I've worked with several RFID implementations, and all of the (silicon-based) solutions have decent encryption to prevent "capture" of IDs or other data. Usually a shared-key system -- not unbreakable, of course, but pretty difficult to intercept on the sly.
What's the key management? If one of the reader units are removed from the sture, how hard is it to use it to get a valid key that can read all other prada rfid tags?
How hard is it to break into the readers that the store's using? Can you have to floor people direct people to randong items?
If the tags themselves are hard to game, can someone game the rest of the system?
You do not need to decrypt a signal that you can repeat. i.e. I can say "Bonjour" without knowing a lick of French, or even the literal meaning of that phrase.
Now, if there was some kind of challenge-response going on, it would be much harder to deal with, although not impossible, given enough "captures".
I can say "Bonjour" without knowing a lick of French, or even the literal meaning of that phrase.
Bad analogy, sort of, eh. If you speak a native language, you can tell aboot from where a speaker originates. Some interlopers can fake it for a little while, but further ecoutage always betrays them. Unless they are really good spies.
I've worked with several RFID implementations, and all of the (silicon-based) solutions have decent encryption to prevent "capture" of IDs or other data. Usually a shared-key system -- not unbreakable, of course, but pretty difficult to intercept on the sly.
If encrypted RFID systems don't include any nonce in the request, repeated in the response, then a replay attack is possible. You don't have to break the encryption at that point, just record and retransmit.
> If encrypted RFID systems don't include any nonce in the request, repeated in the response, then a replay attack is possible.
It's been a couple years, but I'm certain it had a challenge-response authentication system to prevent simulation. I am not a security expert, I just remember reading the specs while studying the api.
I also remember a story told by the owner of the company about a sales pitch he gave once. A nearby amusement park used an insecure rfid technology to sell access to
IF this is really strong encryption, and is well done, it could help to prevent a lot of the misuses of RFIDs. It doesn't stop them, of course, but makes them harder.
If the tags in my clothes will only talk in a useful way to authorized readers, then you can't just put a generic reader in the lamp post and discover everyone that walks by.
However, all that is needed to get the lampost reader to track people is to have the keys, or have some way to get the RFID to talk in a consistant way. For example, alwa
I've worked with several RFID implementations, and all of the (silicon-based) solutions have decent encryption to prevent "capture" of IDs or other data.
Bullshit.
Proximity cards based on ISO14443 have encryption, but very limited reading range due to the larger power consumption of the chip.
Popular types of vicinity (up to about 1 m reading range) cards such as I*Code, Tag-it, ISO 15693 use no encryption at all. I designed low-level firmware for a reader to read these, so I should know...
News flash, most people who have enough money to shop at Prada on a regular basis are not like wannabe middle-class 20-somethings that dress flashy with logos blinging like mad.
I work for a luxury department store and the people that spend the most wear labels you've probably never heard of. They also dress more conservatively (i.e. like bums) when they shop because they are not out to impress sales staff.
Or better yet, read and clone someone else's RFID. (Secretly while passing by, of course.) I wonder if their greeters and clerks would even notice that you didn't exactly match the data on their display, or just go through the sript?
Screw that, I want to get someone rich's RFID - so that way they'll treat me like royalty when I walk in! That would be way cool. I don't want to block it, I want to use it for personal gain!
What you say is actually pretty interesting. Imagine the connotations now, taking into consideration that I am sure most of these people have charge accounts at these places.
so it would be:
1) find RFID tag of one of these guys.
2) create duplicate
3) go buy tons of nice stuff w/ their money
4) resell at the local flee market for PROFIT! or,
Just be careful who you steal it from. If you happen to get Winona Ryder's ID, the treatment you get is not quite the same. You walk in and all of the sudden the security gaurds pay you more attention than the sales people.:)
That you may do. But imagine what the world would be like when this becomes more commonplace.
Imagine going to a designer store to buy a nice handbag or whatnot for your better half when you are tagged head to toe with WalMart and JC Penny tags.
Imagine trying to get help in such a store. It's hard enough getting help from the clerks if you don't appear to fit the "profile", but rich people sometimes dress like slobs too. Determining which is which is a simple matter of "loyalty cards", credit accounts, and sharing of customer info between stores.
RFID will confirm to the staff you are not their type of "customer". They only attention you will attract is store security.
Better yet, there are many jewelry shops with automatic doors that are locked and released by the staff after they look over the customer. Imagine this spreading to other kinds of shops now that RFID tags can be used. Wouldn't it be grand to be denied entrance based on what you wear and what cards you carry (and possibly the cash) in your wallet rather than just appearance?
Imagine trying to get help in such a store. It's hard enough getting help from the clerks if you don't appear to fit the "profile", but rich people sometimes dress like slobs too.
I've accidently discovered the secret to getting service while dressed like a slob.. (And I wouldn't call myself rich)
Basically, be an arrogant yet superficially polite jerk. This includes:
Appear to be bored
Poke gently at the merchandise (as though it might be soiled), while making little sniffs and raising one eyebrow in amused d
Are you listening to yourself? You write as though the object of Prada opening a store is to keep lowlifes out of it.
Prada is in business to make money. If they're smart (and they seem to be), they'll do what's best for business. This includes profiling customers to focus attention on steady high rollers. But if a salesperson sees you in Levi's and Hanes, but their handheld tells them that you bought two handbags and a set of luggage last month, I don't think you'll be spurned.
Like most people here, I do not dress like the average Joe. From personal experience I've been followed by shop security and treated in a condesending manor by staff, just for the way I look.
Prada want to make money, Prada staff like to think they are part of the social elite.
I can't undertand why everyone seems fixated on RFID only being a problem in commercial settings. The real problem is the potential for government spying and intrusion. Ubiquitous RFID tags in clothing and credit cards are a right-wing government's wet dream.
Scenario 1) Homeland Security identifies "suspects" and surreptitiously scans the RFID tags in their clothes and credit cards. (Remember, its only Prada for now - soon RFID tags will be everywhere.) The government can then track all these people by s
Most systems will ignore RFID tags from outside a certain range. I work with a race timing company and we use a RFID timing system (ChampionChip [championchip.nl]). We constantly get bogus reads from other chip sources. The software that transfers the chip IDs to the timing software ignores any chips that aren't valid Champion Chips.
Just curious, with a proximity device, like RFID, how do you determine EXACTLY when people cross the finish line? (I assume that being exact is important in your market)
RFID readers either side of the finish line probably: when the RFID "reads" closest to the "over the line" reader then the "start of the line" reader then deem the tag as being at least half-way over (ok, some variation can be accounted for height about the line - but tags either side of the line should eliminate this to a very very very small margin).
Technically, the shark with the frickin' laser on its head would be slightly more accurate...
When you have dozens of people crossing the line in any given second like you do in many large road races where they use these chips, it is much more accurate than you could get with a laser, because people will often cross the line before the previous finisher is completely over the line, making line of sight based techniques hard to use, it is also a very easy method of associating a number (and therefor a pers
The ChampionChip system is based upon a passive chip, which has some pros/cons over an active chip.
The system is composed of a few elements. The Readers which have large mats attached to them. The mats have a series of loops in them. One loop 'charges' the chip the other 'recieves' the chip.
The mats constantly send out a 'charge' signal to the chips which then send back their ID for the reader. This is happening at a very high frequently, for champion chip the time is rated to the.01 of a second.
A clothing line for people who think they are important, like Gucci. Some people claim they are better quality, while most realize it's a bunch of hooey just to raise the price of a shirt 100x.
Ah, ok. In Britain we've got something similar, it's called Conrad. A way for the very rich to distinguish themselves from everyone else, now that many people can afford to drink wine/eat out regularly/buy their own house, etc etc.
Prada has stored in the UK; they have stored in most major cities in Europe, just look for the high end/tourist shopping areas.
The one in London is on Sloane St.
Messing with thier system (Score:5, Interesting)
Re:Messing with thier system (Score:5, Interesting)
Would be fun to see tons of snooty sales people running up to a guy dressed like a bum...
Re:Messing with thier system (Score:5, Informative)
S
Re:Messing with thier system (Score:2)
Re:Messing with thier system (Score:3, Interesting)
What's the key management? If one of the reader units are removed from the sture, how hard is it to use it to get a valid key that can read all other prada rfid tags?
How hard is it to break into the readers that the store's using? Can you have to floor people direct people to randong items?
If the tags themselves are hard to game, can someone game the rest of the system?
-Peter
Re:Messing with thier system (Score:4, Insightful)
Now, if there was some kind of challenge-response going on, it would be much harder to deal with, although not impossible, given enough "captures".
Re:Messing with thier system (Score:2)
I can say "Bonjour" without knowing a lick of French, or even the literal meaning of that phrase.
Bad analogy, sort of, eh. If you speak a native language, you can tell aboot from where a speaker originates. Some interlopers can fake it for a little while, but further ecoutage always betrays them. Unless they are really good spies.
Re:Messing with thier system (Score:3, Funny)
You're Canadian?
Re:Messing with thier system (Score:2)
I'd go so far as to say eastern Canadian, but I wouldn't bet much more than lunch money on him being a maritimer.
Re:Messing with thier system (Score:2)
I'm a transplanted Caper with Canadian Cajun roots. Good thing you didn't bet real money.
Re:Messing with their system (Score:2)
If encrypted RFID systems don't include any nonce in the request, repeated in the response, then a replay attack is possible. You don't have to break the encryption at that point, just record and retransmit.
Humans tend to repeat their mistakes, so i
Re:Messing with their system (Score:1)
It's been a couple years, but I'm certain it had a challenge-response authentication system to prevent simulation. I am not a security expert, I just remember reading the specs while studying the api.
I also remember a story told by the owner of the company about a sales pitch he gave once. A nearby amusement park used an insecure rfid technology to sell access to
Re:Messing with thier system (Score:2)
If the tags in my clothes will only talk in a useful way to authorized readers, then you can't just put a generic reader in the lamp post and discover everyone that walks by.
However, all that is needed to get the lampost reader to track people is to have the keys, or have some way to get the RFID to talk in a consistant way. For example, alwa
Re:Messing with thier system (Score:5, Informative)
Bullshit.
Proximity cards based on ISO14443 have encryption, but very limited reading range due to the larger power consumption of the chip. Popular types of vicinity (up to about 1 m reading range) cards such as I*Code, Tag-it, ISO 15693 use no encryption at all. I designed low-level firmware for a reader to read these, so I should know...
Re:Messing with thier system (Score:2)
I work for a luxury department store and the people that spend the most wear labels you've probably never heard of. They also dress more conservatively (i.e. like bums) when they shop because they are not out to impress sales staff.
Re:Messing with thier system (Score:1)
Re:Messing with thier system (Score:3, Funny)
Re:Messing with thier system (Score:1)
What you say is actually pretty interesting. Imagine the connotations now, taking into consideration that I am sure most of these people have charge accounts at these places.
so it would be:
1) find RFID tag of one of these guys.
2) create duplicate
3) go buy tons of nice stuff w/ their money
4) resell at the local flee market for PROFIT! or,
4a) Start dressing in style and get laid more
Facun.
Re:Messing with thier system (Score:3, Insightful)
Ummm, I don't think ANY amount of fine clothes will help most
Re:Messing with thier system (Score:3, Funny)
Re:Messing with thier system (Score:4, Interesting)
Imagine going to a designer store to buy a nice handbag or whatnot for your better half when you are tagged head to toe with WalMart and JC Penny tags.
Imagine trying to get help in such a store. It's hard enough getting help from the clerks if you don't appear to fit the "profile", but rich people sometimes dress like slobs too. Determining which is which is a simple matter of "loyalty cards", credit accounts, and sharing of customer info between stores.
RFID will confirm to the staff you are not their type of "customer". They only attention you will attract is store security.
Better yet, there are many jewelry shops with automatic doors that are locked and released by the staff after they look over the customer. Imagine this spreading to other kinds of shops now that RFID tags can be used. Wouldn't it be grand to be denied entrance based on what you wear and what cards you carry (and possibly the cash) in your wallet rather than just appearance?
Re:Messing with thier system (Score:3, Insightful)
I've accidently discovered the secret to getting service while dressed like a slob.. (And I wouldn't call myself rich)
Basically, be an arrogant yet superficially polite jerk. This includes:
Appear to be bored
Poke gently at the merchandise (as though it might be soiled), while making little sniffs and raising one eyebrow in amused d
Re:Messing with thier system (Score:3, Insightful)
Prada is in business to make money. If they're smart (and they seem to be), they'll do what's best for business. This includes profiling customers to focus attention on steady high rollers. But if a salesperson sees you in Levi's and Hanes, but their handheld tells them that you bought two handbags and a set of luggage last month, I don't think you'll be spurned.
Prada does not make money by
Re:Messing with thier system (Score:2)
What if I'm a first time customer?
What if I try-to opt-out of RFID tags?
What if I like anonymity combined with a peaceful, non-disruptive shopping experience?
What happens when Equifax or some other company opens up a customer profiling database?
That last part is the scary one. Double-edged sword this one is.
I couldn't care less if Prada wants to show me what I look good in. Having my entire purchase history and everyday habits to the
Re:Messing with thier system (Score:2)
Then you probably didn't bother getting a Prada affinity card, did you?
Re:Messing with thier system (Score:1)
Re:Messing with thier system (Score:2)
Scenario 1) Homeland Security identifies "suspects" and surreptitiously scans the RFID tags in their clothes and credit cards. (Remember, its only Prada for now - soon RFID tags will be everywhere.) The government can then track all these people by s
Minority Report coming to us (Score:1, Interesting)
Re:Messing with thier system (Score:3, Interesting)
Re:Messing with thier system (Score:1)
Re:Messing with thier system (Score:1)
Re:Messing with thier system (Score:1)
Seems almost like RFID just for RFID's sake...
Thanks for the reply, it's a good thought.
Re:Messing with thier system (Score:3, Insightful)
When you have dozens of people crossing the line in any given second like you do in many large road races where they use these chips, it is much more accurate than you could get with a laser, because people will often cross the line before the previous finisher is completely over the line, making line of sight based techniques hard to use, it is also a very easy method of associating a number (and therefor a pers
Re:Messing with thier system (Score:1)
Re:Messing with thier system (Score:3, Informative)
The system is composed of a few elements. The Readers which have large mats attached to them. The mats have a series of loops in them. One loop 'charges' the chip the other 'recieves' the chip.
The mats constantly send out a 'charge' signal to the chips which then send back their ID for the reader. This is happening at a very high frequently, for champion chip the time is rated to the .01 of a second.
Sorry for the stupid question but... (Score:2)
Re:Sorry for the stupid question but... (Score:3, Interesting)
A clothing line for people who think they are important, like Gucci. Some people claim they are better quality, while most realize it's a bunch of hooey just to raise the price of a shirt 100x.
Re:Sorry for the stupid question but... (Score:2)
Re:Sorry for the stupid question but... (Score:2)
Re:Sorry for the stupid question but... (Score:1)
He lost his papers? I went to university in Canada, and that thought fills me with glee.
Re:Sorry for the stupid question but... (Score:2)
The CBC has a (superhumanly polite) profile of Conrad Black here [www.cbc.ca].
Re:Sorry for the stupid question but... (Score:2)
The one in London is on Sloane St.
Re:Sorry for the stupid question but... (Score:1)
Larry