RFID in Libraries


RF-DUMP validates Molnar & Wagner

Filed under: — Laura @ 9:59 am

I know this is old news to most of you. It’s still worthy of a bit of discussion, however. While I was away on vacation there was an interesting little conference, the Black Hat Security Briefings, in Las Vegas. Lukas Grunwald, chief technology officer of DN-Systems Enterprise Internet Solutions, demonstrated the beta version of RF-DUMP .

RF-DUMP, in case you haven’t yet heard about it, is software which enables your laptop or PDA read or write to most standard RFID tags. This makes the malicious rewrites predicted in David Molnar & David Wagner’s paper on library RFID security possible.

Speaking of that paper, David Molnar tells me it’s been accepted for publication in the proceedings of the 2004 ACM Computer and Communications Security conference.

I was going to give you a round-up of the various articles that appeared on RF-DUMP during my absence, but Grunwald already did a nice one on the RF-DUMP web site.

Besides validating Molnar & Wagner’s forecast, the release of RF-DUMP also lends credence to the arguments of various privacy advocates. The EFF and ACLU and various others have rebutted claims that RFID privacy concerns are overblown. Proponents argue that read ranges are too short, that library tags work on a different frequency than commerial tags, the solutions offered by different vendors aren’t interoperable, and that hardware to read/write is too expensive for the average hacker to procure.

RF-DUMP supports ISO 15693 tags. The beta version is a free download. It claims to read many types of tags. Perhaps that sci-fi future that RFID proponents poo-poohed is closer at hand than they thought. The release of RF-DUMP indicates that there are indeed folks out there interested in “breaking” the security of the system. Fortunately these folks are affiliated with research (Molnar/Wagner are at UC Berkeley) and commercial interests, rather than malicious/criminal interests.

The only library vendor that I currently see taking measures to reduce privacy threats is Library Automation Technologies. Other vendors, please correct me if I am wrong. Library Automation Technology has the encryption technology and they will be licensing this to other vendors. Does any vendor have plans to license??


No comments yet.

RSS feed for comments on this post.

Leave a comment

Sorry, the comment form is closed at this time.

Powered by WordPress