Technologies for RFID Data Security

— Control it Yourself —
Related Articles
Hacker's Demo Shows How Easily Credit Cards Can Be Read Through Clothes And Wallets
Privacy fears as banks refuse opt out from NFC-enabled cards
Electronic pickpockets can steal credit card numbers out of air
NFC mobile threats on the horizon: What happens when we wave our wallets to pay?
‘Electronic Pickpocketing’ Threat Worsened by Credit Card Industry Plan to Issue 1 Billion Contactless Payment Cards, According to Identity Stronghold
Who's been scanning your credit card?
NEVADA ATTORNEY GENERAL’S OFFICE ...
Bake privacy into NFC chips now, Privacy commissioner says
High-tech way to pay poses security risk
New credit cards vulnerable to electronic ...
Banks Stumble Along Tech Frontier
'Contactless' Credit cards spark concerns ...
Verizon, AT&T & Cisco Talk Up Internet of Things
Wal-Mart's President Says EPC RFID Strategy ...
Wal-Mart Relaunches EPC RFID Effort, Starting ...
RFID: 2010 Will This Be The Year...?
RFID: Can RFID Survive the "Internet of Things"?
Security and Privacy in the Internet of Things
Counterfeiting Intelligence Bureau
Global Theft Costs Retailers and Consumers US$104 Billion Annually
Walmart Announces Sustainable Product Index
New RFID Technology Allows You to be Tracked WITHOUT Your Knowledge
Sensor & RFID Apps of the Future, Part 1
Wal-Mart Radio Tags to Track Clothing
Walmart RFID Clothig Tag Create a Slippery Privacy Slope
IBM CEO on Lessons & Opportunities in Internet of Things
N.H. Reps Pass RFID Privacy Bill
Guidelines on EPC for Consumer Products
European Commission Issues RFID Privacy ...
Zhenuine Introduces Consumer-Controllable ...
Washington State Rep Reintroduces RFID ...
National ID Card and the REAL ID Act
Smart Card Alliance Clarifies Technology ...
Mythbusters Gagged: Credit Card companies ...
How RFID Tag Could Be Used to Track ...
 
Radio-frequency identification (RFID) is a technology that uses radio waves to transfer data from an electronic tag, called RFID tag or label, attached to an object,  through a reader for the purpose of identifying and tracking the object.  Some RFID tags can be read from several meters away and beyond the line of sight of the reader. RFID works in different RF bands and standards in variety of purposes.
RFID The future begins now!

Contactless smart card communicates with and is powered by the reader through RF induction technology. The standard for contactless smart card communications is ISO/IEC 14443. It defines two types of contactless cards ("A" and "B") and allows for communications at distances up to 10 cm. An alternative standard for contactless smart cards is ISO/IEC 15693, which allows communications at distances up to 50 cm. Contactless smart cards that do not require physical contact between card and reader are becoming increasingly popular for payment and ticketing applications such as mass transit and highway tolls. Visa and MasterCard have agreed to an easy-to-implement version that was deployed in 2004–2006 in the USA. Smart cards are also being introduced in personal identification and entitlement schemes at regional, national, and international levels. Citizen cards, drivers' licenses, and patient card schemes are appearing.

Near Field Communications (NFC) traces its roots back to RFID. NFC is a set of short-range wireless technologies, typically requiring a distance of 4 cm or less. NFC standards cover communications protocols and data exchange formats, and are based on existing RFID standards including ISO/IEC 14443 and FeliCa. An NFC-enabled device can operate in reader/writer and peer-to-peer mode, and may operate in card emulation mode. For Example, NFC enabled phones work basically, at least, with existing readers. Especially in "card emulation mode" a NFC device should transmit, at a minimum, a unique ID number to an existing reader; In "reader mode" a NFC device should read a smart card or tag.

NFC devices can be used in contactless payment systems, similar to those currently used in credit cards and electronic ticket smart cards, and allow mobile payment to replace or supplement these systems. For example, Google Wallet allows consumers to store credit card information in a virtual wallet and then use an NFC-enabled device at terminals that also accept MasterCard PayPass transactions. Germany and Austria have trialled NFC ticketing systems for public transport.

Security Concerns
A primary RFID security concern is the illicit tracking of RFID tags. Tags, which are world-readable, pose a risk to both personal location privacy and corporate/military security. Such concerns have been raised with respect to the United States Department of Defense's recent adoption of RFID tags forsupply chain management. More generally, privacy organizations have expressed concerns in the context of ongoing efforts to embed electronic product code (EPC) RFID tags in consumer products.

FOX5 Investigates Electronic Pickpocketing

Shielding
A number of products are available on the market that will allow a concerned carrier of RFID-enabled cards or passports to shield their data. In fact the United States government requires their new employee ID cards to be delivered with an approved shielding sleeve or holder.  There are contradicting opinions as to whether aluminum can prevent reading of RFID chips. Some people claim that aluminum shielding, essentially creating a Faraday cage, does work. Others claim that simply wrapping an RFID card in aluminum foil only makes transmission more difficult and is not completely effective at preventing it.

Privacy
  "How would you like it if, for instance, one day you realized     your underwear was reporting on your whereabouts?"
   —California State Senator Debra Bowen, at a 2003 hearing

The use of RFID technology has engendered considerable controversy and even product boycotts by consumer privacy advocates. The two main privacy concerns regarding RFID are:

          • Since the owner of an item will not necessarily be aware of the presence of an RFID tag and the              tag can be read at a distance without the knowledge of the individual, it becomes possible to              gather sensitive data about an individual without consent.
          • If a tagged item is paid for by credit card or in conjunction with use of a loyalty card, then it would              be possible to indirectly deduce the identity of the purchaser by reading the globally unique ID of              that item (contained in the RFID tag). This is only true if the person doing the watching also had              access to the loyalty card data and the credit card data, and the person with the equipment knows              where you are going to be.

Most concerns revolve around the fact that RFID tags affixed to products remain functional even after the products have been purchased and taken home and thus can be used for surveillance and other purposes unrelated to their supply chain inventory functions.

However, read range is both a function of the reader and the tag itself. Improvements in technology may increase read ranges for tags. Having readers very close to the tags makes short range tags readable. Generally, the read range of a tag is limited to the distance from the reader over which the tag can draw enough energy from the reader field to power the tag. Tags may be read at longer ranges than they are designed for by increasing reader power. The limit on read distance then becomes the signal-to-noise ratio of the signal reflected from the tag back to the reader. Researchers at two security conferences have demonstrated that passive Ultra-High RFID tags normally read at ranges of up to 30 feet, can be read at ranges of 50 to 69 feet using suitable equipment.

NFC Nexus S Demo for RF Reader
 
Removing_the_RFID_in_the_new_Chase_Visa_card
— Don’t Worry, Our Technologies Can Solve All of Problems —

References
Radio-frequency identification, Wikipedia.
Near field communication, Wikipedia.
Contactless smart card, Wikipedia.
About NFC technology, NFC Forum.