Schneier on Security
A blog covering security and security technology.
« Friday Squid Blogging: Ika Yaki Oiishi |
| Xbox 360 Privilege Escalation Attack »
March 5, 2007
Powder-Sized RFID Tags
Posted on March 5, 2007 at 6:39 AM
• 33 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I like the comment about misuse in the BBC article:
"We are not imagining such uses."
No need to be afraid then.
There is no need for him to imagine such uses, as others have done so already. For some further ideas what more advanced devices developed from this could do, I recommend reading about the Qeng Ho localizers in Vernor Vinge's "A Deepness in the Sky"
Interesting parallels to the fictional works "The Diamond Age" by Neal Stephenson and "Interface" by Neal Stephenson and J. Frederick George. Diamond Age talks about a world that contains swarms of microscopic drones that can be used for everything from monitoring air quality to law enforcement. In Interface, the main character has an RFID-style implant put into his brain after a stroke, allegedly to assist with recovery, but ultimately used to manipulate the character during a political campaign.
As per usual, I would not be surprised if reality models fiction. Never underestimate the ability of the power hungry to abuse anything and everything.
If RFID tags can be made so easily, it might be possible to confuse the reader by always keeping a few thousand or million on you, all with random numbers. Wouldn't that make it very difficult to isolate the signal from any one of them?
I take great relief that the power hungry only just got the Internet that was sent to them last Friday. By time they get around to really figuring out how to abuse this technology a 14 year old will have posted something out there that tells me how to hack a Roomba so that I can use it back up my CD collection onto these things as it cleans my floors.
I really don't fear the power hungry's use of technology - they've proven to me that they're not very good at it. Easier for them to just declare my wrist watch a bomb or retroactively change the EULA on some product I own and whisk me off to an undisclosed location for terrorism/copyright violation.
Yes. And even if you could isolate signals they all become noise, since they may not know all the tags origins. One crime novel I read, the dude didn't try to avoid leaving his DNA at the crime scene, but took a spray bottle and poutch of hair/skin of lots of short DNA framents desined to thwart PCR/sequencing with lots of noise.
Sometimes things like this bug me. FTA:
"Unlike its predecessor, the barcode, an RFID tag's data can be extracted from afar - sometimes from hundreds of metres away - by radio-reading devices"
The standard barcode reader only works from a few inches away from the barcode. So does a standard RFID reader. An RFID signal *can* be extracted from hundreds of meters away. But I'm fairly certain that, given the right equipment, I could read a barcode from a few miles off. (one difference being that I can read a barcode passively, whereas the RFID reader has to be active, and thus the target could conceivably have a method to detect that he is being "scanned")
Now, I understand what they probably meant, and that is that barcode readers operate in the range of the EM spectrum that we humans use to see with, so we have an intrinsic feel for what things are "opaque" to that band and can cover our barcodes with something (a grocery bag, for example) and keep them safe from spying eyes, whereas the RFID operates in a part of the spectrum that we aren't used to dealing with on a day-to-day basis, and so we don't natively understand that the RFID code on the card in our pocket is about as secure as the barcode would be in a clear ziplock baggie.
But, as this past paragraph illustrates, that's hard to explain.
I'd heard about this, but I was wondering how much power these RFID chips could transmit with. The Yahoo article Bruce linked to mentions the chips in question do not have antennae, and the smallest antennae are 80 times the size of the RFID chips. How much comfort should I take in that?
Is it a slow Monday or you just discovered along with some dimwit in BBC the size of the chips in real?
Come on .. write a blog .. there is "digg" and other places for junk like this.
Given that 80 times 0.05mm is 4mm, take some comfort. While
that's a lot more noticeable, it's still a whole lot easier
to hide than the 25x25-ish RFIDs we're accustomed to thinking of.
If they manage to make a 0.05mm antenna, what does that
imply about the frequencies available, and what are their
I have to disagree. This is not impressive technology. It these were RFID tags, it would be impressive, but they're not tags, just the microelectronic component of tags.
When I read it, I started wondering about phased array techniques. Does anyone remember enough antenna theory to know if a properly spaced array of these chips could coordinate in creating a phased array antenna? Or would the power losses involved be prohibitive?
I think the electronics would need precisely matched startup latencies, etc. or the phasing would be random even if the devices are in a regular array. The tiny device size works against that kind of precision.
We all need to carry RFID readers, so we can tell when we are carrying around readable RFID chips, and when we are in the presence of readable RFID chips. Now we also need to carry around detectors to determine the presence of RFID readers that are reading the RFID chips that we are carrying around.
On to the next cycle...
>Never underestimate the ability of the power hungry to abuse anything and everything.
Funny thing is, if you replace power hungry in the above sentence with terrrorist/copyright violator/etc you have the power hungry's stated reason for abusing anything and everything.
We all need to carry RFID readers, so we can tell when we are carrying around readable RFID chips.
Something like a wi-fi hotspot detector.
I am curious what countermeasures people will develop against "smart dust". Eric's suggestion to obscure real information with noise seems very fundamental.
I guess the smart dust will be cheaper than cocaine. It can't be any more destructive. Maybe the dopeheads will snort some and the cops will have readers and bust the cokeheads. This could wipe out Wall Street.
Interesting combination of links
Durenmatt meets RAND. Yikes!
'I am curious what countermeasures people will develop against "smart dust". '
I wonder if an E/M pulse of some sort could be generated that would somehow fry these things without injuring anything/anyone carrying them; and without frying legitimate equipment in the vicinity.
Sorry my doctor say I am alergic to smart dust...
Frighting that you can be tracked by dandruff on your jacket collar....
Maybe someone'll mistake the "smart dust" for another type of "mysterious powder" - and cause a major delay in some urban center. =;o)
/ As said by another poster: optical mice = millions of UBOs. =;o)
Passive countermeasure: Reader for tags, detecting their presence. Does not have to actually read them, which simplifies construction. Detects anything resonating at a given frequency. Can be adapted from the input stage of a reader, or built from scratch. Use two antennas, a bigger one for coarse detection, and a smaller one for fine zeroing on the tag itself.
Other passive countermeasure: Detector of readers. Without a reader, a tag is a piece of harmless dead matter. Detector can be improvised from the antenna-resonator circuit salvaged from a tag, and some added simple electronics. Indication to the wearer can be audible, visual, or by vibrations. Being aware of the readers' position without divulging you know about them gives you a potential tactical advantage.
Semiactive countermeasure: A micropower jammer activated by the presence of the reader field (to save batteries and not attract attention more than strictly required), forcing collisions and read errors into the tags' responses.
Active countermeasure: A tag destroyer. A transmitter with a high-gain antenna operating on the tag's frequency. The tags may have overvoltage protection, but their physical size limits will limit the chip area of the protective devices, which will impair their thermal dissipation characteristics, which should make it possible to fry them with excessive power. Few watts should be enough, especially if concentrated to millisecond-long half-kilowatt pulses twice per second; this high power with such duty cycle delivers a big punch to the tags while minimally affecting the tissues of the operator. Suggested to be combined with a tag detector, to validate the efficiency of the neutralization.
More destructive active countermeasure: an EMP gun tuned to the frequency of the readers, frying their input circuits. MUCH more power needed, as the virtual absence of size limits allows using bulky and effective protection circuits. A magnetron with a directional antenna may do the job, with considerable risk for the operator and the collateral damage (also known as civilians) in its line of fire. In the worst case, a tactical nuke will do the job. Other modes of neutralization of the readers, from compromising their software to cutting a wire to vaporizing the entire building, are possible as well; make your pick according to your tactical needs and threat models.
Detecting and destroying the tags is easy. What's worrying here is the possibility of attracting attention by NOT wearing a cloud of live, cheerily responding tags.
I'm hoping for RFID (or perhaps something simpler) to become so small and cheap that we can automate sorting of recycleable materials. (No civil liberties issues here - the tag just says "I'm made of type 2 plastic.")
If Moore's Law keeps up, eventually the recyclables will have tags saying "I'm made of type 2 plastic, I originally contained FooBrand milk, and here's a high-quality recording of all the audio that occurred in the vicinity of the bottle since its manufacture." :)
I'd like to echo RadioBill's and sooth_sayer's remarks, though, that this is just an article about the size of the CHIP. A working tag needs to be much bigger, because it needs an antenna.
Digg's S/N ratio is close to zero and places like /. are not a lot better. OK so both are better than newsgroups these days but thats not saying a lot.
I find simple links to pages that could be interesting very usefull. I get to read something interesting and I didn't all day finding it. Also there are not 100's of links a day either.
Ya know there was a time when you only got all this once a month.
"More destructive active countermeasure: an EMP gun tuned to the frequency of the readers, frying their input circuits." -- I've had second thoughts about my earlier posting saying more or less the same thing. I'd hate to be packing a pacemaker while I was getting my RFID-powder fried.
"Detecting and destroying the tags is easy. What's worrying here is the possibility of attracting attention by NOT wearing a cloud of live, cheerily responding tags." -- good point. It would be necessary to get RFID-frying widespread so such a person would no longer stand out.
j: The EMP gun has to be tuned for the tag frequency, for optimal coupling into the input circuits. The effects on circuits tuned to other frequencies will be reduced, though it can not completely prevent collateral damage. Let's hope some (hopefully nonfatal) incidents start to appear so critical technology (like eg. the mentioned pacemakers) gets an adequate shielding and hardening. It will have to be done anyway, as eg. the police forces in some countries are already evaluating using EMP or microwave guns for eg. stopping vehicles.
Seems to me that separating the tag from the antenna has a lot of interesting possibilities, both for manufacturing and for placement. The antenna no longer has to live on the same kind of substrate as the chip, and if you're willing to make it a bit bigger it doesn't have to be anything like a flat loop.
Where these things will really shine is with various kinds of sensor, so that, fer example, you can know the temp/humidity history of any textile seeded with them
Gee, I wonder if they have a deal with HID. Just think of all the billions they both can make together selling "safe vaporware".
"I wonder if an E/M pulse of some sort could be generated that would somehow fry these things without injuring anything/anyone carrying them; and without frying legitimate equipment in the vicinity."
Here's a prototype for such a thing constructed from a disposable camera:
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.