ABSTRACT
This chapter discusses security controls that can potentially mitigate the business risks associated with radio frequency identification device (RFID) systems. It examines security controls applicable to most RFID implementations. RFID security is a rapidly evolving discipline. Although promising research is noted when applicable, the chapter focuses on controls that are presently commercially available. The RFID security controls are divided into three groups: management, operational and technical. An RFID usage policy describes the authorized and unauthorized uses of RFID technology in an organization and the personnel roles assigned to particular RFID system tasks. Technical controls exist for all components of RFID systems, including the RF, enterprise, and inter-enterprise subsystems. Several types of technical controls focus on the RF interface to tags, including: cover-coding, encryption of data in transit, electromagnetic shielding, and RF selection. Organizations should use a combination of management, operational, and technical controls to mitigate the business risks of implementing RFID systems.
