RFID embedded in prisoners

By gbc3 at 12:48 pm on January 13, 2008 | 5 Comments

The UK has proposed to embed offenders with RFID chips as part of an expansion of the electronic tagging scheme that would allow British officials to to help enforce home curfews.  This sort of tagging already exists within pets like cats and dogs that have been properly licensed. The RFID tag will contain information about who they are, where they live, and the offending record. The use of this technology will be used to keep certain criminals out of certain hot zones at which a crime may occur, for example, a sex offender, entering a school zone. 

Summary

The tags, injected into the back of the arm with a hypodermic needle, consist of a toughened glass capsule holding a computer chip, a copper antenna and a “capacitor” that transmits data stored on the chip when prompted by an electromagnetic reader. RFID unlike GPS, has a very small range of where it can read depending on the field of vision and any objects obstructing the line of sight between the reader and antenna of the RFID chip. So unlike in Casino Royale with Mr. Bond injected an RFID chip and that can be read anywhere in the world, these users will only be susceptible to tag reads in the presence of an RFID reader. And with it embedded in their body, the distance is probably not as great as a few meters. However, the distance of what a tag can be read is not as important as the information responded by the chip.

Unless they plan on injecting a new chip everytime a new crime has occured for a specific individual, you can assume that they have a way to modify the existing metadata stored on the chip remotely. If an government official has the ability to modify the data on the chip, you can be sure that such a method can be done from anyone who knows how and has the technology to do so. Unfortunately there is no more information about how they store the records or if the data is encrypted on the chip, so we will have to speculate both sides for this security review.

 Assets

  •  The prisoners themselves. Although from one perspective, they are the ones who’s criminal data will be exposed to anyone who can decrypt or read their tags, they are also the ones who do not want to be exploited.
  • The general public. One of the movements for this upgrade is to increase the security so that there is a stronger motive to not commit a crime by the ones who have been tagged.
  • The UK government, or any organization that is presing for this upgrade. Their reputation is at stake on the success of this project / proposition.

Adversaries

  • The prisoners themselves. They will want a way to abuse or deny the functionality of the tag to slip under the radar of the tracking system.
  • Malicious hackers. People who want to forge these records can put them on any RFID tag, the fact that it is injected into the body has nothing to do with the outcome of the read of data, except maybe the strength of the read. A hacker, could duplicate a criminal record and write that to a new RFID tag and place that onto someone else.
  • Human rights activists. Anyone who would want to prove that the security of this system can be abused could find a way to do so to prove a point.
  • IT employees controlling the infrastructure of the readers. Although the likelyhood of any member controlling these systems would go rogue, it is a possible weak spot for controlling the environment of who is read and who is not.

Weaknesses

  •  RFID tag ids (response code) can be easily replicated. Just having tag reads of the same convict running around in multiple areas will add confusion to the scenario if a crime is committed.
  • If the response code from the RFID tag is in plain text of their information, anyone walking by with a RFID reader could obtain the information and read it on the spot.
  • If the RFID tag can be modified, after it has been implanted anyone with the technology and knowledge could re-write the metadata stored on the chip. As well they could change who they are, or have it deactivated.
  • Most RFID chips have a kill switch, so once triggered they would be useless and report nothing.

Defenses

  • To ensure tampering with any of the metadata or kill switches on the chip, there should be a strong sense of authentication before allowing the RFID chip to go into write mode. The key to unlock this functionality should be stored in a non-remote accessible network so that, there is no risk of having a hacker obtain a security key that could unlock the write functionality of every issued prisoner.
  • To increase security, the private key to unlock the write method should change either on time, or per user, this will ensure that one key does not unlock all chips, but just a specific one. Doing so will help isolate this crime.
  • Instead of having the meta information stored on the chip, the response code should be a reference ID which could be looked up in a secure database for the meta information. This would minimize the amount of forgery a user could do to put on their chip. Even though they could change the response code that the information referenced would be incorrect, they would not have the means to create their own criminal record on the chip.
  • Tracking who has purchased and is currently using an issued RFID reader that has the ability to decrypt the prisoner’s RFID tag. In a similar case, RIM requires users who want to ‘sign’ code to register their information so that in the case of malicious intent of code ran on a devise is reported, they can track who signed that code. In a similar sense, reader’s gone missing, could be reported, and could isolate who has access to read the encrypted data.

Conclusion

The main controversy in this proposition is strictly around the privacy of an individual and the safety of the general public. Although I think those are very important details to work out, there is very little to no mention about the security of what a malicious user may be able to do in such an embedded RFID infrastructure.

There are many ways around the current RFID technology, mainly the biggest issue is replicating tag information. To ensure that information is not forged, there should be a way to ensure the integrity of the data, and assume the people reading their information are properly authenticated.

Filed under: Availability,Integrity,Privacy,Security Reviews5 Comments »

5 Comments

  • 1
    Get your own gravatar for comments by visiting gravatar.com

    Comment by nnunley

    January 13, 2008 @ 6:16 pm

    To add to this review, I think that in order for this RFID tagging to be effective, there needs to be some regular method of determining whether the tags are still functional or uncompromised. It sounds relatively easy for an adversary to simply break or remove the device, in which case tracking the id is useless. This seems like it would have to require regular check-ups with the felons in order for the tagging to be of any use, which sounds relatively more involved. The scheme could also be used to unfairly discriminate against former criminals. For example, a business could potentially decline clients based on their criminal history, and actually anyone with a scanner could obtain information that may not be public knowledge. Also, this seems to be one large step forward on the path to government mass surveillance.

  • 2
    Get your own gravatar for comments by visiting gravatar.com

    Comment by backgroundcheck

    February 6, 2008 @ 1:04 pm

    Public safety issues with the potential of benefiting the masses should always trump concerns for limited system abuse.

    Aside from the personal impact crime has on it’s victims, sheer economics dictate that stopping a crime before it has a chance to occur is much cheaper than investigating, apprehending, adjudicating, and incarcerating after the fact. RFID could play an effective part towards that end.

  • 3
    Get your own gravatar for comments by visiting gravatar.com

    Comment by P Connor Blog

    February 14, 2008 @ 1:59 am

    That initiative by the British government is a deservedly commendable one, how I wish other countries may take a cue.

  • 4
    Get your own gravatar for comments by visiting gravatar.com

    Comment by diademed

    February 15, 2008 @ 7:40 pm

    In regards to the statement that ‘Public safety issues with the potential of benefiting the masses should always trump concerns for limited system abuse’, I don’t think I could disagree more.

    There comes a point at which the greatest possible gain for public security / safety that could possibly result from removing a modicum of freedom is so slight in comparison to the degree that it will affect freedom that it most certainly should not be brought into execution.

    Absolutely nothing should always trump concerns for even the most limited system abuse. The concept of ‘Security’ is not a paranoid reach for the most tightly bound system, even though at times it may feel like it. Security, or rather, proper security is an art of balancing freedom and safety. Checks and balances should always be in place to prevent the abuse of any system, but the checks themselves should not be accepted without first carefully considering the consequences.

  • 5
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Nemzeti Sport

    July 20, 2008 @ 5:35 am

    The British government deserves a commendation for taking actions on public safety issues. This only means that its place is one of the better place to live in.

RSS feed for comments on this post