RFID in Libraries

6/8/2004

Draft Paper on Library RFID Security/Privacy Risks

Filed under: — Laura @ 12:53 pm

I’m happy to announce that David Molnar has released his draft paper on security and privacy issues with library RFID. David is a Berkeley doctoral student in electrical engineering, and he wrote the paper with his advisor David Wagner. He is looking for comments on the draft, contact info is on the PDF.

It’s not too technical to understand and it should be required reading for any librarian considering RFID. He does a great job outlining the types vulnerabilities inherent in the tags. These include:

  • eavesdropping on the wireless communication between readers and tags
  • static identifiers at the hardware-layer. These identifiers help readers perform “collision-avoidence” when simultaneously reading multiple tags.
  • authorized tag writing on re-writable tags, or “session-hijacking”

It would take a lot of leg-work to violate the security of a library RFID system. But we can’t rely on the laziness of hackers. David uses a great phrase for this: “security through obscurity.”

This document will be very useful for the development of library best practices - Kudos!

Comments »

No comments yet.

RSS feed for comments on this post.

Leave a comment

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

(required)

(required)


Powered by WordPress