[OWASP-Ireland] Say hello to the RFID virus - Hype, who knows ?

Chris Madden chris.madden at trintech.com
Thu Mar 16 06:11:13 EST 2006


Interesting article (with equally sensationalist title) and paper on RFID
tags.

"Cellphone could crack RFID tags, says cryptographer"
http://www.eetimes.com/news/semi/showArticle.jhtml?articleID=180201688

Shamir (who put the S in RSA) used power analysis attacks to determine RFID
passwords. Power analysis attacks became more mainstream in 1998 when used
to attack smartcards. There's a seminal paper on this by Paul Kocher.
Fault attacks would probably be successful against RFID tags also.

The easiest way to increase RFID tag security would be to borrow technology
from smartcard security. However, given that RFID tags are generally very
low cost items, it may not make financial sense to increase their security. 
So, RFID tags should be recognized as low/no security items and treated as
such.



"RFID Systems and Security and Privacy Implications"
http://www.eicar.org/rfid/kickoffcd/04%20-%20Hintergrundinformationen/09%20-
%20RFID%20Systems%20and%20Security%20and%20Privacy%20Implications.pdf

Chris

> -----Original Message-----
> From: Brian Honan [mailto:brian.honan at bhconsulting.ie]
> Sent: 16 March 2006 10:29
> To: eoin.keary at ritsgroup.com; owasp-ireland-admin at lists.sourceforge.net;
> owasp-ireland at lists.sourceforge.net
> Subject: Re: [OWASP-Ireland] Say hello to the RFID virus - Hype, who
> knows?
> 
> Hype? Perhaps
> 
> Experts unconcerned by RFID virus
> 
> http://www.vnunet.com/vnunet/news/2152020/experts-unconcerned-rfid-vir
> 
> Brian
> 
> -----Original Message-----
> From: eoin.keary at ritsgroup.com
> Date: Thu, 16 Mar 2006 10:24:22
> To:owasp-ireland at lists.sourceforge.net
> Subject: [OWASP-Ireland] Say hello to the RFID virus - Hype, who knows?
> 
> http://news.bbc.co.uk/2/hi/technology/4810576.stm
> 
> **********************************
>  Eoin Keary CISSP
>  Senior Consultant
>  Rits Information Security
>  2052  Castle  Drive
>  Citywest Business Campus
>  Co. Dublin
> 
>  Tel:  353 (01) 642 0500
>  Fax: 353 (01) 466 0468
>  Email: eoin.keary at ritsgroup.com
>  Web: www.ritsgroup.com
>  **********************************
>  This email contains information which may be confidential or privileged.
> The information is intended solely for the use of the individual or entity
> named above.  If you are not the intended recipient, be aware that any
> disclosure, copying, distribution or use of the contents of this
> information is prohibited.  If you have received this electronic
> transmission in error, please notify me by telephone or by electronic mail
> immediately. Any opinions expressed are those of the author, not Rits.
> This email does not constitute either offer or acceptance of any
> contractually binding agreement. Such offer or acceptance must be
> communicated in writing.
> ---
> Brian Honan
> BH Consulting
> Helping You Piece IT Together
> Tel:         +353-1-8243846
> Mob:      +353-86-8114066
> Email:      brian.honan at bhconsulting.ie
> www:      http://www.bhconsulting.ie
> Support Global Security Week http://www.globalsecurityweek.com
> 
> This message is for the named person's use only. If you received this
> message in error, please immediately delete it and all copies and notify
> the sender. You must not, directly or indirectly, use, disclose,
> distribute, print, or copy any part of this message if you are not the
> intended recipient. Any views expressed in this message are those of the
> individual sender and not of BH Consulting
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting
> language
> that extends applications into web and mobile media. Attend the live
> webcast
> and join the prime developer group breaking into this new coding
> territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> OWASP-Ireland mailing list
> OWASP-Ireland at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-ireland




More information about the Owasp-ireland mailing list