RFID Personal Firewall
Absolutely fascinating paper: "A Platform for RFID Security and Privacy Administration." The basic idea is that you carry a personalized device that jams the signals from all the RFID tags on your person until you authorize otherwise.
This paper presents the design, implementation, and evaluation of the RFID Guardian, the first-ever unified platform for RFID security and privacy administration. The RFID Guardian resembles an "RFID firewall", enabling individuals to monitor and control access to their RFID tags by combining a standard-issue RFID reader with unique RFID tag emulation capabilities. Our system provides a platform for coordinated usage of RFID security mechanisms, offering fine-grained control over RFID-based auditing, key management, access control, and authentication capabilities. We have prototyped the RFID Guardian using off-the-shelf components, and our experience has shown that active mobile devices are a valuable tool for managing the security of RFID tags in a variety of applications, including protecting low-cost tags that are unable to regulate their own usage.
As Cory Doctorow points out, this is potentially a way to reap the benefits of RFID without paying the cost:
Up until now, the standard answer to privacy concerns with RFIDs is to just kill them -- put your new US Passport in a microwave for a few minutes to nuke the chip. But with an RFID firewall, it might be possible to reap the benefits of RFID without the cost.
General info here. They've even built a prototype.
Posted on December 11, 2006 at 6:20 AM • 35 Comments