As is known in the art, radio-frequency identification (RFID) systems are typically wireless non-contact systems which use radio-frequency (RF) electromagnetic fields to transfer information from an RFID card or tag to a reader, for the purposes of automatic identification and/or tracking.
As is also known, RFID systems are used in a wide variety of different applications including but not limited to evacuation management, security systems, asset tracking, manufacturing, people tracking (e.g. students, employees, etc . . . ).
One vulnerability known to exist in conventional RFID systems occurs when an interloper reader (e.g. eavesdropper 14) or other rogue device eavesdrops on authentic transactions and RF communications between authorized tags and readers. Such rogue devices can access passwords or data using standard, inexpensive lab equipment. Like wiretapping (without the wires) this capability exposes confidential information to others who may put it to new and nefarious uses. Such interloper readers or other rogue devices operate in a so-called “side channel.”
As illustrated in FIG. 1, a typical conventional RFID system 10 includes an RFID card 12 capable of communicating with an RFID reader 14. One or more unauthorized devices 16 intercept and receive information in the RF domain via side channel 18, Such information may include transactional information, such as passwords transmitted during RFID card authentication transactions and/or per data. Accordingly, organizations advocating greater public privacy and security protections have raised concerns over RFID system vulnerabilities in response to efforts to expand the use of RFID enabled documents and devices. These concerns have limited industry efforts to make RFID systems more widely available for a variety of useful applications.
One problem with preventing eavesdropping is that the RFID card must be exposed to the RF domain as part of an interrogation by a legitimate RFID reader. This exposes the card-reader communication (and thus the card-reader transaction) to any unauthorized listener or eavesdropper (e.g. device 16) that might be present. Furthermore since such eavesdroppers are typically passive (i.e. they do not emit any signals), the mere presence of an eavesdropper is undetectable. Moreover, the standoff distance between an eavesdropping device and the card-reader can easily be on the order of ten meters or more.
To reduce vulnerabilities to unauthorized access, a number of techniques have been used including but not limited to: limiting the data stored on the ID cards to not contain information beyond ID numbers that are used as pointers to a record in a database (and thus without access to the database, the ID number is of no consequence); encrypting card information (thus, making the information on the cards useless without the means to decrypt the information); shielding ID cards from eavesdroppers with a protection packet (e.g. using a simple conductive surface placed next to or around a card thereby making it unreadable).
Some RFID devices, such as E-Passports and Mifare cards (i.e. contactless ‘smart’ credit cards, fare cards, etc.), do necessarily contain sensitive information. In practical systems, encryption is not widely applied, even when present in the RFID card and/or reader. Moreover, when encryption is used, the sophistication of the encryption is often at as level such that a determined eavesdropper can defeat the encryption that is currently available. Cards cannot be shielded when presented for their intended use (i.e. use of protection packets for protecting cards from being read when not in use does not offer any protection when a valid transaction is in progress).
Another approach is to provide a system which utilizes a masking signal during an RFID transaction which occurs between an RFID card and an RFID reader. One system which utilizes this approach is described in U.S. pending application Ser. No. 13/027,560, filed on Feb. 15, 2011 and entitled ANTENNA FOR PROTECTING RADIO FREQUENCY COMMUNICATIONS and assigned to the assignee of the present application. The aforementioned application describes protection for an RFID card from electronic eavesdroppers by use of a jamming signal generated by (or around) an RFID reader. A loop antenna and a suitable RFID reader-based masking signal substantially degrade unintended reception while reducing (or ideally minimizing) the impact to the intended reader.
Nevertheless in view of the above-noted vulnerabilities, substantial resistance remains to wider use of RFID cards. It would, therefore, be desirable to provide a system and technique to protect RFID cards presented at a read point from being overheard and cloned or otherwise exploited via side channel and other attacks.