rfid security

0

RFID Security & PrivacyNational Institute of Standards and Technology

Tom KarygiannisEmail: [email protected]

Georgia TechNovember 27, 2007

1

Presentation Outline

About NIST

RFID Security

NIST RFID Activities

NIST Guidelines for Securing Radio Frequency Identification

New technologies, new security and privacy challenges….

Discussion

Contact Information

2

NIST Provides Innovation Infrastructure…

NonNon--regulatory agency within U.S. Department of regulatory agency within U.S. Department of Commerce. Commerce.

Founded in 1901 as National Bureau of StandardsFounded in 1901 as National Bureau of Standards

~2900 employees~2900 employees

Nobel Prize Winner in Physics in 1997, 2001, 2005Nobel Prize Winner in Physics in 1997, 2001, 2005

NIST Mission: To promote U.S. innovation and industrial NIST Mission: To promote U.S. innovation and industrial competitiveness by advancing measurement science, competitiveness by advancing measurement science, standards, and technology in ways that enhance standards, and technology in ways that enhance economic security and improve our quality of life.economic security and improve our quality of life.

Provide the measurement “tool box” for the nation– Provide solutions to measurement problems– Try to assure that the necessary measurements and

quality are available to meet the nations most significant needs

Absolute correctness of results is paramount to NIST Labs.

3

The NIST Laboratories

NIST’s work enables• Science

• Technology innovation

• Trade

• Public benefit

4

Food andFood andnutritionnutrition

Law enforcementLaw enforcement

TransportationTransportationPharmaceuticalsPharmaceuticals

Environmental Environmental TechnologiesTechnologies

ManufacturingManufacturing

Computer softwareComputer softwareand equipmentand equipment

BiotechnologyBiotechnologyConstructionConstruction

NIST Serves a Broad Customer Base…

http://images.google.com/imgres?imgurl=http://images.tvnz.co.nz/news/ado2003/pills_perscription.jpg&imgrefurl=http://onenews.nzoom.com/onenews_detail/0,1227,253640-1-6,00.html&h=145&w=145&sz=8&tbnid=12I3IJnEK8EJ:&tbnh=89&tbnw=89&start=60&prev=/images%3Fq%3Dpharmaceutical%2Bpictures%26start%3D40%26hl%3Den%26lr%3D%26sa%3DN

http://www.nist.gov/public_affairs/gallery/tisseng.htm

http://www.nist.gov/public_affairs/gallery/hexpod.htm

http://www.nist.gov/public_affairs/gallery/vrmanu.htm

5

www.time.govbillions of hits daily

volume and flow – measurement based

secure automated banking

electric power metering

NIST provides innovation infrastructure to…

...facilitate trade

Integrity of financial transactions

6

Research Projects in the Computer Security DivisionAdvanced Cryptography (e.g., hash, public key, quantum, light footprint)

Inherently Secure, High Assurance, and Provably Secure Systems and Architectures

Composable and Scalable Secure Systems

Wireless Security

Network Measurement and Visualization Tools

Secure Distributed Systems

Infrastructure for Information Security R&D

Security for Quantum Computing

Foundations of Measurement Science for Information Systems

Biometrics and Cryptographic Identity Verification

URL: http://csrc.nist.gov

http://csrc.nist.gov/

7

INFOSEC Research Council Hard Problem– Enterprise-level security metrics and composable security metrics

Security is an “undecidable” problem– Fundamental Axioms of Security

Every system has vulnerabilities.The system owner does not know all of those vulnerabilities.The system owner does not know all of her adversaries’ capabilities.

– Net resultThere is no “consistent” set of metrics for security.

For real-world systems we must still try to answer:

– How much security is enough?– What are the appropriate metrics? Are there useful metrics?– How can we can compare the relative “insecurity” of two different systems? Two

different configurations of the same system?

How do we measure IT security?

8


About NIST

RFID Security




Discussion

Contact Information

9

RF technology is used in many different applications, such as satellite TV, radio, cellular phones, radar, GPS, and lately in automatic identification systems…

Radio Frequency Identification (RFID) describes the use of radio signals toprovide automatic identification of items and remote data collection

RFID is used for applications such as:– Supply Chain & Retail Item Management– Pharmaceuticals, Healthcare– Asset Identification & Tracking– Security Access Control– Electronic Toll Collection– Railway Car Tracking– Financial applications– Animal Tracking

10

A typical Radio Frequency Identification system will contain tags (transponders) a reader (transceiver) and a host PC that controls the operation of the reader…

RF Energy

Identify

ID

Inventory Tags

Identity – Unique identifier that links specific asset item to a specific information set

Location – Physical location of a specific asset

Status – Summary of activities performed on a specific asset

Condition – Physical condition of asset including environmental exposure and tampering(Active RFID only)

Database

Tag Data

Read/Write

Tag Data

Read/WriteData from Tag

Tag Data

Tag Antenna Reader

RFID Host PC

Passive RFID Illustration

11

Why is RFID an interesting asset tracking and management technology?

Features of RFID:

Read/Write Capabilities (some tags) – Ability to add information directly to tags enables each unique asset to carry its own unique history

Non-contact Reads – Ability to read tags at a distance, under a variety of environmental conditions, without physical manipulation of the asset

Fast Read – Ability to simultaneously read large numbers (1750 tags/sec) of items

Embedded Sensors – Ability to directly capture environmental information

Automation – Requires less human intervention

Authenticity – Each RFID chip is unique and can not be replicated

12

Automatic identification systems mix RFID-unique risks with traditional information technology and network security risks…

Radio Frequency Segment Enterprise IT Segment Extranet Segment• RFID transponders

(active, passive, or hybrid tags)• Antennae• RFID readers

• Many security risks are unique to RFID

• Reader to RFID middleware communications

• Back-end database/application platforms

Traditional IT security risks

• External network services to support RFID business process

Network security risks

RFID Extranet

13

Adversaries design attacks using three key pieces of information about RFID systems…

Active/ Passive

Operating Range

Storage Capacity

Storage Capacity

Tags that have read/write capabilities are generally at higher risk because of on-board data storage

Read-only tags supply just an identification number (license plates) and present lower risk

Active/Passive

Passive tags have short operating ranges, which lowers their risk

Current generations of passive tags generally do not have on-board data storage

Operating Range

Range is governed by several factors including frequency band, antenna type, and transmission power

Active tags generally have a longer range than passive tags and have ranges up to several hundred feet

14

Monitoring the air interface

Modifying/deleting data on the tag

Blocking access to the tag

Permanently disabling tags

The radio frequency segment of RFID systems has several inherent vulnerabilities to be addressed…

15

Threat Model: Effective range depends on transponder type, frequency, antenna size, power emitted by the reader, and finally the surrounding environment

Monitoring the RF Interface

16

Countermeasures: Several techniques are under development to protect the RFID tag read/write process…

Confidentiality – Data encryption on the tag– Encrypting data before sending it to tag

Authentication– Challenge/response authentication– Improved passwords via persistent state– Hash chaining– Randomized hash lock– One-time authenticators

Optimized Air Link Protocols– Randomized tag identity– Anonymous IDs

Monitoring the RF Interface

17

Countermeasures: Several techniques are under development to protect the authenticity of user data on RFID tags…Current security features– RFID tags have very simple logic, usually between 500-5000 total

gates on a typical transponder; this leaves very little capacity for advanced security features

– Symmetric encryption (e.g., AES, SHA1) not possible on today’s tags– Some high-end tags have implemented stream cipher designs, but no

standard low-gate encryption primitives exist in any tag category– Simple password comparisons and XOR comparisons are all that is

typically offered today– Cost is such an important driver that the added cost of security

features might not be feasible in the near term (except for specialty applications)

Future security features– Authenticity, using randomized transaction IDs (for R/W tags)– Advanced authentication– On-board encryption primitives

Modifying/Deleting Data On Tags

18

Countermeasures: Password management mechanisms will need to be developed before tag/reader authentication succeeds…

Current standards– Several categories of tags allow passwords for protecting data (e.g., READ,

WRITE) and command functions (e.g., LOCK, KILL) – These tags all transmit their passwords in the clear between the tag and the

reader, making them susceptible to monitoring and replay attacks– Passwords are also stored in the clear on the tag’s memory– This is true for all cards except for certain contactless smartcards used for

financial transactions

Password management– Currently, no password management mechanism has been defined or

implemented in the RFID community– Most RFID implementations use single group passwords for large numbers of

tags– By implementing individual passwords for individual tags, a password

management mechanism would need to identify unique tags– Therefore password management may be incompatible with privacy objectives

Modifying/Deleting Data On Tags

19

Countermeasures: How can RFID tag data be protected while remaining accessible to valid users?

Unlicensed spectrum– Virtually all RFID system operate in unlicensed frequency bands– Non-infringing use is mandated, but not guaranteed; “survival of the fittest”– Unplanned RF issues must be addressed by contingency planning

RF engineering– Users must engineer systems to work around known RF issues– RFID read/write processes must be defined in a concept-of-operations document– System must be engineered to support specific scenarios (e.g., tag type, tag mounting,

reader type, read orientation and distance)

Tag Blocking– Most tags can be blocked from readers by wrapping them in foil or other material– Tags can also be damaged or destroyed easily– The impermanence of tags needs to be accounted for by contingency planning

Blocking Access To Tags

20

Threat Model: Permanently disabling tags can cause widespread denial-of-service issues…

The KILL command

The LOCK command

Electronic attacks

Physical attacks

Permanently Disabling Tags

21

Electronic and physical attacks on tags can take many forms…

Physical damage– Crushing– Bending– Ripping

Electronic damage– Electrostatic discharge

(e.g., conveyor belts, label application, transport)– High-energy RF– Microwave ovens…

Environmental damage– Most tags have been ruggedized for their environment– Temperature, humidity, shock not normally a problem


22

Countermeasures: How can users protect their system from disruption caused by disabling tags?

Administrative and Operational Controls– Disallow unauthorized users within the read/transmit range of tags– Ensure that only those users with a need have access and rights

to use RFID readers– Regularly audit employees for suspicious activity– Utilize perimeter fencing, guards, and access cards to secure

physical entrances– Develop and test contingency plans for responding to this risk

Technical Controls– Develop and implement password management plan for KILL and

LOCK commands– Permanently LOCK all unused data fields on tags– Validate each tag at multiple points during its life cycle; replace

defective tags as they appear– Research will determine if there are any technical solutions to

mitigate these vulnerabilities


23


About NIST

RFID Security




Discussion

Contact Information

24

NIST RFID ActivitiesInternational and domestic RFID standards policy and guidance – U.S. Government

RFID/smart and wireless sensor network standards

Technical support for other U.S. Government Agencies

RFID in the construction industry

Manufacturing Extension Partnership RFID Community of Practice (support for U.S. small and medium-sized manufacturers)

Future RFID - organic electronics

RFID Eavesdropping and Jamming Analysis Counterfeit RFID Detection Counterfeit RFID Detection

Chip-Level RFID security

RFID-Assisted Indoor Localization

NIST Guidelines

25

RFID Eavesdropping and Jamming AnalysisRFID Eavesdropping and Jamming Analysis (Boulder)

NIST Boulder Electromagnetics Division

Eavesdropping and jamming tests were performed on a High Frequency (HF-13.56 MHz) Radio Frequency Identification (RFID) system.

Tests were performed on a Pegoda Type-A reader, and seven different Type-A tags from 4 different manufacturers.

Eavesdropping (listening in on a transaction between a reader and tag) was successful up to 15 m.

Jamming (incapacitating a transaction between a reader and tag) was successful up to 8 m with 0.3 W using a system that would fit in a suitcase.

Additional jamming tests using a system that could be carried on a person’s body were successful at 5m with less than 3 W of power.

Used off-the-shelf components.

26

Counterfeit RFID Detection Counterfeit RFID DetectionDetect counterfeit RFID tags without modifying manufacturing process. Capturing RFID Electromagnetic Signatures in the field using low cost equipment.

Preliminary work indicates that the electromagnetic signatures of RFID tags can be used to uniquely identify the manufacturer of the tag, and perhaps even specific tags fabricated by the same manufacturer.

Current feasibility study will quantify the differences between the electromagnetic signatures of RFID tags used in the pharmaceutical industry, determine the repeatability of these signatures, and investigate their dependence on orientation, frequency, field levels, and other factors.

M1C1M1C2M2C1M2C2

M1C1M1C2M2C1M2C2

27

Chip-Level RFID SecurityDeveloping standards for RFID chip-level physical security

Assessment of preventative measures

Standards proposals

Verification of solution effectiveness

Three elements of a physical attackContact padsfor IC initialization

Antennacontacts

An IC removedfrom an RFID card

Understand the communication protocol and functioning of the IC– Public-domain information– Observing the functioning of the IC

Determine passwords and data on the IC– Introduction of logical faults, memory manipulation– Physical analysis of the IC

Creation of surrogate RFID cards– Could be as simple as reprogramming

commercially available RFID cardsUsing a laptop to mimic a card

Most difficult stepfor the attacker

28

RFID-Assisted Indoor LocalizationObjective: Locate and track first responders moving throughout a building

Problem: GPS ineffective/unreliable indoors or underground

Approach– Place passive RFID tags at key points in buildings (e.g., each doorway,

each level of stairwell)– Equip first responders with RFID readers– Transmit RFID tag ID over wireless network to Incident Command for last-

known location tracking– Integration with a multihop wireless network (for communication out of

building), Preliminary tests in 11-story office building (NIST Admin)

Features– Low cost– Localization accuracy to known anchor points– Natural extension with dead reckoning technology to provide tracking

between anchor points

29

International and Domestic RFID Standards Policy and Guidance

NIST provides input into developing the U.S. Government’s positions on both technology and policy aspects of RFID standards and standardization– Participates in the RFID Intra-government Working Group, and leads the Standards sub-

committee of this group– Participates in the Dept. of Commerce’s RFID working group– Will coordinate the standards policies of federal government agencies, with those of the

private sector, per the National Technology Transfer and Advancement Act– Participates in standards development activities led by the private sector, and will develop

standards for federal agencies’ IT security requirements, if so requested.

30

Integration of RFID with smart and wireless sensor networks

Fixed and mobile sensors are needed to augment RFID to enhance functionality in applications.

IEEE 1451 suite of standards for sensor data interoperability– NIST leadership, IEEE Sensor Technology Technical Committee and Sensor Standards

Harmonization Working Group – Self–identification and self-description of sensors via Transducer Electronic Data Sheets containing

transducer identification, calibration, correction data, measurement range, and manufacture-related information, etc.

– Engagement with ISO JTC 1/SC 31, IEEE TC9, ITU-T

Unifying smart and wireless sensor standards and RFID standards is essential to achieve interoperability.

Interoperability is the key for success of RFID.

31

Technical support to other U.S. Government Agencies

Personal identification documents– State Dept., DHS and GPO– Materials reliability and

electromagnetic measurements of e-Passports, including eavesdropping and jamming

32

RFID in the construction industry

Locate and manage supplies on construction site– NIST is now working on a larger scale

demonstration

Automated Construction Testbed– Pick and place assembly– Integration of RFID with robotics and laser

scanning systems

33

Manufacturing Extension Partnership (MEP) RFID Community of Practice

Manufacturing Extension Partnership has a nation-wide network of centers to provide support to small and medium-sized manufacturers.

MEP "RFID With Simulation" training module for MEP Center staff to train their manufacturing clients. – The simulation first compares how parts, inventory and work in process is tracked using a

paper-based manufacturing system, then hands-on incorporation of RFID into processes using readers, antennas, tags, equipment and laptops

Great interest in RFID from MEP clients

34

Future RFID – organic electronics

Vision: ubiquitous electronics

NIST is providing the integrated measurement and standards tools needed to accelerate progress in organic electronics.– iNEMI roadmap includes RFID

Advantages for RFID: – Cost – aiming for $0.01 per tag – Large volume (billions and billions of tags) – Lower temperature manufacturing (<120°C), printable

deposition processes– Cheap integration with other functions (display, sensors,

etc.)

sensor pack

power supply

processor &RFID communicationdisplay

Electronics: $0.02

35


About NIST

RFID Security




Discussion

Contact Information

36

Special Publication 800-98: Guidelines for Securing Radio Frequency Identification (RFID) Systems

Special Publication 800-series:– The NIST Computer Security Division’s mission includes advising agencies on

cost-effective methods to secure federal IT systems– Special Publication 800-series documents report on NIST’s research, guidance,

and outreach efforts in computer security

NIST focus on RFID security:– RFID is an immature, but rapidly evolving technology that is being widely

deployed across the public and private sectors ($4.5 billion market in 2005)– RFID security risks are not well documented– Standard engineering and risk management approaches have yet to be

developed for most categories of RFID technology

37

Goals and Objectives of SP 800-98 - Section 1

To assist organizations in understanding RFID security risks and what security controls can help mitigate those risks

To provide real world guidance on how to initiate, design, implement, and operate RFID systems that mitigate risks

To provide security controls that are currently available on today’s market– Not theoretical controls– Not controls that are in development– Not controls that are not widely available

The document is vendor- and platform-independent

The document does not address the advanced authentication and cryptographic features that are incorporated in many smart card RFID systems

38

RFID Technology - Section 2Provide an overview of the field of automatic identification and data capture (AIDC) technologies (which includes RFID)

Describes the basic components of an RFID system:– The RF subsystem (depicted below), which performs wireless identification and

related transactions wirelessly– The enterprise subsystem, which can store, process, and analyze RF transactions– The inter-enterprise subsystem, which connects enterprise subsystems

39

RFID Applications and Requirements - Section 3Reviews the core types of RFID applications and the requirements of these applications:

Application TypeApplication Type Purpose of IdentificationPurpose of Identification

Asset managementAsset management Determine the presence of an itemDetermine the presence of an item

TrackingTracking Determine the location of an itemDetermine the location of an item

MatchingMatching Ensure affiliated items are not separatedEnsure affiliated items are not separated

Process controlProcess control Correlate information with the item for decision-makingCorrelate information with the item for decision-making

Access controlAccess control Authenticate a person (holding a tagged item)Authenticate a person (holding a tagged item)

Automated paymentAutomated payment Conduct a financial transactionConduct a financial transaction

Application RequirementsApplication Requirements

RFID Information CharacteristicsRFID Information Characteristics

RFID Transaction EnvironmentRFID Transaction Environment

Tag Environment between TransactionsTag Environment between Transactions

RFID EconomicsRFID Economics

40

RFID Risks - Section 4

Business Process Risks – risk that failures of the RFID system will impair the business process that the RFID system automates

Business Intelligence Risks – risk that an adversary or competitor could obtain unauthorized access or information from the RFID system

Privacy Risks – risk to personal privacy

Externality Risks – risk to other systems, assets, and people

Factors influencing an identified risk

Factors influencing an identified risk

EXAMPLE

EXAMPLE

41

RFID Security Controls - Section 5

The controls are divided into three sections:– Management controls– Operational controls– Technical controls

Each control is described by four characteristics:– Control– Applicability– Benefits– Weaknesses

Example of a Technical ControlExample of a Technical Control

42

RFID Privacy Considerations - Section 6

Privacy Principles: introduces Organization for Economic Cooperation and Development (OECD) privacy principles

Federal Privacy Requirements for Federal Agencies– Describes privacy requirements for federal agencies– Describes the Privacy Act of 1974, Section 208 of the E-Government Act of 2002,

Section 522 of the Consolidated Appropriations Act of 2005, Administrative simplification requirements of the 1996 Health Insurance Portability and Accountability Act (HIPAA), FISMA, and the OMB memoranda on the implementation of privacy requirements

Applicable Privacy Controls: describes 17 privacy control families from the Federal Chief Information Officers (CIO) Council

Embedding Privacy Controls: provides guidance on incorporating privacy controls in an RFID system

43

Recommended Practices - Section 7Provides 35 recommendations that follow the system lifecycle from initiation to disposition

Describes a security practice

Describes a security practice

Provides a rationale or

discussion for the practice

Provides a rationale or

discussion for the practice

Lists RFID system

components that are impacted

Lists RFID system

components that are impacted

Classifies practice as

recommended or should consider

Classifies practice as

recommended or should consider

Provides a checklist for

implementers

Provides a checklist for

implementers

EXAMPLE

EXAMPLE

44

Case Studies - Section 8

Case Study #1– Topic: Personnel and asset tracking in a health care environment– Perspectives from the fictional Contagion Research Center (CRC)

Case Study #2– Topic: Supply chain management of hazardous materials– Perspectives from the fictional Radionuclide Transportation Agency (RTA)

Each study documents RFID technology as it is used in five life cycle phases:– Initiation– Acquisition/Development– Implementation– Operations/Maintenance– Disposition

45


About NIST

RFID Security




Discussion

Contact Information

46


47

Accountability, Privacy, Anonymity, Convenience

48

The Government Watching the Citizens

More than 600 Chinese cities are launching surveillance systems, including face-recognition software, video cameras in Internet cafes, and "behavior-recognition software designed to spot the beginnings of a street protest and notify police." U.S. hedge funds have invested at least $150 million in the industry in the last year; from 2003 to 2010, the industry projects it will grow from $500 million to $43 billion.

49

Citizens Watching the Government

50

Mobile Devices - New Security Risks: Risk of Theft or Loss, Limited Computing Power, Multiple Access Points, Mobilit, Lack of User Awareness

An estimated 11,300 laptop computers, 31,400 handheld computers and 200,000 mobile telephones were left in taxis around the world during the last six months, a survey found on Monday. January 24th, 2005 Reuters. The survey's findings were extrapolated to reflect the total number of taxis in each city.


51

Video and Camera Phones: Government agencies, corporations, Health Clubs, prohibit their use.

SMS Text and VideoPhone

Cheating in Classroom

“The idea is simple: tell us where you are and we'll tell you who and what is around you. We'll ping your friends with your whereabouts, let you know when friends-of-friends are within 10 blocks, allow you to broadcast content to anyone within 10 blocks of you or blast messages to your groups of friends.” –dodgeball.com


52

Bluetooth: Bluejacking, Cabir/Caribe Virus Emptying the battery in the phone quicker as it tries to beam itself out to other Bluetooth devices, Cell phones running SymbianOS, requires users to accept and execute the downloaded package.

Cell Phone Jammers, Quiet Cars, Hotels, Restaurants, Theaters, Classrooms

Mobile Entertainment, Betting, Multiplayer Gaming, Wallet Phone, bots


53

Disposable PrePaid Cell Phone, Disposable, Anonymity, Inexpensive, Prepaid reduces risk of Telecom fraud, but introduces other security issues.

• VOIP 911 Calls -Special emergency circuit links the call to the Automatic Number Identification/Automatic Location Identification database of phone numbers, names, and addresses.


54

GPS: Rental Car Companies, Commercial Fleet Management, Military, Consumer Electronics

Terms of TAG USE: Your E- ZPasstag(s) may be used on the vehicle(s) specifically listed on this account.

WMATA Smart Trip, Short Range, Tracks time of entry and exit to metro stations, Registered $5, Unregistered Anonymous


55

GPS Child Finder

56

Wireless Vehicular Communication

Interface Devices(Built-in Display, Annunciator,

Microphone, Keypad, etc. connected to the Computer,

which is connected to the IDB)

909.75-921.75 MHzToll & Parking

OBU(Add-on when needed)

5.850-5.925 GHzMulti-Application OBU/w

360 degree antenna(factory installation)

(connected to the IDB)

Computer(factory installation)

(connected to the IDB)

87.5-107.9 MHzFM sub carrier

1575.42 MHzGPS Receiver

Other ITSCommunications

Equipment

Multiple BandsTwo-way Radio

76-77 GHzCollision

Avoidance Radar

2322.5-2345 MHz for XM Radio

Satellite Radio band

1800 to 1900 MHz2.5/3G PCS Phone

(which is connected to the IDB)

InfraredOBU

(Add-on when needed for super high data

rates)

800 to 900 MHzand

1800 to 1900 MHzCellular Phone Antenna

57

Marine Corp Marathon vs. Marine Deployment

What is the difference? Physical possession, tracking and identification

Tell consumer what you will do with the data, and do only that.

NIST Inventory Example

58

What is in the tag? Is it just a number? EPC General Identifier (GID- 96) is the most widely used data format on EPC tags…

Header 8-bits– Identifies EPC’s version number (256 possible versions)– Will allow the extension of EPCs in the future (different lengths or types of EPCs)

EPC Manager 28-bits– Identifies the manufacturer of the product the EPC is attached to (268 million managers)

Object Class 24-bits– Identifies a category or class of objects within a manufacturer (16 million object classes)

Serial Number 36-bits– Uniquely identifies a product within an object class of a manufacturer (68 billion serial

numbers within a class)

http://www.epcglobalinc.com/index.html

59

Brave New World or 1984?

60

Brave New World or 1984?

Orwell feared that the truth would be concealed from us.

Orwell feared we would become a captive culture.

Orwell feared those who would ban books.

• Huxley feared the truth would be drowned in a sea of irrelevance.

• Huxley feared we would become a trivial culture.

• Huxley feared that there would be no reason to ban a book, for there would be no one who wanted to read one.

• Civil libertarians and rationalists who are ever on the alert to oppose tyranny "failed to take into account man's almost infinite appetite for distractions".

61


About NIST

RFID Security




Discussion

Contact Information

62

Tom Karygiannis, NIST, 100 Bureau Drive, MS 8930, Gaithersburg, MD 20899, USA. Email: [email protected], Tel. 301-975-4728

Ajit Jilla, Ph. D., Global Standards and Information Group, NIST, 100 Bureau Drive, MS 2100, Gaithersburg, MD 20899-2100. email: [email protected], Tel. 301-975-5089

Dr. David Wollman, Scientific Advisor, Electronics and Electrical Engineering, Coordinator of RFID Activities, email: [email protected]

Web URLs: – NIST http://www.nist.gov– Computer Security Division http://csrc.nist.gov/

Contact Information

http://www.nist.gov/

rfid security

Business

new security

rfid chip

rfid antennae

features of rfid

economic security

rfidunique risks

nist labs

nist mission