RFID security problems have been biting at the ankles of users and companies that deploy the technology for several years now, but they’ve been mostly on the fringes of mainstream security concerns. But now, as the technology becomes more widespread and pervasive, that is beginning to change.
Academic and industry researchers will be meeting at UMass Amherst to discuss the security and privacy implications of RFID technologies this weekend at the RFIDsec conference. The topics of discussion will revolve around RFID technology, which has been in use for some time in electronic product codes, building ID cards, transit payment cards, tollway transponders, vehicle immobilizers, contactless credit cards, and RFID sensors.
However, more relevant to security is another application of RFID, known as Near Field Communication (NFC). NFC is an increasingly popular application of RFID technology that allows users to make contactless payment on their mobile devices, but also carries with it some potentially serious security concerns.
There will be four technical sessions at the conference covering the physics of RFID, hands-on side channel analysis of smartcards, RFID-scale computer programming, and a general introduction to RFID security and privacy. There will also be tutorials in which attendees will observe and take part in attacks that can be used to exploit RFID and NFC technology, mining valuable and sensitive data from several feet away from a given device. In addition to attack tutorials, there will be demonstrations of countermeasures to defend against such attacks.
“Good security and privacy is built in, not bolted on. It is less costly to anticipate threats and to secure systems from the start than to patch after the fact,” said Kevin Fu,
General Chair of RFIDsec and a faculty member in Computer Science and
Electrical & Computer Engineering at UMass Amherst.
Adi Shamir of RSA fame will deliver the keynote address, and anyone who has seen one of Shamir’s speeches in the past knows that it likely will be both deeply technical and highly informative.
Among the conference’s other speakers are Prof. Srdjan Capkun of ETH Zürich, Switzerland; Dr. Ravi Pappu, Vice President of the Advanced Development Group at ThingMagic; Collin Mulliner, Technische Universität Berlin, Deutsche Telekom Labs; Dr. Samuel Weber, U.S. National Science Foundation; and Mattew Scholl, Deputy Chief, Computer Security Division, U.S. National Institute of Standards and Technology (NIST).