RF-Wall - Technical Features

RF-Wall Standard Edition

Generic Appliance Features

  • RF-Wall is a security appliance for centralized management of all aspects of RFID security.
  • RF-Wall operates like a firewall for RFID: Designed as a dedicated security appliance it is located at the perimiter of the network right between RFID reader and edge server / backend. RF-Wall analyzes all incoming and outgoing RFID traffic in-band and on-the-fly.
  • RF-Wall is agnostic to underlying RFID technology: A plugable connector architecture provides support for virtually any existing (or future) RFID reader or tag technology.
  • RF-Wall solves the key storage problem: By moving security away from the tag ("off-tag security") there is no need any more to store shared secret keys on the tag or inside the reader. Various key storage options exist ranging from simple database storage to a bullet proof Hardware Security Module (HSM).
  • RF-Wall comes with all the standard features you expect from a modern appliance. Some examples: Turn-key solution that does not require complex installation, configuration or maintenance. Designed with continuous updates in mind. World-class expert support available.

Key Features and Use Case Scnearios

  • Transparent data encryption: Encrypt RFID user data on the fly when writing to the tag. Provides reliable data security even for low-cost tags with no crypto features. Advantages: No custom code for backend software required. No expensive or potentially flawed crypto tags necessary. Rely on huge selection of trusted crypto libraries. Elegant solution for the key storage problem: Tag and reader do not need to see or store any secret key.
  • Transparent data decryption: Decrypt RFID user data on the fly when reading from the tag. Usually used in combination with the encryption feature to raise the level of data security for legacy applications avoiding high upgrade costs or to create brand-new applications featuring unprecedented levels of security.
  • Digital signature creation: Digitally sign RFID user data on the fly when writing to the tag.
  • Digital signature validation: Verify digital signature and match against RFID user data on the fly when reading from the tag. In combination with the signature creation feature this allows to detect tampering and cloning attacks. Suitable for product authentication applications where the goal is to deter Grey Market and counterfeit activity.
  • Self-maintained or pre-populated black lists: Log unique identifiers of tag (TID) and block those that match certain criteria (specific set or range of ID, IDs that were logged twice or more times etc.). Useful for enforcing single-use and similar scenarios. Examples: Disposable probes for medical devices that should not be used more than once or past their expiration dates. Inkjet printers defeating re-fill attempts.
  • Pre-populated white lists: Use pre-loaded white list of tag identifiers (TID) to only allow processing of tags on the list.
  • Anomaly detection: (1) Scan tag data for specific attack patterns similar to a Virus Scanner. Block tag or send alert when match is found. (2) Statistical analysis of unusual behavior similar to an Intrusion Detection System (IDS). Block tags or send alert when unusual activity is suspected. (3) Data validation and error correction. Examples: Protect business critical systems from disruption (business continuity). Detect and report suspicious activity in an access control system.
  • Investigative features: Monitor activity, audit log files on a regular basis, send alerts as soon as incidents are detected. Allows to locate and quantify damage and deter future attacks.

Take a look at some typical configuration options