For those of you who like us, seem to read, and try to understand lots of highly technical documents, try the Class 1 Generation 2 UHF Air Interface Protocol Standard Version 1.0.9 (.pdf)
"This EPCglobal Board Ratified standard defines the physical and logical requirements for a passive-backscatter, Interrogator-talks-first (ITF), radio-frequency identification (RFID) system operating in the 860 MHz - 960 MHz frequency range. The system comprises Interrogators, also known as Readers, and Tags, also known as Labels."
This is the standard around which all the big electronics companies are producing their new RFID tag products, with promises of better, faster, more simultaneous tag reads per second, greater range etc.
Points of interest to Privacy / Security campaigners:
- No Encryption of the data between the Tag and the Reader, apart from a 16 bit pseudo random number handshake which tries to hide the transmission of Password or Kill Codes. All the rest of the transmissions are in clear plaintext.
"These commands use one-time-pad based link cover-coding to obscure the word being transmitted, as follows:
Step 1. The Interrogator issues a Req_RN, to which the Tag responds by backscattering a new RN16. The Interrogator then generates a 16-bit ciphertext string comprising a bit-wise EXOR of the 16-bit word to be transmitted with this new RN16, both MSB first, and issues the command with this ciphertext string as a parameter.
Step 2. The Tag decrypts the received ciphertext string by performing a bit-wise EXOR of the received 16-bit ciphertext string with the original RN16.
An Interrogator shall not use handle for cover-coding purposes.
An Interrogator shall not re-use an RN16 for cover-coding. If an Interrogator reissues a command that contained cover-coded data, then the Interrogator shall reissue the command unchanged. If the Interrogator changes the data, then it shall first issue a Req_RN to obtain a new RN16 and shall use this new RN16 for cover-coding. To reduce security risks, this specification recommends that (1) Tags use unique kill passwords, and (2) memory writes be performed in a secure location."
- 32 bit Password (in two 16 bit chunks) - no "3 bad passwords and you are locked out" - brute force Password attacks are feasible - watch out for the theft of high value or restricted items (e.g. military weapons) by being electroncally "re-labelled" remotely, invisibly and undetectably.
- 32 bit Kill Code (in two 16 bit chunks) - The specification suggests, but does not demand, that each RFID tag should have an individual Kill code. Since this implies a lookup to a central or distributed database, with all the logistical network problems that implies, many companies will be tempted to use a common Password and/or a common Kill Code on whole batches or product lines, increasing the risk of a remote, radio based, Denial of Service attack even through the walls of a warehouse or a sealed transport container.
- Better collision avoidance in multiple reader situations - implies lots of possible deliberate Denial of Service attacks on the readers, or spoofing attacks on the stock control systems which the readers feed into.
- Just like WiFi etc. - no authentication of the Reader by the RFID tag - lots of possible Man-In-the-Middle attacks, and there is no way for, say, item level Tesco RFID tags which have not been "killed" at the supermarket checkout till, to only be read by genuine Tesco operated readers, and not also by, say, Marks & Spencer ones, or ones operated by a malicious third party.
Obviously, based on past experience, the actual product implementations of this standard, may have other privacy or security issues, in addition to those listed above.
Please let us know if we are wrong in our interpretation of this standard.
UPDATE: (April 2008) There are now some more updated standards available online at: