Can RSA "blocker tag" really work?
RSA today announced a version of Ron Rivest's blocker tag which is a supposed defence against unwanted RFID scans.
The tag, explained simply, answers affirmatively to an entire subsection of the RFID space, so that any scanner looking for a tag in that space always hears a yes (or gives up) and thus can't find a tag in that space.
(RFID scanners, if you didn't know, find tags by doing a binary descent of their code number, asking "Anybody here start with 1? Yes? Ok, anybody start with 10? No? How about 11? Yes? Anybody start with 110?" and so on.)
This would work with existing scanners, but it doesn't seem very secure to me.
All they would need would be a scanner that could tell the difference between two tags answering and one answering. On the left side of the tree, it might hear both the blocker tag and real tags. On the right side, only the blocker tag. If it can tell the difference it can still descend the tree and read your tag.
A very smart blocker tag that knows not to answer when the specific tags it is blocking will answer could defeat this, but that's a much more expensive tag, effecitively an active device. And even this could be defeated by a reader with more than one antenna or any directionaility to its antenna to let it know the answers it got came from two different sources.
What this means is the ordinary reader won't be able to scan the tags on your clothes as you walk into a building, but one designed for that purpose could do so. So we'll have snooping for the rich, but not for the public. Though at least you could detect when this has been done to you, if you had an active tag looking for this. But what could you do about it?
Add new comment