You are here: Resources > FIDIS Deliverables > HighTechID > D12.3: A Holistic Privacy Framework for RFID Applications > 
Socio-Economic and RFID technology inherent considerations  Title:
 Technical and organisational security aspects


Reduction of Expenses weakens Capabilities

Resulting from the pressure of cost and the physical manifestation (e.g. small size) the overall resources in terms of energy, storage and computing power available to the RFID are very limited. This makes a simple adoption of well known and studied PETs (Privacy-Enhancing Technologies) which are used in the world of “normal” computers and networks infeasible. Looking for instance at cryptography related solutions, it turns out that many of them tend to have the same problems: the capacity of the cheap tags is too low to apply strong security mechanisms (key sizes are too short, random number generators are not available or do not produce truly random numbers, etc.); the key management is unsolved: how to manage the keys for some millions of things like banknotes, cars, milk-bottles, etc.? 

One way of reducing the costs when producing RFID tags is to rather produce some kind of “general purpose” RFID tag than developing and producing more specialised (or tailored) RFID tags for a given use case. This “general purpose” capability of an RFID tag might sometimes be “hidden” as the producers will “deactivate” some of the functions of the “general purpose” RFID tags to sell them as “special purpose” (i.e. tailored) RFID tags. History teaches that often such things could be “converted back” into “general purpose” ones. One example of negative impact this might have in the area of security is that one can expect that RFID tags in general will not only be readable but also writeable. Moreover the range of RFID transmissions might be greater than necessary for the given area of application of RFID technology etc. 

Many of the proposed solutions for privacy enhanced RFID technologies concentrate on one of the three main layers (physical, network or application layer), but a solution on one layer may be countervailed by an attack on another layer (e.g. pseudonyms on the application layer vs. traceability on the physical layer). Therefore a holistic privacy framework for RFID has to incorporate a multi-layer approach. 

Moreover after “solving” the privacy problems the RFID related research and development can continue to go on in technology directions which are mostly counterproductive for privacy like enhancing the range of RFID tags, enhancing the transmission speed, enhancing of the capability to read a huge number of RFID tags simultaneously, reduction of the vulnerability to failures through environmental influences (like metal or water, jamming signals etc.). The latter even includes the consideration of the requirements of RFID technologies when planning new buildings. It is likely that our surroundings will be planned and implemented “RFID-compatible” within the next decades. 

Eventually the term “RFID” subsumes all kinds of different technologies with very different capabilities, conditions and prerequisites. Moreover it seems to be very difficult to draw a clear line between what belongs to RFID and what not. Resulting from the huge range of different technologies and areas of application involved it seems to be very hard to develop a common holistic privacy framework, which covers the whole spectrum of technologies and applications used. 


Socio-Economic and RFID technology inherent considerations  fidis-wp12-d12.3_Holistic_Privacy_Framework_for_RFID_Applications.sxw  Technical and organisational security aspects
23 / 38