Radio-frequency identification (RFID) is an automatic identification method, relying on storing and contactlessly retrieving data remotely using devices called RFID tags or transponders. An RFID tag is an object that can be attached to or incorporated into a product, animal, or person for the purpose of identification using radio waves. Chip-based RFID tags contain silicon chips and antennas. The use of RFID tags is becoming commonplace for tracking products from a manufacturing site, through the supply chain, to the consumer. RFID tags carry information useful for inventory management, location tracking, theft prevention and more. However, RFID tags provide a potential avenue of attack for anyone wishing to disrupt the intended function of a tag, even causing serious undesirable consequences to larger systems. For example, it is possible to infect an RFID tag with a virus that is passed on to a back-end system when the RFID tag is read. The paper “Is Your Cat Infected with a Computer Virus?” (M. R. Rieback, et al., Vrije Universiteit Amsterdam, PerCom2006) describes creating a self-replicating RFID virus that uses RFID tags as a vector to compromise back-end middleware systems, for example via a SQL injection attack.
FIG. 1 is a block diagram of a prior art system 100 including a radio-frequency identification (RFID) tag reader 102. An RFID tag being read by the reader 102 includes malware 103. As used herein, malware includes specifically tailored or modified RFID tag data designed to infiltrate or damage a system without the owner's informed consent. As such, malware may include any manipulation of or addition to the intended RFID data, including viruses, worms, Trojan horses, and data that may be valid but incorrect (for example data identifying a box of ammunition as fishing tackle). The system 100 is typical of enterprise systems such as warehouses or retail that include an enterprise back-end consisting of one or more databases or enterprise applications 110, 112 and 114 that store, for example, one ore more enterprise applications. The back-end communicates with the external world via one or more networks and also employs one or more middleware servers 106 for this purpose. In addition, there may be any number of communication routes from the back-end to the external world, such as one or more edge servers 108.
The reader 102 is coupled to a reader control unit 104. The control unit may be integrated into the reader itself (tight coupling) or a separate server controlling one or more readers (loose coupling). When the RFID tag and its malware 103 are read, the tag data and malware 103 are passed to the middleware server 106. The middleware server 106 communicates the tag data and malware 103 to the back-end, where the malware 103 is free to infect any back-end system databases 110, 112, or 114 susceptible to this specific attack.
RFID tags, in addition to being potential virus carriers, are vulnerable to manipulation by persons wishing to alter the data on the tags for various reasons. There are many undesirable implications to making an RFID tag look “correct” while conveying incorrect information. For example, RFID tags on contraband material may be altered to make the material appear as non-contraband material.
Some vendors currently use proprietary encryption schemes to protect RFID tag data from unauthorized read or write access. However, this does not necessarily prevent malicious alteration of RFID tag data. Also, some of the encryption schemes in use are weak due to the limited storage and processing capabilities present on RFID tags. Some of these encryption schemes have already been broken. In addition, some groups concerned with individual privacy rights have been working on methods for preventing RFID tags from being read by RFID readers in an individual's environment. Such methods operate on the RF interface, for example to block or scramble signals. However, methods operating over the air do not lend themselves to complex and feature-rich solutions for RFID security as there is no obvious transmission medium where a gatekeeper could be placed. Attempting to manage RFID security via the wireless RF interface poses potentially unmanageable technical difficulties.
There is an unaddressed need for a system and method that minimizes the likelihood of infection of larger systems by malware carried into the system on RFID tags. There is also a need for a system and method that addresses malware and also facilitates RFID system audit capability, including escalation and documentation of malware detection incidents. Furthermore, there is an unaddressed need for a system and method using simple security stamps to manage RFID tag data integrity without applying complex data encryption schemes which are difficult to manage and require considerable storage space.
In the drawings, the same reference numbers identify identical or substantially similar elements. To easily identify the discussion of any particular element or act, the most significant digit or digits in a reference number typically to the figure number in which that element is first introduced (e.g., element 110 is first introduced and discussed with respect to FIG. 1).