Practice Cryptography!
Even with all of the cryptologic and cryptographic technology that has existed in the world for the past 60 years, we still don't really know what encryption is good for or how to use it -- or, more importantly, why it's important. Maybe it's time for people and coders to actually start practicing how to use it, like any other skill.Tuesday, March 28, 2006
RFID and the problems it poses...
RFID is the new electronic read-only chip that can contain arbitrary data, such as a palette number, content name, content SKU, amount on palette, and so on. It's designed to be used for inventorying and logistics.
Except.
RFID tags can be cloned by a device that reads them, then broadcasts on the same frequency that the RFID tag itself would be induced to broadcast on.
RFID tags can be arbitrarily coded by such a device to perform active attacks against systems that use them. (SQL injection attacks and buffer overflows are only two of the types of attacks that RFID systems have to be aware of.)
So, we can't use them for their intended purpose of unique identification... or can we?
Certainly not as they stand -- but if each individual RFID tag had a public/private keypair associated with it, and there was a key exchange with the reader before the RFID's tag was read (kinda like SSL/TLS), then there would be less opportunity for such problems.
[This entire discussion came about because I got into a discussion of people implanting RFID chips into their hands or such, and I know someone who has two canine identification tags (essentially the same) embedded in his back.]
Except.
RFID tags can be cloned by a device that reads them, then broadcasts on the same frequency that the RFID tag itself would be induced to broadcast on.
RFID tags can be arbitrarily coded by such a device to perform active attacks against systems that use them. (SQL injection attacks and buffer overflows are only two of the types of attacks that RFID systems have to be aware of.)
So, we can't use them for their intended purpose of unique identification... or can we?
Certainly not as they stand -- but if each individual RFID tag had a public/private keypair associated with it, and there was a key exchange with the reader before the RFID's tag was read (kinda like SSL/TLS), then there would be less opportunity for such problems.
[This entire discussion came about because I got into a discussion of people implanting RFID chips into their hands or such, and I know someone who has two canine identification tags (essentially the same) embedded in his back.]
Archives
2006-02-12 2006-02-19 2006-02-26 2006-03-05 2006-03-12 2006-03-19 2006-03-26 2006-04-02 2006-04-09 2006-04-16 2006-04-23 2006-07-23 2008-01-13 2008-01-20 2008-02-03 2008-02-17 2008-03-16 2008-04-06 2008-05-11
