RFID tags use a standard that has already been hacked by several researchers. RFID Security discusses the motives for someone wanting to hack an RFID system and shows how to protect systems.
Coverage includes: security breaches for monetary gain (hacking a shops RFID system would allow a hacker to lower the pricing on any product products). How to protect the supply chain (malicous/mischievous hackers can delete/alter/modify all identifying information for an entire shipment of products). How to protect personal privacy (privacy advocates fear that RFID tags embedded in products, which continue to transmit information after leaving a store, will be used to track consumer habits).
The purpose of an RFID system is to enable data to be transmitted by a portable device, called a tag, which is read by an RFID reader and processed according to the needs of a particular application. The data transmitted by the tag may provide identification or location information, or specifics about the product tagged, such as price, colour, date of purchase, etc. .
* Deloitte & Touche expects over 10 billion RFID tags to be in circulation by the end of 2005
* Parties debating the security issue of RFID need information on the pros and cons of the technology and this is that information
* Little competition in a market desperate for information
Chapter 2: RFID Use Cases
Chapter 3: RFID Processes
Chapter 4: Threat Modeling for RFID Systems
Chapter 5: Target Identification
Chapter 6: RFID Processes
Chapter 7: Tag Encoding Attacks
Chapter 8: Tag Application Attacks
Chapter 9: Attacking the Air Interface
Chapter 10: Attacking Middleware Communications Chapter 11: Attacking the Directory
Chapter 12: The Four Disciplines
Chapter 13: Vulnerability Management
Chapter 14: Identity Management in RFID
Chapter 15: Trust Management
Chapter 16: Threat Management
Frank Thornton runs his own technology consulting firm, Blackthorn Systems, which specializes in information security and wireless networks. His specialties include wireless network architecture, design, and implementation, as well as network troubleshooting and optimization. An interest in amateur radio helped him bridge the gap between computers and wireless networks. Having learned at a young age which end of the soldering iron was hot, he has even been known to repair hardware on occasion.
In addition to his computer and wireless interests, Frank was a law enforcement officer for many years. As a detective and forensics expert he has investigated approximately one hundred homicides and thousands of other crime scenes. Combining both professional interests, he was a member of the workgroup that established ANSI Standard "ANSI/NIST-CSL 1-1993 Data Format for the Interchange of Fingerprint Information."