Year
2010
Abstract
Radio Frequency Identification Devices (RFIDs) are tags that transmit a fixed, supposedly unique serial number when excited or powered on. These devices are useful for inventory purposes, i.e. counting and locating assets when there is no malicious adversary. They provide, however, no reliable information about theft, tampering, or diversion for material control and accounting (MC&A) purposes or other security and safeguards applications. This is because they are not security devices, and can be easily spoofed. It is, for example, easy to counterfeit RFIDs, \"lift\" them, tamper with the RFID reader, or fool the RFID reader with fake radio frequency signals sent from a distance. (\"Lifting\" an RFID tag means removing it from one object or container and placing it on another without being detected.) This paper discusses physical and electronic RFID vulnerabilities, including a generic discussion of inexpensive attack methods and resources readily available to an adversary. The use of RFIDs for nuclear safeguards is, we believe, an example of the common problems of confusing inventory with security, and treating security as an afterthought.