the trusted core of the personal electronic device relates to the owner’s important information. If we have not made things too confusing, you may have guessed that the personal electronic device, being a computer, may have its own trusted platform module to store the device’s important information, such as cryptographic keys used to guarantee that communication with the device is indeed coming from it. Considering a personal electronic device with both a trusted platform module and a smart card, we see that we have two sources of trust; one in the integrity of the device’s identity and one in the integrity of the owner’s identity.

To promulgate an attack against wired communications, an intervention in place is required. This is typically much more difficult than with wireless communications, where radio equipment can be set up at a distance. Consequently, attacking an RFID token is easier than attacking a smart card with contacts. The signal of the token can be intercepted by any device in the vicinity, the distance being dependent on the type. Moreover, as it happens, the RFID token has a very different filiation than smart cards in terms of security.

Originally, an RFID token was not a security product. The primary intent of the token was to transmit set information within applications that were not thought of as security applications; for example, the tracking of goods in a supermarket or of parts in a factory. Now-familiar applications such as the radio tag used to pass the toll booth on the highway or the employee tags used to open doors of facilities came later. These latter applications are obviously related to security. Even so, the security is largely limited to the novelty of the device when it is first introduced. It takes some time for hackers to become familiar with new technology. Even today, there is very little security in the highway RFID tag and many employee RFID tags. The tracking of goods and parts may not have been considered as security applications initially. However, it turns out that they are related to privacy, and privacy is in turn related to security because security is required to protect privacy. The recent eruption in the market of RFID tokens in hundreds of million of units has created something of a social backlash related to privacy. A typical book on the subject is The Spychips Threat: Why Christians should Resist RFID and Electronic Surveillance, by Katherine Albrecht and Liz McIntyre. The objection to RFID tokens comes from privacy advocates who see RFID token tracking accompanied by vast databases as a means to spy on goods. Since goods (content) can be related to people, this can eventually lead to spying on people. As a result, RFID tokens will likely be forced to evolve in the direction of enhanced security, which means coupling the radio part of the RFID token with a secure core. This is the most likely way to restore trust in the RFID token itself. Of course, as with any secure core, the security and privacy of a new secure core RFID token can only be extended to the general environment if their trusted cores talk to other trusted cores following rules conducive to trust in a global process accepted by all parties. Today, there are few databases protected by secure cores, so the issues of RFID token privacy and security will be with us for some time to come. We will come back to that discussion in Chapter 9.

Let us come back to the quintessential secure core, the contact smart card. As we’ve discussed already, smart cards have followed an evolution towards using radio waves for communication that has brought them closer to RFID. This happened when smart cards were coupled with antennas for secure applications requiring both high levels of privacy and radio communication; for example, in electronic passports. In such passports, the secure core is a contactless smart card, not an RFID token. However, the world of marketing being what it is, RFID advocates have claimed passports chips as their own in order to boost the security image of RFID. This is perhaps good marketing intent, but it appears that the effect has been to lower the perception of the security of contactless smart cards rather than boost the perception of RFID. In any case, as with all communication channels, it creates noise that certainly makes our book harder to follow. In an effort to be clearer, whether we’re talking about contactless smart cards or RFID tokens, the radio

Book available at Midori Press (regular)
Book available at Midori Press (signed)
Book available at Amazon (regular)