I have something akin to experience in this arena at least as it applies to the ambient RF environment and the security of the data transferred. As a matter of fact the two usually go hand in hand. The issue that I usually see is how to protect your new drivers license / passport / ID badge (with embedded RFID) from someone stopping next to you at a subway station with an RFID reader hidden in their briefcase, although densely populated CoLo's wouldn't be much different. The preferred standard is usually the FIPS 201 standard and is deployed at 13.56Mhz which ensures you have to be pretty darn near the transceiver to "get a read" but also makes the problem of ambient (RF) noise pretty much a non-issue. The issue arises in tags placed so close together that they are in the read field at the same time causing multiple emitters in the same channel. Recent implementations have a built in collision avoidance mechanism that eliminates the issue entirely in my testing (understanding channel contention for this exercise is at most dozens of transmitters, and wouldn't scale up to anything larger). These same recent implementations use 3DES to secure the open-air channel, reducing prevalence of man-in-the-middle type attacks. Finally, it is common now to retrieve the encrypted contents of the RFID tags and require that a CA hierarchy validate both sides of the transaction prior to decryption which can contain 4K in the data sectors or more. Brandon L. -----Original Message----- From: George Imburgia [mailto:nanog@armorfirewall.com] Sent: Wednesday, January 13, 2010 12:52 PM Cc: nanog@nanog.org Subject: RFID in datacenter (was Re: Default Passwords for World WidePackets/Lightning Edge Equipment) On Wed, 13 Jan 2010, Barry Shein wrote:
The big advantage of RFIDs is that you don't need line of sight access like you do with bar codes, they use RF, radio frequency.
Which is also a big disadvantage in a datacenter. Ever tried to use a radio in one?
The RF noise generated by digital equipment seriously erodes signal quality. Considering the relatively weak signal returned from RFID tags, I'd be surprised if you'd get any kind of useful range.
Has anybody tried it out?
I have something akin to experience in this arena at least as it applies to the ambient RF environment and the security of the data transferred. As a matter of fact the two usually go hand in hand. The issue that I usually see is how to protect your new drivers license / passport / ID badge (with embedded RFID) from someone stopping next to you at a subway station with an RFID reader hidden in their briefcase, although densely populated CoLo's wouldn't be much different. The preferred standard is usually the FIPS 201 and is deployed at 13.56Mhz which ensures you have to be pretty darn near the transceiver to "get a read" but also makes the problem of ambient (RF) noise pretty much a non-issue. The issue arises in tags placed so close together that they are in the read field at the same time causing multiple emitters in the same channel. Recent implementations have a built-in collision avoidance mechanism that eliminates the issue entirely in my testing (understanding channel contention for this exercise is at most dozens of transmitters, and wouldn't scale up to anything larger). These same recent implementations use 3DES to secure the open-air channel, reducing prevalence of man-in-the-middle type attacks. Finally, it is common now to retrieve the encrypted contents of the RFID tags and require that a CA hierarchy validate both sides of the transaction prior to decryption which can contain 4K in the data sectors or more. Brandon L.