efficient biometric-based identification systems and their
low social acceptance are barriers to wider deployment.
Each of these methods can be either employed alone (one-factor authentication) or in combination
(multi-factor authentication) to provide more reliable verification of identity.
1.2 Radio Frequency Identification technology
Radio Frequency IDentification (RFID) technology was originally developed for automatic
identification of physical objects [3], [4]. An RFID tag is a small device, attached to an object,
which emits an identification signal through radio waves in response to a query by an RFID
reader. This information is captured by the reader and then further processed. RFID tags are
already employed as barcode replacements offering several advantages. Unlike printed barcodes,
RFID tags do not require line-of-sight during their reading. This allows multiple scanning (e.g.
scanning the whole content of a truck or shopping basket) and enables further automation of
many industrial processes. In addition, RFID tags may contain data other than the unique
identification number, such as information on product details or, if combined with sensors, the
history of storing conditions (e.g. temperature, humidity or any falls or shocks the product may
suffer). Therefore RFID tags are increasingly used in production and the logistics chain of
enterprises [5]. Additionally, RFID technology is starting to penetrate the medical and healthcare
sector, defence, agriculture and other domains [6]. Both industry and governments are strong
promoters of RFID technology.
RFID tags for the I&A of people have already been introduced. All EU Member States, the US
and many other countries are gradually deploying electronic passports. These passports contain
RFID tags that store personal data, including the owners’ biometrics. This allows for semi-
automatic authentication of people at borders. Credit-card-sized contactless smart cards, based on
RFID technology (like Mifare, www.mifare.net), are also becoming increasingly popular for
access control. While some RFID-enhanced smart cards contain only identification numbers,
others include additional cryptographic security features to protect the data during transmission.
More sophisticated RFID-based devices not only identify, but also can track peoples location and
activities [7].
1.3 RFID implants
RFID implants are introduced into the human body. In this paper, we will focus exclusively on
passive implantable RFID tags that are not connected to the neural system. These devices are
already commercialised and are specifically designed to facilitate the I&A process.
In October 2004, the first RFID implant the so-called VeriChip obtained approval from the
US Food and Drug Administration [8]. The VeriChip implant, which stores an identification
number only, can be read from a distance of up to 10-15 cm.
5
The ID number is long enough to
identify uniquely everybody in the world. Other data related to the owner are not stored in the
RFID implant itself, but in a centralized database. The first commercial application, called
VeriMed, is designed to identify patients in healthcare (see Section 3.5). An authorized doctor can
- 3 -
access a patient’s medical files through a password-protected website, based on the patient’s ID
number detected by an RFID reader.
RFID implants are passive tags, i.e. that they do not require batteries to operate but make use of
the energy emitted by an external RFID reader. As a result, once implanted under the skin, they
can be operational for many years. Their extremely small size and lack of an internal power
source limit the devices’ performance in terms of memory, processing power and communication
range. The hardware limitations make it difficult to design RFID implants with advanced
authentication methods. The limited communication range makes it difficult to interoperate with
other information technologies like Bluetooth, GPS, etc. However, this limit can also be seen as
an advantage from a security and privacy point of view.
In the following section, we present opportunities and challenges of RFID implant technology in
comparison with other established I&A technologies. In Section 3, we propose some emerging
applications for RFID implants.
2. RFID implants vs. established identification and
authentication technologies opportunities and challenges
As RFID implants are a new technology, the advantages and risks stemming from its use are not
yet fully understood. In the following, we present a general overview of the opportunities and
challenges as they appear today. This overview is not intended to be complete or exhaustive.
2.1 Advantages to using RFID implants as identification and authentication
technologies
The use of RFID implants for the I&A of people provides some advantages compared to
established methods. The identification process is fully automatic and promises to be more
convenient. The user is not required to take any action;
6
there is no need to type or confirm any
information or to carry any token. The user does not have to have clean hands, as he would when
using a fingerprint scanner, or to stand still without blinking, as he would have to when having an
iris image captured. I&A with RFID implant is practically immediate, whereas with other
technologies time is required for typing passwords (often also for searching for them and
retrieving them), for acquiring and matching of biometrics or for taking a smart card out of a
wallet.
Implants are a reliable method of identification, especially when compared to biometrics, which
due to the statistical nature of their matching process do not guarantee 100% error-free results.
Implants are more durable than tokens and many types of biometrics, which usually change
during a person’s lifetime. Unlike tokens, implants cannot be lost or stolen unless an attacker
physically assaults a user to extract the implant.
RFID implants can be used by everyone without exception, including people with cognitive
impairment, if they are willing to accept the implant. The user will be always identifiable, even if
he/she is unconscious or not carrying any identity documents.
2.2 Concerns and challenges regarding RFID implants
Despite these advantages, there are serious concerns regarding the adoption and use of the RFID
implants. In this section, we survey several concerns, mainly related to technical security,
privacy, ethical social, and health issues.
- 4 -
Technical security issues
The permanent and physical link between an RFID tag and a person makes RFID implants more
susceptible to privacy risks than any other kind of contactless tokens [9]. A major fear relates to
the loss of privacy through being identified without one’s consent or awareness. Despite the short
communication range of today’s RFID implants, there is a risk that they may be misused for the
physical tracking of a person. Placing readers at both sides of door frames would enable the
detection of implants in users’ arms and capturing the stored information without the consent or
even the awareness of the users.
7
The use of RFID implants for authentication brings a particular risk related to a coercive attack,
when an attacker forces an authorised user to provide his/her credentials. Such a security threat
may occur for any I&A method, but for RFID implants it carries the risk of physical harm, as an
attacker could cause injuries by extracting the implant from the victim’s body. Therefore, it has
been argued that RFID implants may be appropriate for identification of people but, regardless of
any future development of technical security solutions, they cannot provide secure authentication.
Some argue further that they should be designed to be easy to clone, in order to make their
extraction by an attacker unnecessary [10].
8
However, ease of cloning reduces the reliability of
the identification.
Another kind of threat is that of the unauthorized replication of information on a RFID tag which
may lead to a replay attack, i.e. repeating the same authentication sequence as the one provided
by an authorized person and thus stealing another person’s identity. Also, currently deployed
RFID implants do not yet include options for advanced encryption or tag authentication through a
challenge-response protocol, which would counter the replay attack technique
9
.
In addition, RFID implants bear a number of other security risks related to RFID systems in
general, like: eavesdropping of data exchanged between tags and readers, men-in-the-middle
attack, duplication of the authorized person’s tag or attack on system’s backend – databases,
which in this case contain personal and often sensitive information [9].
Privacy and Ethical considerations
The European Group on Ethics in Science and New Technologies (EGE) recently published their
opinion on the use of ICT implants, where ethical and privacy considerations are presented [11].
EGE states that although implants may at first seem ethically unproblematic they may pose a
risk to human dignity by not respecting the autonomy and rights of individuals. In general,
technologies that enable the tracing of the movements and habits of individuals would be bound
to modify the meaning and contents of individuals’ autonomy and to affect their dignity [11].
RFID implants potentially enable a permanent and/or occasional tracking and location of people.
The EGE report notes that there should be protection against intrusion into one’s private sphere
and confers the right of informational self-determination on each individual including the right
to remain master of the data concerning him or her [11].
Tracking people or accessing their data remotely has an economic dimension. These data could be
used for profiling and analysis of consumer behaviour. While businesses may use this to offer
personalized services, there would be a risk of misuse., These privacy concerns pose the question
of whether there are legal gaps and whether current legislation on data protection need to be
reconsidered, as has been the case with other emerging technologies and applications [12].
Health issues
Potential medical risks have been analysed by the US Food and Drug Administration (FDA). The
FDA approved the commercialisation of VeriChip implants, though it points to some potential
- 5 -
risks: “adverse tissue reaction; migration of the implanted transponder (…), failure of implanted
transponder; failure of inserter; failure of electronic scanner; electromagnetic interference;
electrical hazards; magnetic resonance imaging incompatibility; and needle stick” [13].
In September 2007, the Associated Press reported on studies, dating from 1990s, claiming
frequent cases of cancer among laboratory rodents injected with RFID implants [14]. The reports
were reviewed for the Associated Press by leading cancer specialists, who concluded that these
results do not necessarily imply that RFID implants cause cancer among humans. A similar view
is given in [15]. A main argument is that tumours in laboratory rodents can be caused by the
process of injection rather than by the implant itself. Apparently there is a different, more
sensitive body reaction when rodents are injected than other beings. This could explain why
millions of dogs and cats have been chipped and only one case of cancer by the side of the
microchip implant has been found during the past 15 years (although there might be more, not
reported). 2,000 people have been injected so far and no health problems related to the implants
have been reported.
At the moment, it is still uncertain whether RFID implants may cause cancer. Although the
probability of getting cancer may be low, the potential risk understandably makes people nervous
about implants.
Low social acceptance
Identification technologies generally have a low acceptance rate, and recent studies has shown
acceptance rates especially low for RFID implants [16]. In a study commissioned by the New
Jersey Institute of Technology (NJIT) in 2002, 78.3% of respondents said they would not be
willing to implant a chip in their body. Similarly, a study by the consultancy firm CapGemini in
2005 reveals that the percentage of people “not at all and somewhat unwilling” was between 42
and 55%, while those that were “very and somewhat willing” was between 31% and 44%
(dependently on the application). In a recent poll (“Live vote”) at the MSNBC site, 66% of the
respondents replied “no way” to the question “would you like to be chipped?” (see:
www.msnbc.msn.com/id/5439055/). Interestingly, 27% replied positively saying they would
accept “if there was a good reason”. The results of another MSNBC survey performed after the
publication of potential cancer risks related to RFID implants were even more negative: 83% of
responders said “No way...”, 6.8% said “Of course. It’s worth the risk...”; and the remaining 10%
were “not sure” (www.msnbc.msn.com/id/20648530). Although these surveys are not comparable
(different conditions and target groups), they have in common a high rejection rate of implanted
chips. Implanting an RFID tag is considered intrusive and ”creepy” (although placing the chip
with a syringe is not considered surgery) and many people are reluctant to have this done.
2.3 Some economic considerations
Given that the commercialization of RFID implants is recent and the business model is not yet
mature, any statement on future markets has to be made with care. Installing an RFID implant
system for I&A in a given environment, like the workplace, is currently more costly than
alternative I&A systems, possibly with the exception of some high-security solutions; e.g. some
biometric implementations require expensive scanners and software. In the first phase of a
system’s deployment, investments in infrastructure (readers, backend, and system integration) are
required. Once the infrastructure is established, maintenance costs are low and the overall costs
are mainly related to enrolment of new users. At the moment, $150-$200 has to be spent for each
VeriChip implant, including the insertion procedure. This is more expensive than other I&A
technologies, such as tokens, but is expected to decrease in the future. If many people decide to
- 6 -
use RFID implants, they may benefit from economies of scale. However, whether lower
production costs will imply lower prices for customers is still unclear, as, for the moment,
VeriChip is the only provider of RFID implants approved for commercial use.
3. Application fields for RFID implants
The major driver for RFID implant deployment is the automation of the I&A process. It makes
existing services more convenient and will enable further services; these new services may in turn
provide value through higher personalisation. In this case, RFID implants feature of fully-
automated identification and continuous detection of a person’s presence is a valuable asset.
The adoption of RFID implants will mostly depend on the security requirements of the
environments in which they are deployed. Based on this criterion, we will categorise and then
examine the potential applications of RFID implants.
a. applications without strong security requirements (Sec. 3.1)
b. secure environments, where additional security is provided at the entrance to a physically
restricted area (Sec. 3.2)
c. non-secure environments, when they may enhance security and convenience in combination
with other I&A methods (Sec. 3.3)
d. mobile devices and services (Sec. 3.4), which can be used both in secure and non-secure
environment.
Section 3.5 is dedicated to the healthcare sector, which combines all three environments listed in
points b, c and d (secure, non-secure and on-the-move). Moreover, healthcare is the first area
where RFID implants have already been deployed and are expected to play an important role in
the future. Intelligent homes and cars are discussed in Section 3.6 as examples of secure smart
environments of the future. In Section 3.7, we make some assumptions on other applications of
RFID implants which may emerge in a longer-term perspective. Finally, in Section 3.8 we
compare the prospects for expansion of the discussed applications.
3.1 Applications not requiring strong security
Applications under this category are those which require the identification of users but strong
measures against identity theft are not necessary. Here, RFID implants may replace other
technologies simply because they are more convenient, as identification through the implant is
immediate, does not require any action from the user and the implant cannot be forgotten, lost or
accidentally destroyed. Examples include the Baja Beach Club in Barcelona, where club members
who have an RFID chip implanted benefit from a quicker service, as drinks are automatically
charged to their bank account, and they thus get more personalized service, as their consumption
habits are recorded. The clubs owners have expanded the RFID implant programme to a bar they
own in the Netherlands.
Apart from these VIP clubs, the use of RFID implants for non-secure applications has hardly
spread in our society. It seems that the advantages gained do not outweigh the ethical, privacy and
health concerns.
3.2 Identification and authentication in secure environments
In restricted workplaces, the identity of employees is verified at the entrance and strong
authentication of people who are already inside is usually not necessary. In such situations, RFID
implants can help prevent authorized people from providing credentials to unauthorised users. In
- 7 -
highly protected environments where security concerns prevail over privacy (e.g. nuclear power
stations) implant-based systems could also facilitate continuous monitoring of the location of
workers. For instance, employees’ movements from one room to another could be tracked by
placing RFID readers in all doorways, so in the case of an accident, location of every worker is
known. RFID implants may also be used in secure, but more open environments like hospitals.
They would help to prevent access by unauthorized people to certain instruments, restricted
places, or to patients medical files. In such environments, RFID implants facilitate the
identification of a person. Where strong authentication is required, RFID implants can be
complemented with other I&A technologies, like PINs/passwords, tokens and/or biometrics.
For example, in 2004, more than 100 employees in the organised-crime division of the Mexican
Attorney-Generals offices received implants giving them access to restricted areas [17]. In 2006,
an Ohio-based company had chips embedded into some of its employees. CityWatcher.com, a
private video surveillance company, uses the technology for controlling access to a room where it
holds security video footage for government agencies and the police [18].
3.3 Identification and authentication in non-secure environments
RFID implants in combination with established I&A technologies can provide additional security.
They could protect systems from accepting PINs/passwords obtained by theft, or which have been
cracked or disclosed without authorisation. Similarly, the RFID implants may reduce the risk of
false authentication with a stolen token or with one which has been loaned by an authorized
person to a third party, either willingly or as a result of blackmail. Prominent application fields
are those where people are less willing to delegate their rights, e.g. withdrawing cash at an
automatic teller machine.
An identification number read from an RFID implant may also be used to speed the process of
biometric identification. To identify a person, his/her biometric sample must be compared with
each sample in a database. The RFID implant could speed the process by yielding an immediate
and reliable identification (1:N), while biometrics would offer a strong authentication (comparing
the user’s sample with only one database entry, indicated by the RFID implant).
Finally, as mentioned in [16], it is possible to deploy RFID implants which would incorporate
some biometric information, so the user and implant may authenticate each other mutually. It
would be would secure against a coercive attack as an implant extracted from victim’s body could
not be used by other person (who has different biometric features). However, it would be still
possible that an attacker can duplicate the identification number and modify biometric features.
Moreover, it would raise a risk of copying the biometric features by a potential attacker.
3.4 Access control for mobile devices and services
Mobile devices, like portable computers, PDAs or mobile phones, store a growing amount of
confidential information about their owners, and people are motivated to secure them. In existing
devices, people are usually identified when they switch on the device. When a user leaves, the
device still retains the authentication for a certain time period, during which an unauthorised
person could get access. An RFID-based system can detect continuously the presence of the
authorized person and demand a re-authentication when this person leaves the area. For high-
security applications, the mobile device would identify a person by reading his/her RFID implant,
and then the owner would authenticate to the device via a PIN/password or biometrics.
The ‘smart weapon’ is another example where the application of RFID implants can increase the
security of a mobile artefact. On 14 April 2004, VeriChip, announced a partnership with gun
maker FN Manufacturing to produce a police gun with an RFID reader embedded, so that the gun
- 8 -
cannot be fired should it fall into the wrong hands. A digital signal unlocks the trigger when the
scanning device inside a handgun identifies the authorized police officer; otherwise the gun is
useless [19]. Some critics worry that malfunctions in this system may render the gun useless in
emergency situations.
3.5 Identification in healthcare
In the healthcare sector, RFID implants might offer advantages for both medical personnel and
patients. Vital information can be easily and immediately retrieved everywhere, even in cases
where patients are unconscious.
The first commercial application, VeriMed a system for patient identification and heath-care
flow management has been adopted by a number of hospitals (620 in July 2007, [8]). The
system is especially recommended for people who suffer from cognitive impairment, such as
Alzheimers disease, or diseases which put them at high risk in an emergency situation when
instant identification of unconscious patients is crucial. On 7 August 2006, the first known life-
saving incident involving a VeriChip was reported. A VeriChip subscriber, was rushed to a
medical center with head trauma following a crash during a high-speed police pursuit. Doctors
accessed his medical records in the VeriMed database, using the ID retrieved from his implant
[8].
The highest acceptance of any RFID implant application is for lifesaving purposes. According to
the Cap Gemini survey, the percentage of people saying “not at all & somewhat unwilling” and
“very & somewhat willing” for lifesaving was 42% and 44% respectively, the same for using of
biometrics for passenger identification in air travel, which is already in place.
3.6 Smart environments
The Ambient Intelligence (AmI) vision assumes that people will be surrounded by intelligent
interfaces embedded in a range of objects. These smart environments will respond to individuals
in an unobtrusive way [20]. RFID implants could provide the interface between people and the
smart environments. For example, an RFID reader in a car would read a persons ID, recognize
that he/she has permission to drive the car, open the door, adapt the seat height and positions the
mirrors.
10
Similar applications could use RFID in smart homes.
Some people have volunteered to have RFID tags implanted to experience ambient intelligence
environments. Prof. K. Warwicks RFID chip allows a computer equipped with a reader to detect
his presence at the Cybernetics Department of Reading University. It automatically opens doors,
and switches lights, heaters and computers on and off [22]. Similarly, an entrepreneur A.
Graafstra has an RFID chip implanted in each of his palms. The chips were originally
manufactured for industry or supply chain purposes and one of them was equipped with crypto-
security features. Graafstra uses his implants to open the front door of his house, start his car and
log on to his computer [23].
3.7 Other potential long-term applications
Up to now, the main purpose of wireless-based networks was communication, but recently the
network data is increasingly used to provide location-based services. Examples of location-based
services include emergency services (e.g., location of emergency calls by the fire brigade) or local
information services (e.g., finding the nearest ATM.). The communication range of RFID
implants is limited to about 0.5 m (10-15 cm with a hand reader), but an intermediate device, e.g.
a mobile phone equipped with an RFID reader, could provide a connection between the RFID
- 9 -
implant and the network. The user would activate the interface device, e.g. a phone, to request a
service via the wireless network and the RFID implant would provide the user’s identification. In
the long term, if a dense network of RFID readers were available, no ‘bridging device’ would be
necessary. Thus, combining RFID implants with location-based systems may deliver new
personalised services for people on the move. At the same time of course, it may lead into an
Owerlian nightmare, where individuals are constantly tracked.
3.8 A comparative outlook
Forecasting the deployment of RFID implants must take into account several factors at the same
time, including technical, market, social and ethical considerations. Credibility of such a forecast
is limited because many of these factors are uncertain, like future attitudes of society or health-
related issues. RFID implants are already used in healthcare, low-security systems and secure
environments, while to the best of our knowledge there are no examples yet where this
technology is used in mobile devices, non-secure environments, or intelligent homes.
A commercial system has already been developed for the healthcare sector. According to
VeriMeds company information, the market is growing fast [8]. However, the number of
subscribed hospitals and practitioners is still tiny is absolute terms. People may be tempted to
accept RFID implants if they are convinced that these could help to save their lives in
emergencies or enable access to better healthcare. Benefits from instant identification of patients
and access to their medical files anytime and anywhere are numerous and they might increase
with the growing mobility of society. RFID implants could become a mass market even if a small
only a fraction of the population would subscribe
11
. If patients do not accept RFID implants,
however, only organic growth will be possible.
The first RFID implant applications in low-security systems emerged almost at the same time as
they did in healthcare, but have not expanded significantly since then. We think that only a
limited group of people would be willing to get an implant simply for convenience or
entertainment purposes. For such purposes, other alternatives, like contactless smart card,
ornament tokens on chains, rings, or embedded in watches, appear to be more attractive. We do
not see any indication why this attitude might substantially change in the future, therefore it
seems unlikely that RFID implants will become popular in this area.
RFID implants might play a role in I&A in secure environments, especially at the workplace,
enhancing security, efficiency and convenience. However, only a small fraction of the population
works in highly secure environments. In addition, as employers cannot force employees to
implant RFID tags, this must occur on a voluntary basis only. If only some of the staff accept
them, the benefits will be much smaller.
We consider that there is potential to use RFID implants for activating mobile devices. Although
no such application has yet been reported, it would be easy to implement if there was a demand. It
would only require embedding an RFID reader into the mobile device. As a first step, RFID
implants can serve to secure access to mobile phones, PDAs or laptops but in the future they
could also be used to identify the user in order to supply him/her with personalized services, other
than those authenticated by the SIM. The number of mobile devices is huge and if only a small
fraction of people use it, this could result in a large market.
In non-secure environments, RFID implants need to be combined with other I&A methods to
increase the overall security of the system. However, including implants into such systems
requires adaptation of the infrastructure, e.g. building RFID readers into cash machines. Using
RFID implants in this area is certainly possible, but they would have to compete with biometric
technologies, which are generally more secure and have higher social acceptance.
- 10 -
A “smart environment is probably a longest-term application for RFID implants. However, it is
likely that interfaces, other than RFID implants, between people and the “smart” environment will
be tested first. Moreover, the concerns that widely-diffused intelligent machines will take part of
the control over everyday decisions must be dealt with.
When discussing deployment prospects it is important to note that applications are mutually
reinforcing; the use of RFID implants in one application will enable their diffusion in another
field. There is no need to get a different RFID tag implanted for each application, as one implant
may be used for several I&A-based applications. This scenario, however, would require a
compatible standard across applications. Whoever has an RFID implant for healthcare purposes,
and has had a good experience, may possibly be tempted to use the same ID number for other
purposes. In view of this dependency, successful use in a given domain may trigger other
applications. Therefore, the healthcare domain is a test-bed for social acceptance of RFID
applications as a whole. Should it remain a niche market in the medical sector, then it is unlikely
to succeed anywhere else.
4. Conclusions
The first commercial RFID implant applications already exist, the best known being the VeriMed
system for identifying patients in healthcare. Benefits may be considerable, both in economic and
service terms, if fundamental security measures for personal data treatments are respected, and if
related services are offered on a large scale. In our opinion, medical applications will play a
pivotal role for the whole domain; if RFID implants get established in healthcare, then at a later
stage other applications may emerge. Examples include protection against unauthorized access
to personal devices, like mobile phones, PDAs or computers, access control where security
requirements are low (like sport clubs, or cafeterias) or access control in closed areas (e.g. the
workplace) where implants protect only against unauthorized access by a colleague. A couple of
VIP clubs have already introduced RFID implants for their clients, some companies have
provided their employees with such devices, and others may follow. However, when high security
standards have to be guaranteed, RFID implants must be complemented with additional measures.
Under these circumstances, RFID implants may also be employed as one of the elements of a
high security system, increasing the convenience and security of the overall system.
Considering the issue of low social acceptance, we could argue that it is also a challenge for other
I&A methods, such as biometrics. Some types of biometrics are not accepted by large parts of
society. For example, fingerprints are still associated with criminal applications in many cultures
and some people perceive iris scans as invasive. However, in the recent past, some technologies
have moved from low social acceptance into much higher acceptance. One such technology is in-
vitro fertilisation, which is now widely accepted, although it faced huge opposition only a couple
of decades ago. It is possible that a significant part of society might accept RFID implants in the
future, if the benefits are clear and outweigh the perceived threats. Indeed, recent polls indicate
the high importance of convenience for consumers and increasing concerns about potential threats
- 11 -
related to terrorism [16]. Two ideas for improving implanted RFIDs are to make implants
removable and to allow users to deactivate their implant. Both these ideas would dramatically
changes both advantages and disadvantages of the technology.
Not everything that is technically possibly should automatically be ethically admissible, socially
acceptable and legally approved. RFID implants bring with them many medical, ethical and
privacy concerns which cannot be ignored. Addressing these concerns appropriately may improve
and boost citizens’ trust in RFID implants and ensure a more favourable social acceptance rate.
However, increasing the social acceptance rate should not be an immediate goal for two reasons.
First, it is important at this stage to consider and evaluate adequately the specific risks that this
new technology entails. Secondly, wider adoption of RFID implants does not depend on
increasing social acceptance alone. There are other factors that will also affect the future of this
technology, such as economic and legislative factors.
It would be beneficial to carry out a careful impact assessment, which systematically identifies
the risks that RFID implants pose for ethical values, privacy, health and economic aspects. The
impact analysis would give an indication of whether, and in which cases, RFID implants should
be used. As the EGE report points out, identifying the acceptable risk threshold with regard to the
values at stake should be the aim of the risk management actions. Given that the technology is
new and we have yet to evaluate all the risks it entails, we should adopt the precautionary
principle.
12
It must be ensured that the application of RFID implants does not violate human rights.
Individuals are entitled to live with dignity and to have full control over their physical bodies as
well as their personal data. Therefore, as a minimum, within the foreseeable future, the informed
consent of the individual must be obtained, and individuals must be allowed to opt-out, i.e. not be
implanted. This will complicate many possible application of implanted RFIDs, but it is our
judgment that the informed consent is more important than the rapid deployment of implanted
RFIDs.
RFID implant-based applications for I&A are still in their infancy. Although quantifying their
real benefits still needs in-field testing, there are some indications of economic and social
potential. On the other hand, today’s commercial RFID implants do not offer sufficient support
for security of data and protection of privacy. This, together with concerns about health and
ethical issues, is a significant obstacle for further deployment. Nevertheless, technological
performance and user acceptance may change in the future and a wide use of RFID implants for
I&A in a number of applications is possible. Each of these applications will have to be judged
carefully for its costs and benefits to society and individuals.
Acknowledgments
The authors would like to thank IPTS staff Ioannis Maghiros for his many helpful comments and
suggestions and Patricia Farrer for her help with preparation of the manuscript.
This work has been done within EU research project FIDIS (Future of IDentity in the Information
Society, www.fidis.net).
- 12 -
References
[1] National Institute of Standards and Technology (NIST) U.S. Department of Commerce (1995) An
Introduction to Computer Security: The NIST Handbook. Special Publication 800-12, October 1995.
[2] S. Hansche, J. Berti and C. Hare (2004) Official (ISC) Guide to the CISSP® Exam. Auerbach
Publications
[3] S. Garfinkel and B. Rosenberg RFID: Applications, Security, and Privacy”. Addison-Wesley
Professional, July 2005.
[4] I. Maghiros, P. Rotter and M. van Lieshout (editors) RFID Technologies: Emerging Issues,
Challenges and Policy Options. EUR IPTS report, 22770 EN, Sevilla 2007, available at:
http://www.jrc.es/publications/pub.cfm?id=1476
[5] I. Bose and R. Pal Auto-ID: managing anything, anywhere, anytime in the supply chain
Communications of the ACM, Vol. 48, no. 8, August 2005, pp. 100-106.
[6] B. Nath, F. Reynolds and R. Want RFID Technology and Applications.” Pervasive computing,
January-March 2006, Vol. 5, No. 1
[7] J.R. Smith, et al. RFID-based techniques for human-activity detection Communications of the
ACM, Vol. 48, no. 9, September 2005 (Special issue on RFID), pp. 39 - 44
[8] VeriMed website: http://www.verimedinfo.com
[9] P. Rotter A Framework for Assessing RFID System Security and Privacy Risks. IEEE Pervasive
Computing, Vol. 7, no. 2, April-June 2008, pp. 70-77.
[10] J. Halamka, et al. “The Security Implications of VeriChip Cloning.” Manuscript in submission,
March 2006. Available at:
http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/publications/verichip/Verichip.pdf
[11] European Group on Ethics “Ethical aspects of ICT implants in the human body.” Opinion of the
European Group on Ethics in Science and New Technologies to the European Commission, 2005.
Rapporteurs: S. Rodota and R. Capurro.
[12] B. Daskala, I. Maghiros “D1gital Territ0ries – Towards the protections of public and private space in
a digital and Ambient Intelligence environment”, EUR 22765EN, IPTS, European Commission
[13] “Class II Special Controls Guidance Document: Implantable Radiofrequency Transponder System
for Patient Identification and Health Information.” U.S. Department of Health and Human Services,
Food and Drug Administration, Center for Devices and Radiological Health, December 10, 2004,
http://www.fda.gov/cdrh/ode/guidance/1541.pdf
[14] T. Lewan “Chip Implants Lined to Animal Tumors”. Associated Press, 8 September 2007
[15] W. Wustenberg “Effective Carcinogenicity Assessment of Permanent Implantable Medical Devices:
Lessons from 60 years of Research Comparing Rodents with Other Species”. 27 September 2007,
available at: http://www.verichipcorp.com/files/RodentSarcomagenesis092807Wustenberg.pdf
[16] C. Perakslis, R. Wolk Social acceptance of RFID as a biometric security method. IEEE Technology
and Society Magazine, Vol. 25, No. 3, pp. 34 42, 2006.
[17] “Implantable Chips Get Under Skin of Security Experts”. Available at:
http://www.adsx.com/newsarticles/01.htm
[18] US group implants electronic tags in workers Financial Times, 12 February 2006 available at
http://www.ft.com/cms/s/ec414700-9bf4-11da-8baa-0000779e2340.html
[19] No Chip in Arm, No Shot from Gun”. Wired Associated Press , 14 April 2004 , available at
www.wired.com/science/discoveries/news/2004/04/63066
[20] ISTAG Reports Grand challenges and Visions for the information society technologies is available at
http://cordis.europa.eu/ist/istag.htm
[21] J. Kent "Malaysia car thieves steal finger", BBC News, 31 March 2005, available at:
http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm
[22] What happens when a man is merged with a computer? At Kevin Warwick's webpage,
http://www.kevinwarwick.com/Cyborg1.htm
[23] A. Graafstra “RFID Toys” Wiley, 2006.
[24] A. Marburger, et al. “Implantable RFID for The Health Industry” June 2005. Available at:
http://www.geocities.com/innovating_competitively/data/Verichip.pdf
[25] Ph. Krauchi, P.A. Wager, M. Eugster, G. Grossmann and L. Hilty End-of-life impacts of pervasive
computing. IEEE Technology and Society Magazine, Vol. 24, No. 1, pp. 45-53, 2005
- 13 -
1
Profiling can be regarded as a fourth category of I&A method, where the users are identified and
authenticated as belonging to a group with specific characteristics.
2
E.g. using password-cracking software, like L0phtcrack.
3
E.g. using of software (sniffers) to monitor packets or wiretapping telecommunication links to read
transmitted data [2].
4
E.g. deceiving users or administrators at the target site [2], using techniques to manipulate them, often
without employing any technical computer skills and knowledge.
5
The VeriChip has been designed to operate at a distance of about 10cm with a handheld reader and 50cm
with a door reader but cannot operate at large distances. Simulations (see e.g. Z. Kfir and A. Wool
“Picking virtual pockets using relay attacks on contactless smartcard systems.”) and practical experiments
(see G. Hancke ”A Practical Relay Attack on ISO 14443 Proximity Cards.”) show that a standard distance
can be increased several times (up to 0.5m for standard ISO 14443), but with further increase the signal
disappears in the noise of environment. In the supposed case that a reading would be possible at larger
distances, there are technologies in place preventing this. One option against relay attack could be a
distance bounding protocol, which basically measures the response time of the RFID reader request (see
e.g. G.P. Hancke, M.G. Kuhn "An RFID Distance Bounding Protocol").
6
No user action may also be considered as disadvantage in terms of privacy, as the user may even not be
aware of being identified.
7
10 cm range of VeriChip implant applies to hand reader. A commercial reader exists (VeriChip Portal
Reader), able to scan information from RFID implant of a person passing through the door.
8
Even in this case, extracting the chip from the carrier may remain easier for some attackers, as cloning
it is rather a complicated procedure, requiring specialised equipment and knowledge.
9
It can be argued that some biometrics are also vulnerable to unauthorised copying (e.g. fingerprints
copies can be obtained from a glass, special camera can take high-resolution iris images even from several
meters), but having a copy of biometrics usually does not suffice for a replay attack. Security of the modern
biometric systems is not based on the biometric data alone, but relies also on a “liveness test”, generally
integrated in the sensor part.
10
In the case of anti-theft protection, the risk of coercive attack should be taken into consideration. Some
premium car manufacturers were forced to recall from the market a finger print recognition system to open
and start a car, after an attempt steal the car of a Malaysian business man. As the thieves were unable to
start the engine and drive away, they cut the owner's finger to escape with the car [21].
11
Marburger at al. [24] foresee that in the next 15 years there will be between 1.0 and 1.4 million
VeriMed users world-wide. Unfortunately, the authors do not support their assumptions with a solid
analysis, except from a questionable analogy to pet tagging.
12
For example, in the case of waste management process, precautionary measures have been taken in the
form of eco-design and necessary process modifications [25].
... He was able to open doors and turn on lights with the MI implanted in his arm. After 9 days, the implant was removed (Rotter et al., 2008). In October 2004, American Food and Drug Administration (FDA) approved the first microchip that could be implanted in humans (Rotter et al., 2008). ...
... After 9 days, the implant was removed (Rotter et al., 2008). In October 2004, American Food and Drug Administration (FDA) approved the first microchip that could be implanted in humans (Rotter et al., 2008). ...
... • Healthcare: MI can be used to store the patient's basic data, possible allergies, specific medical information or other vital information needed for the patient's treatment. By collecting these data, patients can be treated safely and efficiently if they are brought to the emergency room unconscious or mentally confused (Rotter et al., 2008). MI can be used to identify lost dentures in elderly care facilities (Madrid et al., 2012) or to identify medical implants that have been placed in patients, such as artificial hips, knees, implantable cardioverter defibrillators, pacemakers, implantable insulin pumps, and implantable neurostimulators (Landaluce et al., 2020;Nicholls, 2017). ...
Article
Full-text available
Passive radio frequency identification microchip implants have been the subject of public debate for nearly two decades, due to differing views on issues of privacy and impact on the human body, as well as actual successful applications in healthcare. Nonetheless, advances in technology imply that consumers may use microchip implants for identification, shopping, and other activities in the future. The purpose of this study was to identify the characteristics and habits of individuals who are more likely to use a microchip implant in the near future. A cross-sectional study was conducted in five countries: Poland, Croatia, Slovenia, Ukraine and the Russian Federation. Convenience sampling and an online questionnaire were used to collect data from 2037 respondents. Multiple regression analysis was used to test the research questions and the results showed the predictors of willingness to use microchip implants. The potential microchip implant user is male, has multiple social media profiles, and has a history of losing keys, wallets, or ID cards. He tends to use credit cards, contactless payments and payment services when shopping. His willingness to use a microchip implant decreases with age. Based on these findings, retailers and other service providers can adapt their processes to successfully support the future consumer with microchip implant.
... Another similar application is the insertion of an RFID implant into a person's body. These microchip implants are also instrumental in medical settings, especially for patients suffering from a life-threatening medical condition, dementia, communicative disorder or for patients with debilitating psychiatric diseases [27]. Unlike RFID-integrated documents (e.g., e-passport or a smartcard), RFID implants cannot be lost or forgotten. ...
... Unlike RFID-integrated documents (e.g., e-passport or a smartcard), RFID implants cannot be lost or forgotten. However, implants carry certain privacy and security risks because malicious agencies using compatible RFID readers could access, block or even alter sensitive biometric data stored in the implant [27]. Consequently, the integration of cryptographic features can resolve this issue to some extent by providing encryption on the database. ...
... Consequently, the integration of cryptographic features can resolve this issue to some extent by providing encryption on the database. Nevertheless, the RFID implant technology use raises concerns that have yet to be resolved, related to intrinsic technical issues, privacy, ethical concerns, and health-related problems [27][28][29]. In the field of biometrics, RFID technology is still evolving and will likely offer practical solutions in the future. ...
Article
Full-text available
Arguably, fingerprinting is the single most widely utilized method for individual identification and authentication (I&A). Dermatoglyphics form a vital portion of mass data collection, biometric scrutiny, and verification. Adermatoglyphia, or simply, loss of fingerprints attributed to a medical cause, represents a taxing situation for such biometric scrutiny systems requiring a fingerprint scan as a mandatory phase in I&A procedure. The scenario can be extremely debilitating for the adermatoglyphia patients, especially when the condition is permanent or irreversible. This article reviews different causes of adermatoglyphia, the challenge it poses to biometric identification, and the potential substitute modalities for fingerprinting technology. These modalities can function as a backup program for biometric surveillance in both medical and non-medical settings under circumstances when the fingerprinting method fails to comply.
... Microchip implants (MI) are among this group of technologies. Although MIs are used in healthcare (Cui et al., 2019;Landaluce et al., 2020), personal identification (Michael et al., 2017;Rotter et al., 2008), purchases (Landaluce et al., 2020;Michael and Michael, 2010) or smart home (Cui et al., 2019;Rotter et al., 2008), most of us still have doubts that they are safe. These concerns relate to legal issues (Graveling et al., 2018), ethical considerations (Moosavi et al., 2014), health risks (Albrecht, 2010), and security (Huo, 2014). ...
... Microchip implants (MI) are among this group of technologies. Although MIs are used in healthcare (Cui et al., 2019;Landaluce et al., 2020), personal identification (Michael et al., 2017;Rotter et al., 2008), purchases (Landaluce et al., 2020;Michael and Michael, 2010) or smart home (Cui et al., 2019;Rotter et al., 2008), most of us still have doubts that they are safe. These concerns relate to legal issues (Graveling et al., 2018), ethical considerations (Moosavi et al., 2014), health risks (Albrecht, 2010), and security (Huo, 2014). ...
Conference Paper
Attitudes towards technology have changed due to the recent situation with pandemics. The primary research model of attitude towards microchip implants in the human body therefore needs to be updated. Not only the perceived usefulness of microchip implants during the time of pandemics, but also the revival of conspiracy theories and the abundance of fake news has influenced our perception of this technology. To identify this influence and determine changes in attitude towards microchip implants, three constructs were added to the primary model. Preliminary structural equation modeling analysis confirmed that the constructs could be included in the research model. The results also show that Slovenians and women have the lowest confidence in the usefulness of microchip implants
... This high cost may also result in discriminatory problems within society in that the beau monde elite class can afford the acquisition of active RSIM, while others cannot. However, Rotter and Compañó (2008) stated that RFID implants investment is high only when deployed, but once the infrastructure is established then the overall cost is reasonable, and this is reflected on users. Sharma et al. (2010) described a prototype for a commercial-grade off-theshelf integrated-circuit cochlear implant microchip with cost effectiveness that allowed for future scalability and flexibility for neuroprosthetics and neuromodulation. ...
... The metaphorical term of "geoslavery," which violates the US Constitution's thirteenth amendment, is described as how new location tracking devices can result in coercive control over human movement and direction (Herber 2006). Today's RSIM implants do not offer adequate security of data and protection of privacy (Rotter and Compañó 2008). However, Dewan, Nazmin, and Dewa (2008 ) proposed the activation of a "privacy bit" on RSIM that would allow only authorized users to access and tag information (Michael 2016). ...
Article
Full-text available
The aim of this conceptual paper is to explore the primal barriers to the implementation of radio-frequency identification (RFID) subcutaneous implantable microchip (RSIM) in people with disabilities (PWD) and their potential participation in sustainable development. Although RSIM offers unprecedented health benefits for PWD, it also has shortcomings. Six factors that affect the adoption of RSIM by PWD are identified as ethical issues perception, religious concerns perception, perceived implantation cost, health risk perception, privacy risk perception, and security risk perception. This investigation is imperative in terms of exploring the requirements for, and possible prioritization of, solutions to the preventable barriers to PWD participation in sustainable development. The findings of this review may be useful for both RSIM manufacturers and the PWD community as regards improving the latter’s likelihood of inclusion in sustainable development.
... Public interest in RFID was strongest for emergency intervention services. Research on the acceptance of MIs showed that they were treated positively (Smith, 2008), and the acceptance of MIs for life-saving purposes was highest (Rotter et al., 2008). ...
Article
Full-text available
Background and purpose: Despite their clear relevance to human life, microchip implants are still widely viewed as negative, threatening our privacy and raising growing concerns about our health. This paper aims to investigate the important factors influencing people’s perception of microchip implants and their willingness to use them for different purposes. Methodology: The cross-sectional study was conducted in three European countries and the data were analysed using the group Structural Equation Modeling approach. Only complete answers to the online survey questionnaire items were used representing a convenience sample of 804 respondents. Results: The results show that perceived ease of use, usefulness and perceived trust are significant predictors of intention to use microchip implants. Perceived trust is influenced by privacy and technology safety. Concerns about painful procedures and other health concerns reduce the perceived usefulness of microchip implants. Apart from the predictor health concerns, the results were similar in all countries. Conclusion: Based on the presented results, researchers interested in investigating the actual use of microchip implants can establish a solid foundation for their research. The results may assist policy makers in developing the regulations to ensure the safe use of microchip implants and allow for a higher level of security. As a follow-up, investigation of changes in the acceptance of microchip implants following the threat of a global pandemic is proposed.
... A pesar de esto, no hay en el trabajo un análisis legal del fenómeno. Rotter, Daskala y Compañó (2008) escriben un artículo titulado «RFID implants: Opportunities and challenges for identifying people» 13 en la cual realizan una valoración de aspectos técnicos, económicos, privacidad y salud asociados a la implantación de microchips en seres humanos. ...
Thesis
Full-text available
In this paper the phenomenon of the implantation of RFID microchips in human beings is explored from the perspective of the regulation of privacy and health in the Costa Rican legal system. In the development of the research, the particularities of the right to health and privacy are analyzed, maintaining as a transversal axis its condition of human rights, but finding points of flexibility in its conception and regulation that allow addressing such a recent social phenomenon which brings great challenges for the Law. The main essence of the work consists of the analysis of the political, technical and legal processes necessary to introduce, commercialize and use this technology in Costa Rica, as well as the positive and negative consequences that may appear.
... PT (Perceived Trust) refers to an individual's trust that the state, banks and healthcare systems will be able to ensure security and protection of human rights in the fi elds of identifi cation, tracking and archiving of personal data, fi nancial transactions, and patient data on treatments and organ donation. Items composing HC (Health Concern) construct which possible threats of RFID-SM usage were found based on extensive literature review of medical research papers [46,50,51]. Th e component HC refers to four possible threats of RFID-SM usage: the possibility of movement in the body, eff ect on emotional behavior, health threats due to possible allergies, and health threats because of impacts on the nervous system. ...
Article
Full-text available
Despite the numerous advantages of microchip implants, their adoption remains low in the public sector. We conducted a cross-sectional survey to identify concerns and expectations about microchip implants among potential users. A total of 179 United States adults aged 18–83 years responded to two qualitative questions that were then analyzed using the thematic analysis technique. The identified codes were first categorized and then clustered to generate themes for both concerns and expectations. The prevalence of each theme was calculated across various demographic factors. Concerns were related to data protection, health risks, knowledge, negative affect, ease of use, metaphysical dilemmas, monetary issues, and negative social impact. Expectations included medical and non-medical uses, dismissal of microchips, technical advances, human enhancement, regulations, and affordability. The prevalence of concerns and benefits differed by immigration status and medical conditions. Informed by our findings, we present a modification to the Technology Acceptance Model for predicting public’s behavioral intention to use subcutaneous microchips. We discuss the five newly proposed determinants and seven predictor variables of this model by surveying the literature.
Article
The right to personal privacy is known as a fundamental human right allowing people to restrict access to their personal information. The decentralized nature of blockchain networks, often involving the publicity of ledger information, can come into conflict with this right. This is in particular the case when the blockchain maintains sensitive information such as financial credits or medical information. In this paper, we discuss this interaction. We first describe multiple aspects of privacy such as its practical limit towards authorities, its potential vulnerability, and its association with technological systems such as blockchain networks. Towards answering these challenges, we survey a wide range of techniques relying on tools from the areas of cryptography, distributed system, and hardware architecture. We explain how each can be used to enhance privacy in blockchain networks following their unique nature. We further conclude that none of the available techniques can fully answer the complex practical requirements, and that practical solutions should combine both centrally controlled and decentralized systems.
Chapter
This chapter analyzes some tools of pervasive surveillance in light of the growing philosophical literature regarding the nature and value of privacy. It clarifies the conditions under which a person can be said to have privacy, explains a number of ways in which particular facets of privacy are morally weighty, and explains how such conceptual issues may be used to analyze surveillance scenarios. It argues that in many cases, surveillance may both increase and decrease aspects of privacy, and that the relevant question is whether those privacy losses (and gains) are morally salient. The ways in which privacy diminishment may be morally problematic must be based on the value of privacy, and the chapter explains several conceptions of such values. It concludes with a description of how some surveillance technologies may conflict with the value of privacy.
Article
Full-text available
The iBracelet and the Wireless Identification and Sensing Platform (WISP), RFID-based techniques, promise the ability to infer human activity directly from sensor readings. This family of techniques can help solve the longstanding problem of how to infer human activity. The WISP approach appears promising for a variety of sensing problems, in addition to human-activity inferencing, in which battery free operation or compatibility with RFID infrastructure is key. The iBracelet appears most promising for industrial or enterprise-context human activity inference applications in which a wearable reader is not a burdensome requirement.
Conference Paper
Full-text available
A contactless smartcard is a smartcard that can communicate with other devices without any physical connection, using Radio-Frequency Identifier (RFID) technology. Contactless smartcards are becoming increasingly popular, with applications like credit-cards, national-ID, passports, physical access. The security of such applications is clearly critical. A key feature of RFID-based systems is their very short range: typical systems are designed to operate at a range of ≈ 10cm. In this study we show that contactless smartcard technology is vulnerable to relay attacks: An attacker can trick the reader into communicating with a victim smartcard that is very far away. A "low-tech" attacker can build a pick-pocket system that can remotely use a victim contactless smartcard, without the victim’s knowledge. The attack system consists of two devices, which we call the "ghost" and the "leech". We discuss basic designs for the attacker’s equipment, and explore their possible operating ranges. We show that the ghost can be up to 50m away from the card reader— 3 orders of magnitude higher than the nominal range. We also show that the leech can be up to 50cm away from the the victim card. The main characteristics of the attack are: orthogonality to any security protocol, unlimited distance between the attacker and the victim, and low cost of the attack system.
Article
Full-text available
The Radio Frequency Identification systems (RFID) is a powerful technology with numerous application possibilities, but it is also a technology that raises serious privacy and security risks. RFID-based systems are subject to generic attack that threaten system security and user privacy, like all information systems and there are also many attacks that specifically target RFID system technologies. The countermeasures are to encrypt the data and to use a metal screen to shield the tag and reader during information exchange. The communication looks as if the legitimate tag and the reader are close to each other, when in fact they are communicating through the communication channel that the attackers have established. The tag cloning, attackers make a duplicate RFID tag, which might either be quite similar in size or much larger than the original but have the same functionality.
Book
Candidates for the CISSP exam can now go directly to the source for study materials that are indispensable in achieving certification. The Official (ISC)2 Guide to the CISSP Exam is derived from the actual CBK review course created and administered by the non-profit security consortium (ISC)2. In addition to being an invaluable study guide, this book is detailed enough to serve as an authoritative information security resource. Both of the guide’s co-authors are CISSPs, and the entire text has been reviewed and approved by Hal Tipton, Co-Founder and Past President of ISSA and Co-Founder of (ISC)2. The ten subject areas included, each a section from the Common Body of Knowledge (CBK), have been reviewed by multiple CISSPs, all of whom are recognized leaders in their fields. A CISSP certification garners significant respect, signifying that the recipient has demonstrated a higher standard of knowledge, proficiency, and ethics. This book ensures that a student is fully prepared to face the exam's rigorous criteria. It is crafted to match the overall theme of the exam, which emphasizes a general, solutions-oriented knowledge of security that organizations want. © 2004 by Susan Hansche, John Berti, and the International Systems.
Article
The impact of Auto-ID in the supply chain management is discussed. Auto-ID is supply chain management affects all the three levels, which include strategic, tactical, and operational. Auto-ID will enable process automation in picking, shelving, cross-docking, and implementing consolidation operations. It will reduce mistakes such as, sending an item to a wrong destination and not dispatching the right item at right time. These measures will reduce the cost of operations for manufacturers and distributors and cut transportation and distribution lead time and lead-time variability.
Article
Contactless smart cards are used in access control and pay-ment systems. This paper illustrates an attack which effectively allows an attacker to 'borrow' the victim's card for a short period without requir-ing physical access to the victim's card. As a result the legitimate owner will remain unaware of the attack. We show that our hardware success-fully executed a relay attack against an ISO 14443A contactless smart card, up to a distance of 50 m. Simply relaying information between the card and reader over a longer distance does not require the same techni-cal resources from the attacker as hardware tampering or cryptanalysis. This attack is therefore a feasible method for circumventing current se-curity protocols with little effort. Since application-level measures fail to protect against relay attacks, we discuss possible solutions involving characteristics of the physical communication medium.
Conference Paper
Radio-frequency identification tokens, such as contactless smartcards, are vulnerable to relay attacks if they are used for proximity authentication. Attackers can circumvent the limited range of the radio channel using transponders that forward exchanged signals over larger distances. Cryptographic distance-bounding protocols that measure accurately the round-trip delay of the radio signal provide a possible countermeasure. They infer an upper bound for the distance between the reader and the token from the fact that no information can propagate faster than at the speed of light. We propose a new distance-bounding protocol based on ultra-wideband pulse communication. Aimed at being implementable using only simple, asynchronous, low-power hardware in the token, it is particularly well suited for use in passive low-cost tokens, noisy environments and high-speed applications.
Article
The VeriChip™ is a Radio-Frequency Identification (RFID) tag produced commercially for implantation in human beings. Its proposed uses include identification of medical patients, physical access control, contactless retail payment, and even the tracing of kidnapping victims. As the authors explain, the VeriChip is vulnerable to simple, over-the-air spoofing attacks. In particular, an attacker capable of scanning a VeriChip, eavesdropping on its signal, or simply learning its serial number can create a spoof device whose radio appearance is indistinguishable from the original. We explore the practical implications of this security vulnerability. The authors argue that: The VeriChip should serve exclusively for identification, and not authentication or access control.Paradoxically, for bearer safety, a VeriChip should be easy to spoof; an attacker then has less incentive to coerce victims or extract VeriChips from victims' bodies.