Abstract
The last years saw the introduction of contactless smartcard technology in prominent projects like ticketing for WC2006, nation-wide public transport solutions and electronic Passports. Currently major implementations of RFID in logistics and NFC-based ticketing and payment solutions are under preparation.
Especially above mentioned prominent projects have been confronted with significant public criticism. Influential parts of the society and the authorities had and still have the perception that contactless chip technology and RFID may not be secure and mature. This leads to the following situation:
-
1.
Uncertainties concerning public response and customer acceptance are hampering the introduction of RFID systems
-
2.
The data protection authorities are proposing dedicated legal rules for RFID usage.
By launching the project “Technical Guidelines RFID” the German Federal Office for Information Security (BSI) suggests an approach that considers and fulfills the legitimate interest of all involved parties: Citizens resp. customers, service providers and suppliers of RFID systems.
This year BSI will issue 4 Technical Guidelines for usage of contactless chip technology and RFID in major application areas: Event Ticketing, Ticketing in Public Transport, NFC-based Ticketing and Logistics.
These Technical Guidelines will contain technical advice on how to implement a system in a functional, secure and economically viable way. Potential threats for the system owner and the users are depicted, discussed and countered by appropreate security measures. Remaining risks will be described. All proposed solutions are based on standards or open specifications.
Gaining the acceptance from all parties is the most important project goal. An open discussion and integration of all potential contributors is a corner stone of BSI’s concept.
Therefore the Technical Guidelines are currently being drafted in close cooperations with leading companies from the respective application domains. These drafts have been discussed in dedicated expert workshops where all relevant groups -incl. the critics- were present. The final versions will include the comments gathered in these sessions.
In future BSI and probably also accredited evaluation facilities will offer a certification service / quality seal for implementations that follow the guidelines.
The Technical Guidelines will serve as comprehensive and neutral information source for German citizens, service providers and industry. This will build transparency and trust.
NXP Semiconductors is working the project on behalf of BSI.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Britta Oertel, Michaela Wölk, Lorenz Hilty, Andreas Köhler, Harald Kelter, Markus Ullmann, Stefan Wittmann: RFID — Security Aspects and Prospective Applications of RFID Systems. In: http://www. bsi.de/fachthem/rfid/RIKCHAenglischLayout.pdf. Bundesamt für Sicherheit in der Information-stechnik (BSI), SecuMedia Verlag Ingelheim, 2004
Bundesamt für Sicherheit in der Informationstechnik (BSI): BSI Standard 100-3 — Risk Analysis based on IT Grundschutz, Version 2.0. In: http://www.bsi.de/english/publications/bsistandards/ standard_1003_e.pdf 2005.
Tom Karygiannis, Bernard Eydt, Greg Barber, Lynn Bunn, Ted Phillips: Guidelines for Securing Radio Frequency Identification (RFID) Systems. In: http://csrc.nist.gov/publications/nistpubs/800-98/SP800-98_RFID-2007.pdf National Institute of Standards and Technology, 2007.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2007 Friedr. Vieweg & Sohn Verlag | GWV Fachverlage GmbH, Wiesbaden
About this chapter
Cite this chapter
Bartels, C., Kelter, H. (2007). Technical Guidelines for Implementation and Utilization of RFID-based Systems. In: ISSE/SECURE 2007 Securing Electronic Business Processes. Vieweg. https://doi.org/10.1007/978-3-8348-9418-2_25
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9418-2_25
Publisher Name: Vieweg
Print ISBN: 978-3-8348-0346-7
Online ISBN: 978-3-8348-9418-2
eBook Packages: Computer ScienceComputer Science (R0)