Introduction

As with any system,Radio Frequency Identification (RFID) is vulnerable to attack. People that work in informationsecurity know that any system, including a RFID, can be compromised given enough time and effort.The ExxonMobil SpeedPass (see Chapter 2) is a greatexample of a system that, given enough time and interest from researchers, became a target forresearch on many fronts.

Case Study: Johns Hopkins vs. SpeedPass

In 1997, Mobil Oil launched a new payment system for its gas stations and convenience storescalled SpeedPass, which is based on the Texas Instruments DST (Digital Signal Transponder) RFIDtag technology. In 2001, Exxon purchased Mobil Oil and adopted the same system for its gas stationsand convenience stores. Since that time, over 6 million tags have been deployed and are activelybeing used in the US. The SpeedPass system is arguably one of the largest and most public uses ofRFID technology to date. Because it is ubiquitous, many people do not realize that they use RFIDtechnology on a daily basis.

A tag is given to the consumer on a key chain fob and then linked to their credit card orchecking account. Passing the tag past a reader automatically charges the credit card or checkingaccount for that purchase amount. It is convenient for the consumer, and subsequently has led to amarked increase in purchases and brand loyalty.

It works like many RFID implementations. To make a purchase, the consumer passes the tag infront of the reader at the pump or on the counter in the store. The reader then...