here. Requires Adobe Acrobat Reader,

free download.]

Low-cost radio frequency identification (RFID) tokens, like contactless smart cards or key fobs are gaining widespread adoption for use in a range of innovative and cost-effective applications including transit, access control, ticketing and payments. To date, the security on these applications has been limited to simple PIN-based and symmetric key-based systems. However, the well-known security vulnerabilities of these systems have restricted these applications to small-scale, closed systems.

For many traditional RFID applications such as supply chain management and transit passes, strong security has taken a back seat to cost, performance and usability. However, the demand for new functionality that allows for application expansion as well as business growth is putting security back in the spotlight.

Unfortunately, the cost parameters haven't changed. To compete, RFID manufacturers will need to find new, innovative security solutions.

First, let's look at what limited security options exist today for some of the more popular single-function RFID devices like the Mobile SpeedPass. Until now, symmetric key technologies have been the only security option because of the cost and size constraints of the RFID environment. Symmetric key technology ties all the devices together with a “shared secret,” and while this technology does provide adequate fraud protection on a small-scale, single-function device, it does not perform as well once the device is used for multiple applications involving multiple parties. The reason for this is simple: in a symmetric key system, compromise of any trusted element of the system compromises the entire system. For companies looking to partner, this threat is too great. It poses high risks such as potentially substantial losses due to fraud, brand corruption, and compromised proprietary corporate information in the event an attack is successful.

Another drawback of symmetric-key protocols is that they simply do not scale, nor extend securely, to multiple applications that do not share a central controlling security organization. Security needs to provide the ability to both scale smoothly up to support very high security financial applications and scale smoothly down for more inexpensive single-application markets.

Public key security is a better security option for the next generation of RFID devices. It ensures confidentiality, user authentication and privacy of all exchanges. Before public key technology, vendors had to choose between inexpensive, insecure tokens or expensive, high power draw, slow tokens. Now vendors can deliver payment capability on tokens for traditional RFID applications such as ticketing, access control, and fueling and payment applications.

Using public-key security, data can be stored on a token, thereby allowing companies to implement anti-passback capability and dynamic re-keying where specific readers can rewrite the token's credential on the fly.

Dynamic rekeying, or “key recertification,” allows integrators to issue a new credential/signature on a token verifying its authenticity. This is a simple function to implement using public-key cryptographic techniques, and it allows integrators to put a variety of new features in place, including the ability to reclassify divisions or employees as a result of mergers, acquisitions or spin-offs. In a symmetric-key model, the system has to maintain a synchronized database of keys or run the risk of an attacker cracking a reader and forging tokens. Another key benefit of public key-enabled readers is that they can provide strong authentication in “off-line” mode with the fast response time that enterprises, consumers and merchants demand. This enables low-cost terminals for micropayments like quick service retail, vending and kiosks and eliminates the requirement for “always-on” connectivity. Elimination of on-line requirements is an especially important consideration outside North America, where communications are expensive and/or unreliable.

For systems integrators, the value is clear: The additional functionality enabled by cryptographically secure storage on a token allows integrators to develop higher-value products and services to their customers, while lowering the cost and complexity of back-end systems infrastructure.

Public key security eliminates the risk of someone corrupting an entire multi-vendor RFID system by ensuring that every entity involved in a secure transaction is uniquely keyed. In a public key system, two keys are involved — a private key, which only the user has access to, and a public key which can be accessed by anyone.

The two keys work together, so a message scrambled with the public key can only be unscrambled with the privatec key. If the keys do not match, the message cannot be unscrambled. As a result, the following benefits ensue:

Fraud reduction — Reduce the potential for use of counterfeit tags and readers, as well as malicious attacks against applications and services.

Key management and distribution — Reduce cost of securing and managing centralized key storage, key distribution, and recovery from system compromises.

Privacy — Meet consumer demands for less intrusion, protection against identity theft and limited distribution of personal data and/or behavioral information.

One excellent example is modern transit systems. It can be argued that this low-end application presents an even greater risk than high-end applications, as it involves mass-scale transactions seldom checked for accuracy. (This is changing significantly due to 9/11.)

For example, manufacturers of contactless ICs have been quick to realize the benefits of RFID technology over barcode-based systems in public rail systems where there is a high throughput of travelers. Contactless cards do not have to be swiped, allowing faster access and less waiting for travelers. The subsequent speed and service related benefits are very attractive.

However, the current vulnerabilities of these symmetric key-based cards are substantial. To meet the high throughput required, the readers contain an embedded-system master key for authenticating each card. If just one of the many readers in the system is compromised, counterfeiters can easily manufacture fraudulent cards and sell them at discounted prices, or use them for terrorist or other subversive acts.

The individual values might be low, but the overall size of the market is very large. For example, daily revenues of Hong Kong's Octopus transit card exceed $7 million. And, extrapolating, the same vulnerabilities exist in building access passes, fueling key fobs, and city cards.

This risk is multiplied if manufacturers and integrators want to extend the functionality of these transit cards to support multiple businesses within the transit system, such as shop owners and food stands. Extend the cards's functionality by allowing users to conduct transactions at affiliated merchants, and the value of that card significantly increases. Also, imagine how this same type of card could be used in an airport, an amusement park or a shopping center. In fact, such security-enhanced devices can revolutionize RFID in a place where tags and tickets are essential — airports.

Some airlines have conducted trials that replaced barcode-based baggage labels, which had a read-rate of only 70 percent, withs RFID labels that have a >99 percent read-rate. The subsequent efficiency gains make a persuasive business argument. There are other benefits, too. For example, RFID allows the baggage of a missing person on a flight to be immediately identified and removed, eliminating the need for all bags to be unloaded and all passengers to disembark and identify their bags.

Such improvements are particularly important during the current climate of rigorous and time-consuming security checks, especially considering the case of the bombing on Pan Am Flight 103 over Lockerbie, Scotland in 1988, where the bomb was traced to a suitcase that did not belong to anyone on the aircraft. And, in view of today's increased terrorism threats and heightened security, such enhanced security is no longer an option.

But, while such indirect security benefits are to be welcomed, they are not enough. What if there is no way of authenticating the information on such tags, or of proving that they have not been tampered with? What's to stop anyone from hacking any system and claiming any bag as his or her own, or of tampering with baggage after it has been checked in? Again, the solution is public key security.

With a cost-effective public key security solution for RFID devices, airlines could accelerate the passage of higher value, lower risk passengers through security checkpoints by encrypting the information on their frequent flyer cards or tickets to provide authentication of their identity. Such a system would be fraud-resistant. It would also increase efficiency, improve the traveling experience of high value customers, and improve the speed of security checks, thereby creating great brand loyalty.

While public-key reduces fraud and the potential of malicious attacks, the technology also needs to be small enough to fit into these tiny devices. Until now, the only public key solutions available required a large hardware footprint — too cost-prohibitive for low-end RFID tags and labels. A small, scalable, cost-effective public key technology is needed.

For this issue, solutions are on the horizon. New substrates, manufacturing processes and miniaturization promise low cost, low-profile solutions. Additionally, low-power devices and flexible power sources will soon offer even more opportunity for high-tech RFID devices.

Further, a public-key solution that can eliminate expensive co-processors on high-end RFID devices like contactless smart cards will completely reshape the industry. Where every fraction of a cent matters, a public key solution that eliminates the cost burden of strong, scalable security without compromising performance will revive this nascent industry.

Innovation is the catalyst for success in the highly competitive RFID market. Strong security has emerged as the leading requirement for RFID manufacturers and integrators looking to differentiate their products and applications. The combination of strong security with very low price points creates opportunities for new applications and drives unit demand in price-sensitive RFID markets. Strong, scalable public key security enables vendors to capture new markets and drive up revenues, profits and market share.

Jon Karlen is the general manager for NTRU's RFID and smart cards organization. Karlen has extensive experience guiding the development of early-stage technology companies. Prior to joining NTRU, he worked as an associate at Greylock, where he evaluated new investment opportunities and provided strategic management support to existing portfolio companies. Previously, Karlen was employed as an equity research associate at Montgomery Securities. He holds a B.A. from Harvard University and an M.B.A. from Stanford University. He can be contacted at jkarlen@ntru.com

A public key cryptography system provides a secure and trusted environment by meeting four key requirements of security:

• Confidentiality (or Privacy) — assurance that nobody can listen in.
• Authentication — assurance that the parties you are doing business with are who they claim to be.
• Integrity — assurance that information you send or receive is not tampered with on its journey.
• Non-repudiation — assurance that agreements are legally binding.

A public key cryptosystem uses asymmetric cryptography to ensure confidentiality, digital certificates to ensure authentication, digital signatures to guarantee integrity and the combination of digital signatures and certificates to deliver non-repudiation.

Each individual in a public-key cryptosystem is given a ‘key pair’ comprising a private key and a public key. These key pairs are linked mathematically and each pair is unique. The originator of a message or transaction digitally signs the message or transaction using the private key. The digital signature is proof of that user's identity — the equivalent of a handwritten signature. The recipient of the message uses the corresponding public key to verify the signature. Because it is the one and only matching key, only it can verify the signature and provide proof that the originator is who he claims to be, as well as checking that the data has not been changed in any way.