NIST Releases Guidelines For Ensuring RFID Security

Companies planning to deploy RFID technology must also be cognizant of security and privacy issues, according to report from National Institute of Standards and Technology.

GAITHERSBURG, Md. – Companies planning to use radio frequency identification (RFID) technology to improve operations should also be aware of possible security and privacy risks, and use the proper security controls to minimize these risks, according to a new report from the Department of Commerce’s National Institute of Standards and Technology (NIST).

“RFID tags, commonly referred to as smart tags, have the ability to improve logistics, profoundly change cost structures for business, and improve the current levels of safety and authenticity of the international pharmaceutical supply chain and many other industries,” said Under Secretary of Commerce for Technology Robert C. Cresanti.

RFID devices send and/or receive radio signals to transmit identifying information such as product model or serial numbers. Unlike bar coding systems, RFID devices can communicate without needing a line of sight and over longer distances for faster batch processing of inventory, and can be outfitted with sensors to collect data on temperature changes, sudden shocks, humidity or other conditions affecting products.

As RFID devices are deployed in more sophisticated applications from matching hospital patients with laboratory test results to tracking systems for dangerous materials, concerns have been raised about protecting these systems against eavesdropping and unauthorized uses, the report notes.

The NIST report offers this list of recommended practices for ensuring the security and privacy of RFID systems:

• firewalls that separate RFID databases from a company’s other databases and information technology (IT) systems
• encryption of radio signals when feasible
• authentication of approved users of RFID systems
• shielding RFID tags or tag reading areas with metal screens or films to prevent unauthorized access
• audit procedures, logging and time stamping to help detect security breaches
• tag disposal and recycling procedures that permanently disable or destroy sensitive data.

Click here to view the full report.