Sunday, May 21, 2006

Shameless Fake of the Month

China's semiconductor community lost face this month when it was discovered that one of its top researchers, Dr. Chen Jin had blatantly faked his research. Dr. Chen had claimed that his home-grown DSP chip was capable of processing some 200M instructions per sec. Instead, it turned out that Dr Chen had taken chips produced by Freescale Semiconductor (formerly a unit of Motorola) and then used low-paid migrant workers to scratch its trademarks off and replace them with that of his company's, Hanxin.

Friday, May 05, 2006

Can RFID be a Security Solution?

In recent months we've heard announcements from major pharmaceutical players who are piloting RFID on their high-profile, most-counterfeited drugs. We've also reported here in the past on the costs of using RFID, and stories about their security weakenesses.

Seems like a paradox? Not really.

The FDA is pushing drug companies very hard to implement its vision of pharmaceutical security which relies on an electronic pedigree of every transaction at every point in a drugs supply chain. The Florida ePedigree rules come into effect this July, CA and NV are soon to follow. Drug companies are running pilots so they can't be accused of doing nothing - but the costs are extraordinary, and expectations are low. John Theriault heads security at Pfizer, he was recently interviewed on NPR.
JOHN THERIAULT: Is RFID you know a magic bullet that's gonna solve this tomorrow? The answer's absolutely not.
The company has tagged all bottles of Viagra that ship in the US. But Theriault says only one of the wholesalers Pfizer ships to have invested in the technology to read the tags.
JOHN THERIAULT: You have to understand that for RFID to work, there has to be technology deployed throughout the entire supply chain from the manufacturer to the point of sale. And that technology is currently expensive; it currently does not exist throughout the entire supply chain.
Wired magazine is running a piece this month on just how easy it is to crack RFID tags, replace their data, spoof them, and steal from them. Many security experts are predicting that RFID will be implemented with insufficient security, and users will have unrealistic expectations about how secure the data is.

Ari Juels, of RSA labs, has published several excellent articles on the weaknesses and challenges of RFID. In once of his presentations he makes the following observation:

1980: Not one reported incident of a computer virus in the wild
1999: Not one reported incident of a major DDoS attack on the Internet
2005: Not one reported incident of fraudulent use of RFID tags.