You are here: Resources > FIDIS Deliverables > Profiling > D7.7: RFID, Profiling, and AmI > 

D7.7: RFID, Profiling, and AmI

Non-interactive Authentication and Tracking using RFID  Title:
 The Linkage between AmI, Profiling and RFID


RFID systems*, AmI-systems and Security

Another aspect that has been an issue for debate is the security of RFID systems* when used autonomously or integrated in a larger AmI environment. The target of IT security management is to establish the required level of: 

  1. Confidentiality of the (sub-) system,  

  2. Availability and  

  3. Integrity of the processed data in any operational phase. 

The security of RFID systems* is dependant on: 

  1. The effectiveness of technical security measures for all components of RFID systems* and  

  2. The organisational security of all organisations and individuals that use the RFID system* or take part in it (knowingly, not knowingly or unobserved).  

While the manipulation of databases using especially programmed RFID tags* has already been exploited (Rieback 2006), we do not know of scenarios, where a reader* manipulates already programmed RFID tags* (technical security of already issued RFID tags* seems to be sufficient with respect to this type of attack). But many other, traditional attacks directed to any other component, such as the readers* (for example denial of service) or the networking infrastructure for the data transport (for example man-in-the-middle-attacks*), have to be dealt with when building up security concepts for RFID systems* as well. Organisational measures will always be difficult to implement, as relevant parts of the RFID systems* are physically open accessible (e.g. RFID tags*, readers*, wireless networks) and effective control of the behaviour of all persons passing by will mostly be impossible. Technical security measures will become increasingly important, as they can be implemented and controlled centrally much more easily. 

Another security-aspect of RFID systems* will gain increasing importance when integrating RFID systems* in AmI-systems. As those systems interconnect with supporting services and a number of technical systems behind this, these supporting systems will affect the security of the AmI- and the RFID systems* as well. It is likely that these supporting systems will be operated by different service providers, so there is no central control from the perspective of security over the AmI- and RFID system*. To establish multilateral security in interconnected systems according to ISO/EIC 27001, all participating parties need among others:

  1. Co-ordinated security concepts,  

  2. Mutual contracts to ensure the implementation and  

  3. Appropriate mutual audit schemes.  

In any case, the establishment of information security in an AmI-environment using RFID systems* will be no trivial task, due to the technical and organisational complexity. This will affect professional operators of AmI-systems like in a shopping mall as well as persons operating a smart home. 



Non-interactive Authentication and Tracking using RFID  fidis-wp7-del7.7.RFID_Profiling_AMI_02.sxw  The Linkage between AmI, Profiling and RFID
Denis Royer 8 / 43