Internet security and ways to decrease vulnerabilties

Rokeshia Robinson
Follow up Paper #2
Internet Security & Security Issues
May 9, 2006


Too often, some businesses just do not take security seriously. Common statements range from “We don’t have data of any value”, “Nothing will happen to us”. The problem seems to stem from a misunderstanding of how organizations’ resources could be violated and used. A common misconception is that hackers only go after the “big fish”. Not much thought is given to the idea that their resources may be used for things other than a DOS (denial of service) attack. Organizations cannot afford to lose time, money, or integrity due to security incidents. Businesses can suffer immeasurable security incidents, such as, losses because a data center has a production outage as a result of a worm or virus, or from a hacker who defaces a website.

To avoid becoming a victim of misguided pranksters or cyber-crime, organizations should take the time to examine the security of their customers and personal data. In our security presentation we talked about some devices and solutions that organizations use to decrease vulnerabilities within their organization. Listed below are a few tips that we use at Fiserv to protect ourselves from Internet threats.

Spyware protection: Viruses spread rapidly and can damage or destroy your computer. New ones appear almost daily. It's critical that you install and update anti-virus software regularly. Use the program to scan all the files on your system once a week, deleting the infected ones.

Email Attachments: Like I mention in class, some people will open suspicious email, and most of the time a virus is what hides in the attachment. Not to my surprise, opening it will unleash the virus. Don't open an attachment from anyone you don't know. Even if you do know the sender, an infected attachment may have been surreptitiously sent from an infected machine. The safest thing to do is to scan the attachment with anti-virus software before you open it.

Firewalls: (Chin discuss the use of firewalls and their benefits. However, if organization don’t set additional rules, the firewall may cause more harm than good.) A firewall is a software program that blocks unauthorized access to your computer. This is particularly important if you have a broadband connection, such as DSL or a cable modem. Windows XP has a built-in firewall, so make sure it's activated if you use that operating system.

Password protection and management: Many online services, such as banking, brokerage and e-mail require the use of passwords. A secure password is the first line of defense against cyber-snoops. Use a different password for each account, don't divulge them to anyone and change them periodically. (Dr. Sargent pointed users become less security due to having so many passwords to remember, which forces user to write them down.)

Security Updates: Update security patches for your operating system and web browser. You've probably read about security "holes" that turn up periodically. Once they are discovered, you can download fixes. For Windows users, an easy way to update your system is click on the Windows Update option under the Start menu or by pointing your web browser to this link: http://windowsupdate.microsoft.com/.

And last, but no where near least; Log offline when you are done for the day. You are most vulnerable when connected to the Net. If there isn't a good reason to remain online, disconnect from the network. Here are some of the Internet attack trends highlights from Symantec 2006 report. I just wanted to show the percentage of Internet attacks and who are affected, in addition to showing that no one is safe from Internet vulnerabilities.

Attack Trends Highlights

• The government sector accounted for 25 percent of all identity theft-related data breaches, more than any other sector.

• The United States was the top country of attack origin, accounting for 33 percent of worldwide attack activity.

• Symantec recorded an average of 5,213 denial of service (DoS) attacks per day, down from 6,110 in the first half of the year.

• The United States was the target of most DoS attacks, accounting for 52 percent of the worldwide total.

• Microsoft Internet Explorer was targeted by 77 percent of all attacks specifically targeting Web browsers.

• Home users were the most highly targeted sector, accounting for 93 percent of all targeted attacks.
• China had 26 percent of the world’s bot-infected computers, more than any other country.

• Beijing was the city with the most bot-infected computers in the world, accounting for just over five percent of the worldwide total.

• Israel was the highest ranked country for malicious activity per Internet user, followed by Taiwan and Poland.

Internet: Secure Enough?

Chinnapong Somsueb
ID# 1671071
MCS 760
2nd Follow-up Paper

Internet: Secure Enough?

Nowadays, Internet has been used and become our daily life for years. The number of users has also been increasing progressively. Many businesses have implemented Internet system as one part of their businesses. According to Internet World Stats, the number of Internet users has grown dramatically from 8.6 percent in 2002 to 16.6 percent at the end of 2006, which is about double in only four years. As the users have been growing, the number of risks and threats has been increasing at a similar rate as the growth rate. Therefore, the Internet security has become one of the major issues in today business. There are several possible risks in current Internet society, such as virus, spyware, adware, phishing, and other privacy issues.

First of all, computers have been involved in our daily life for decades. Computer viruses, a computer program that can copy itself and infect a computer without permission or knowledge of the user, have been also distributed steadily. In previous years, a computer would be infected by using a removable medium, such as floppy disk. Nowadays, many computers have been connected as networking computers, so viruses can spread to other computers that are connecting to the same network. Extensively, if computers connect to the Internet, there is a greater chance to get a virus than closed network computers. Several anti-virus packages have been created in order to prevent and eliminate virus from computers and network. Therefore, Internet users have to update their anti-virus software in order to protect as soon as possible.

The next possible vulnerability from the Internet could be spyware and adware. It is computer software that usually collects personal information about users without their proper informed permission. Several different Internet users’ personal information could be searched, recorded, and sent out without any consent. There purposes of spyware are, for example, advertising while using the Internet and stealing browsing history as well as personal information which many users want to be secured. If there is a spyware on the computer, it would slow down its performance. Moreover, Internet users would be annoyed while using the computer. Most of anti-virus and anti-spyware could detect and remove software on a user's computer that is determined to be either adware or spyware. It also detects dialers, trojans, malware, data-mining, aggressive advertising, parasites, browser hijackers, and tracking components.

Phishing and other privacy issues such as pharming could be considered as the affects of social engineering which is a collection of techniques used to manipulate people into performing actions or divulging confidential information.(1) Phishing frequently applies to email appearing to come from a legitimate business, such as financial institution or credit card company. Requesting for a verification of personal information and warning of some disgraceful significance have been emphasized if it is not done. According to the fact that phishing is usually come from email, Internet users have to be aware and deny to replying this type of email. According to the federal bank, thrift and credit union regulatory agencies’ information (2), we can protect ourselves from phishing in the following ways:

1. Never provide personal information in response to an unsolicited request.
2. If you believe the contact may be legitimate, contact the financial institution yourself.
3. Never provide password over the phone or in response to an unsolicited Internet request.
4. Review account statements or transactions regularly to ensure all charges are correct.
   

Furthermore, pharming is a cracker's attack aiming to redirect a website's traffic to another (counterfeit) website. It can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. Significantly, anti-virus software and spyware removal software cannot defend against pharming. Even though the Anti-Phishing Act was introduced in 2005, Internet users have to make sure they are using secure Internet connections (HTTPS) to access privacy sensitive sites such as banking or taxing, and accept the valid public key certificates issued only by trusted sources.

On the other hand, besides anti-virus, anti-spyware, and awareness of Internet users, there is a computer hardware such as firewall and router that can help use to be safe from several cyber crimes. Firewalls can block all traffic except through authorized ports on internal computers, thus only restricting unfettered access. In addition, routers, computer networking devices that buffers and forwards data packets across an internetwork toward their destinations, direct messages to the proper target and is sometimes referred to as a "gateway." Routers are often employed in conjunction with firewalls. Moreover, the implementation of security systems has several effects. For example, because of the high cost of software and hardware to protect the computer and privacy, users have to have enough knowledge and awareness in order to avoid sharing inappropriate information, and start updated about of computer threats.

The number of Internet users are still increasing, this group would be considered as a target group of business and unwanted advertisements. Several kinds of software and methods have to be used in order to prevent and protect users’ privacy. As a result, if there is both proper user behavior and network design implemented together, it could help avoid problems with security which have been increasing.

(1) Mitnick, Kevin; Kasperavičius, Alexis: "Certified Social Engineering Prevention Specialist Course Workbook.", page 4. Mitnick Security Publishing, 2004.
(2) The federal bank, thrift and credit union regulatory agencies, Avoiding Scams. Retrieved May 5, 2007, from Warning Internet Pirates Web site: http://www.wright-pattcu.coop/files/antiphishing.pdf

Symantec Internet Security Threat Report-interesting notes

Over the past two reporting periods, Symantec has observed a fundamental shift in Internet security activity. The current threat environment is characterized by an increase in data theft and data leakage, and the creation of malicious code that targets specific organizations for information that can be used for financial gain.

Instead of exploiting high-severity vulnerabilities in direct attacks, attackers are now discovering and exploiting medium-severity vulnerabilities in third-party applications, such as Web applications and Web browsers. Those vulnerabilities are often used in “gateway” attacks, in which an initial exploitation takes place not to breach data immediately, but to establish a foothold from which subsequent, more malicious
attacks can be launched.

Symantec has observed high levels of malicious activity across the Internet, with increases in phishing, spam, bot networks, Trojans, and zero-day threats. However, whereas in the past these threats were often used separately, attackers are now refining their methods and consolidating their assets to create global networks that support coordinated criminal activity.
This has resulted in an increasing interoperability between diverse threats and methods. For example, targeted malicious code may take advantage of Web-enabled technologies and third-party applications to install a back door, which then downloads and installs bot software. These bots can, in turn, be used to distribute spam, host phishing sites, or launch attacks in such a way as to create a single coordinated network of malicious activity. Once entrenched, these networks can be used in concert as global networks of malicious activity that support their own continued growth.

4th Position paper

Rokeshia Robinson
4th Position paper
Internet Security & Security Issues
May 4, 2007

What is Internet Security? I believe to understand this question we would first have to look at the history of the “Internet”. Now we all may have heard the rumor that the “Internet” was created by Al Gore. Well in my quest to find the real creator of the internet, I stumbled across some interested information that would argue that Al Gore wasn’t the creator, but was a true activism for the concept that eventually turned into a reality.

According to wikipedia, the history of the internet goes all the way back to the fifies and early sixties, prior to the widespread inter-networking that led to the internet. Most communication networks were limited by nature to only allow communciations between the stations on the network. These networks only had bridges and gateways between them, and they were often limited or built solely for a single use. It wasn’t until the late 1980s when the Internet system was developed and ready, but was held up due to The Cold War. J.C.R. Licklider, Larry Roberts, and Robert Taylor were the three who engaged in the interconnected networking systems that envoled into the core of what the Internet would become.So now that we have a brief overview of “Internet”, I will like to talk about internet vulnerabilities, threats, and security around the world.

Internet-based, real-world applications require appropriate security mechanisms because potentially millions of users and their agents (or participants) will access billions of objects of information content in complex workflow processes (e.g., commerce, learning, healthcare). Security is one of the strategic technologies that will increase the value and utility of the Internet and Internet-based applications. Traditional security issues deal with the authentication and authorization of users in network domains. Today there are numerous security issues concerning information content, users, and application systems in information domains.

Effective Internet security systems combine several methods of protecting data and systems. These are some of the most common Internet security measures: Authentication: Authentication restricts access to designated systems or information until users "prove" their right of access by providing an authorized password or personal identification number (PIN). Password administration becomes vital to update the system frequently so only "authentic" passwords are active. In some systems, a digital signature can be used to verify that the message was sent by the authorized party and that it wasn't tampered with during transmission.

Antivirus software: Software can be loaded on an operating system to detect viruses and prevent them from entering the database where they can alter or delete data. Because new viruses are constantly being created, you should update your antivirus software on a regular basis.

Encryption: Data is encrypted--or translated into a code--to ensure that it can be read only by authorized users who have the software to decrypt the data. Encryption also protects material from unauthorized access or tampering while it's traveling on the Internet.

Firewalls: Firewalls provide a single point of entry for data, which allows the credit union or security service to screen out unauthorized users before they enter the internal computer system. You can usually dedicate a personal computer (PC) for firewall use. This PC is loaded with the appropriate software to filter all information passing to and from the in-house computer system.

Protocols: You use a set of rules, or "protocols," to determine how a network operates, including the cryptography that protects information. Intranet systems usually rely on transmission control protocol (TCP) or Internet protocol (IP).

One common protocol for Internet security is secure sockets layer (SSL), which helps secure data contained within networks. Secure electronic transaction (SET) is a protocol that's used to secure credit card transactions on the Web.

Routers: Routers, which connect two or more networks, are used to direct messages to the correct access point. A router may be either a computer or a software package. The router directs messages to the proper destination and is sometimes referred to as a "gateway." Routers are often employed in conjunction with firewalls.

According to Symantec’s Internet Security Threat Report, the high degree of malicious activity originating in the United States is likely driven by the expansive Internet infrastructure there. The United States accounts for 19 percent of the world’s Internet users. Furthermore, the number of broadband Internet users in that country grew by 14 percent between December 2005 and July 2006. Despite the relatively well developed security infrastructure in the United States, the high number of Internet-connected computers there presents more targets for attackers to compromise for malicious use. Symantec predicts that the United States will remain the highest ranked country for malicious activity until another country exceeds it in numbers of Internet users and broadband connectivity.

China was the second highest country for malicious activity during the six-month reporting period, accounting for 10 percent of all worldwide malicious activity. Germany was third, with seven percent. The prominence of both of these countries can likely be attributed to the high number of Internet users there, as well as the rapid growth in the country’s Internet infrastructure.

Internet trust and security issues

Fourth Position Paper
By Kamakshi Samala

Ubiquitous services and applications when combined with computing business applications, forms a challenging context for internet security and trust. Its not only important for the user to be concerned with the basic security requirements of the internet for controlled access, data integrity, confidentiality and accountability, its also important to make sure that the users are using trusted computing devices. With the rapid change in technology, there has been rapid growth in e-commerce which makes our lives better, simpler and more productive. Electronic commerce basically uses electronic communications technology of the World Wide Web, even though electronic commerce frequently depends on computer technologies other than the World Wide Web, such as databases, and e-mail, and on other non-computer technologies, such as transportation for physical goods sold via e-commerce. Today consumers are extremely comfortable with technology and values of online retail shopping. Online shopping is a convenience both for the retailers and the customers. But as e-commerce and World Wide Web has grown, so has the number of security threats. Identity theft is still at the top of the list of consumer complaints at the Federal Trade Commission, data security breaches are often reported, and phishing is also rising. All these factors undermine trust and security of doing business through internet and World Wide Web.

Vulnerabilities associated with the Internet have put government, business and individual users at risk. The security measures that were used with the main frame computers as well as the networks within the organization are no more possible with the internet as it’s a complex world of interconnected networks with no clear boundaries and control. Originally internet was designed with an aim to put control and trust totally in the hands of users. Also, internet is digital, not physical. This means it has no geographic location and as well as no well defined boundaries. Therefore, physical rules are impossible to apply. Instead new knowledge is required to understand the issues related with the internet. Due to this reason, even though the lives of people are becoming simpler by using the internet but side by side the intruder community is also growing. Intruder tools are becoming more sophisticated and user friendly day by day. By using so called distributed-system attack tools, intruders can hack into large number of sites at a same time with a focus to attack the victim hosts or networks. Now-a-days developers of intruder tools, package their tools in such a user friendly way that even a person with least knowledge of the technology can use them.

There are various reasons for the lack of internet trust and security. Some of the reasons are as follows:

• Due to fall in the prices of communication on the Internet, use of the Internet is replacing other forms of electronic communication. The internet sites have also become so interconnected and the intruder tools have become so sophisticated that it’s easy to hack all the interconnected sites.

• As the distributed client-server and heterogeneous configurations are increasing, the management of the technology is also becoming distributed. In such cases, system administration and management fall upon those people who do not have the training, skill, resources, or interest to operate their systems securely. Therefore, with the increase in untrained system administrator and security staff, the life of attackers is becoming easier.

• With lack of knowledge about the network and security, most sensitive data of an organization such as financial information, medical records, human resources files, and customer information files, etc. can be put to risk.

• Most often when the vendors release patches or upgrades to solve the security problems, organization systems are often not upgraded because the job is too time consuming and sometimes complicated. This job probably demands a skilled system administrator which may far exceed the supply.

• Today software products, workstations, and personal computers have become so easy to use that people with little technical knowledge can install and operate them on their personal computers. Unfortunately, it is difficult to configure and operate many of these products securely. This leads to the increase in the number of vulnerable systems.

• Even the organizations that are security conscious, and have used solutions, such as firewalls and encryption, often can fall trap to false sense of security and become less vigilant. Also single solutions that are once applied are neither foolproof nor adequate. Therefore, solutions must be combined and security situation must be constantly monitored as technology changes and new exploitation techniques are discovered.

• Today the technology is evolving so rapidly that vendors most often concentrate on marketing their products with placing low priority on security features. Therefore, until the customers demand more secure products, the situation will not change.


The above reasons can lead to different types of abuses. If we take for example Web sites. The websites gather information with or without the consumer’s knowledge. The most common method is by using clickstream data. This method tracks where the individual travels in a site and which advertisement and content he/she examines and uses. One of the common tools used are Cookies. Cookies are small files that are transferred to our computer by some websites that we log on first. This file allows the Web server to track preferences and usage of information and target advertisements or specific content. Even though cookies allow a site to brand users, they do not disclose real names and addresses unless this information has previously been secured by other means. Some browsers allow the users to determine if they want cookie files located on their computer. Sometimes personal information like name, address, email, age, etc. are gathered from promotional "swebstakes," by allowing the user to enter a contest to win prizes in exchange for personal information. Matchlogic, a subsidiary of Excite, Inc, is an example of the firm that is involved in this campaign which posts advertisements and marketing campaigns on various Web sites for approximately 65 customers.

This can lead to transfer of inaccurate data, loss of identity, stolen credit card numbers and other possible problems that can be very difficult to resolve unless all the right tools find wide implementation.

Some of the possible solutions that can be used to ensure internet trust and security are:

1. Encryptions: For greater security the network must be encrypted and must have Firewalls. Firewalls deny or accept all messages and sites based on a list that is stored in the system. This is usually decided by a system administrator.

2. Secure Sockets Layer (SSL): This was developed by Netscape Communications Corporation which helps to reduce the chances of the information sent through the Internet to be intercepted. It provides security to all the parties involved in the transaction.

3. Platform for Privacy Principles: This is also known as P3 which is universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers. This tries to define and describe limits on the use of user’s private information garnered from Web sites.

4. Tokens: These are small devices, which are usually the size of a credit card or calculator that the remote users physically carry with them. This is based on a challenge-response system. When the remote user tries to log on a given authentication server, a challenge is asked. The user keys the challenge into the device which then generates the correct reply. The user then sends this response to the remote server to gain access.

5. Secure Electronic Transaction (SET): It is an open, multi-party protocol that transmits bank card payments via open networks like the Internet. SET allows the parties performing the transaction, to confirm each other's identity. By employing digital certificates, SET allows a purchaser to confirm that the merchant is legitimate and also allows the merchant to verify that the credit card is being used by its owner. It also requires that each purchase request includes a digital signature, which further identifies the cardholder to the retailer. The digital signature and the merchant's digital certificate provide a certain level of trust. SET plays an important role as it offers protection from repudiation and unauthorized payments.

6. Digital Certificates: Purchasers and retailers generate these certificates through the use of secret keys that authenticates that each party to the transaction is legitimate.

7. Open Profiling Standard for Authorization and Single Sign-On (OPS): This makes it necessary for the customers to reenter information that identifies them more than once at a website.

Therefore, these are some of the solutions that can be used to have internet security and provide trust among the users.
Hence in my opinion, while doing business in the real world having and building trust among the customers is very important for the business. Merchants, consumers and financial institutions all need to be confident of the identity with whom they conduct business. Only when all of the above parties are truly able to trust who they are dealing with online, then only will the online business model be successful. Computer based crimes are increasing day by day. For example if we take the case of T.J. Maxx and Marshalls and other off-price retailers, hackers stole data of at least 45.7 million credit and debit cards of shoppers. This case is believed to be the largest breach of consumer information and is considered to be a major security concern.

Government and industries should work together towards better internet security. This way the industry can influence the type of safeguards that are put into practice. If there is resistance to cooperation with government agencies towards internet fraud, crime and privacy, legislative and other political solutions will atomically become more involved. Therefore, internet offers great potential for both consumers and businesses, but proper measures should be taken to protect the internet trust and security. This way both the industry and consumers will be benefited in the long run.

Internet Trust and Security

Joe Farrar

4^th Position Paper

In the coming years, all companies conducting business via the internet will face security issues in one form or another. Security flaws and efforts on the part of hackers to gain access to sensitive data abound. Such attacks are increasing and continue to pose a serious threat to the integrity of sensitive personal and proprietary information held by unfortunate victims.

Attacks can come from a disgruntled employee inside an organization seeking to steal information from a company’s intranet or from outside an organization by hackers seeking to exploit any possible weakness a system has. As the volume of these attacks increase and the material stolen becomes more sensitive, businesses will be forced to pay a premium to ensure that their systems are secure. These threats will continue to produce sensational headlines each time a system is breached and its contents are opened up to unscrupulous individuals. If businesses cannot keep pace with the volume and variety of threats to their systems, they could stand to lose market share to scared consumers unwilling to risk doing business with a business that cannot protect their privacy.

The issue of internet security and trust also has some staggering dollar amounts attached to it. In a study conducted by the Ponemon Institute in 2005, companies lost an average of $14 million per breach when customer data losses happened. In some higher profile cases where significant data was compromised, the cost was as much as $50 million per incident because businesses opted to offer free credit reporting services to those affected by the breach. This figure does not even include the cost of denial of service attacks or factor in the cost of the disruption of business processes of internet-based businesses. In a study published in 2004, the Aberdeen Group found that the cost of disruptions to internet-based business is about $2 million per incident. These figures serve to illustrate the importance that these types of threats pose to a businesses’ bottom- line.

There are ways to prevent or minimize these types of attacks from being perpetrated. The hard truth is that the use of diligence by those involved in the handling of sensitive data could have prevented hackers from gaining access to private data. The watchful eye of security personnel and system administrators makes it much harder for such breaches to happen.

A sound security policy combined with compliance training for every employee should be a mandate that all businesses follow in the coming century. However, the truth is that employees and businesses alike choose to believe that their data won’t fall victim to the prying eyes of criminals. The naïve and misguided belief that one’s system is entirely secure will ultimately wind up costing companies and consumers billions of dollars.

In summation, risks associated with doing business online will continue to evolve in step with the technology that supports online commerce. Sensitive data about consumers and corporate proprietary information will always be a tempting target for criminals who understand how to circumvent security protocols in this age of interconnectivity. The security of information needs to be a top down mandate within corporations doing business over the internet. Aggressive and proactive measures must be implemented before an attack happens and contingency plans must be in place for quick and competent reactions not if, but when, attacks happen.

RFID

Joe Farrar

2^nd Follow-up Presentation Paper

Our presentation focused primarily on the positive aspects and the underlying technology of RFID and only provided limited details on the concerns associated with this technology. For my follow up paper I will expand on the challenges RFID faces and the potential repercussions associated with its use. There are important considerations companies and the individuals in charge of RFID initiatives should weigh before making the transition to RFID.

The cost of RFID technology is presently too expensive and the price of RFID tags has traditionally been a significant obstacle to its widespread deployment in medium to smaller size companies. A survey conducted by the consulting company Accenture found cost to be one barrier to the implementation of RFID. Current passive tag cost estimates range from $0.15 to $0.75, with the volume of tags purchased having a significant impact on the per tag cost. This indicates that the current cost of tags is too high to justify tagging all items. This is why most companies mandating the use of RFID such as Wal-Mart and Target are focusing on tagging pallets and cases of products, rather than each item.

Some experts suggest that per item tracking is approximately ten years away. However, I would argue that some organizations will never move to RFID technology because the cost will not justify the benefit. The integration of RFID into existing practices requires considerable investment from organizations. Reengineering a business and aligning systems takes time and, more importantly, money to complete. The process of implementing RFID technology will affect all facets of the organization and should be expected to cost millions of dollars.

Wal-Mart and the U.S. Department of Defense have come under fire from many of their suppliers, sense the cost of complying with mandates made by them, may reach over $9 million. The money required to implement RFID technology is likely to deter the cash strapped airline industry from using the technology in their baggage processing systems. This is compounded by the fact that many airlines span a large number of airports thus generating significant financial implications to implementing a cohesive system. As a result, some industry consultants have indicated that companies should allow a five-year transition period and a budget of $20 million to integrate RFID technology into current processes.

Additionally, there are concerns that there will soon be a shortage of skilled individuals in the RFID industry. This will become all too apparent when the number of companies integrating RFID technology begins to increase. While RFID technology has been around for decades, only been recently has its efficiency in the area of supply chain management been touted. As a result, an apparent lack of standards is hindering the technology’s adoption and widespread use in supply chains.

Most RFID products do not possess interoperable qualities, meaning that they can not be easily integrated into the supply chain between partners and as such they would not add value. The development of standards has progressed somewhat through the formation of the EPCglobal network. However, EPCglobal’s standard is yet to be backed by the International Organization for Standardization (ISO). There is still no standard supported by both organizations that meets everyone’s needs.

Incompatible systems exist across different industries making interoperability a foremost concern for the seamless use of RFID across supply chains. The EPC standard is of paramount importance to the success of RFID. Ongoing refinements and the backing of numerous multinational organizations mean that it will most likely become the adopted standard in supply chain management.

Another issue related to the difficulties of using RFID technology is radio spectrum allocation. Radio spectrum is a finite resource so it suffers from the inherent range limitations associated with the radio spectrum. As RFID uses the radio spectrum to transmit its signals, it is susceptible to interference that hinders its ability to transmit clear and reliable information to RFID readers. Numerous institutions try to ensure that the spectrum is managed in a way that is beneficial to the end user, it is ultimately in the control of government agencies like the FCC to decide how it is allocated. This issue becomes one of international law due to the fact that different countries have already allocated different areas of their spectrum for the use of RFID. Clearly, private and public organizations alike lack the standards needed to integrate RFID into their daily practices.

Proper tagging is also a barrier to implementing RFID. Some tag readers are only able to read product tags that are facing a particular way, so items need to be packed accordingly. Another problem arises when a pallet containing different packaged items is read, as the reader needs to be aware it is reading multiple types of items. The ability of RFID to read through most packaging material such as plastic wraps and cardboard containers is one of its most valuable assets. However, metal and liquid can play havoc with RFID signals. Evidently, tagging is not simply a matter of attaching RFID tags to items.

Privacy issues associated with RFID continue to be the biggest threat to the success of RFID. Current RFID protocols are designed to offer the most optimal performance between readers and tags, but failed to address consumer privacy concerns. As these tags become more prevalent, RFID could be used by marketers to do research at such a specific level of detail that the threat of invading a consumer’s privacy becomes a very real one. Privacy advocates are worried that, if RFID tags are placed in common items, the product may continue to be tracked once purchased by consumers. One of the public’s biggest concerns with RFID in general is lack of information as how to turn the tags off once an item was purchased. Human rights organizations have already raised their concerns about the technology.

Privacy concerns have the potential to derail an RFID initiative before it gets off the ground. For example, clothing retailer Benetton came under fire for placing RFID tags in its clothes. Once the public was made aware of this, consumers called for a boycott against Benetton, causing the retailer to abandon its RFID plans. Companies implementing RFID without considering their customers’ privacy issues concerns could stand to lose goodwill by using RFID improperly.

In conclusion, the technology of RFID still has a long road to travel before it becomes a widely used technology. There are many wrinkles that need to be ironed out before a standard is adopted by all stakeholders. Steps that further address the protection of consumer privacy must be taken. RFID does hold the potential to change the way businesses operate for the better and should be seen as a way to supercharge existing processes. Time will tell as to how widely RFID is used in the future. The management of these challenges will play a big part in determining if RFID meets its potential.

RFID

David Stevens
MCS 760
April 30, 2007

RFID position paper

The idea of RFID tags have a George Orwell feeling to them. The idea of being implanted, wearing, or carrying an RFID tag makes some people feel that they are exposed to government tracking and other “big brother” concepts. The paranoia surrounding RFID does not make the ideas business applications any less attractive it just means that business must be careful from utilizing RFID to monitor or impose upon their customers’ privacy. Using RFID tags to manage inventory is going to replace the current barcode method. RFID tags will allow business to process their inventory with greater ease. A palette of goods could be pushed through an arch that reads the passive RFID tags on the boxes to count the units and then send the number to be added to the inventory total.

Another way to use RFID tags is to create a keycard with an RFID tag to open a lock. I have had personal use of such a key to get into work. The key made it a lot easier for management to monitor their employees by serving multiple functions. The keycard did not hold any private information that could intrude on the employee’s privacy rather it only held the employee ID number. This small amount of information was able to grant or restrict employee access into the building and function as a employee time clock. This freed up management resources from having to monitor when an employee showed up for work, and the frequency of fixing payroll problems when an employee had forgotten to punch in on the old time clock was decreased. Some problems could still arise from requiring each employee to wave their keycard within a couple of inches from the reader to start their shift. A flaw in the system required that employees enter the building one at a time to allow the system to monitor access to the building and make sure that employee records would indicate when the employee arrived for work and to make sure that someone was not in the building when they were not authorized to be there. This problem would seem like the largest burden placed upon the end-users, but actually it was the need to swipe the keycard on the way out of the building when one was done working that caused the most problems. The door was not locked from the inside, so employees were able to exit without clocking out once their shift was finished. This would force management to go into the time log and manually clock out the employee. It was not a major inconvenience for the management, but requiring them to manually correct a system that was intended to be automated just lowered the managers’ efficiency.

The passive RFID tags placed on keycards, in the US passport, and on boxes for inventory tracking are low cost and relatively safe. There is the possibility that someone will try to clone the tag; however, for it to be cloned the tag needs to be in close proximity of the criminal’s scanner. Criminals are able to gain the information on the tag if they are able to get close enough to scan it. However, the information on the tag itself is not always of value to the criminal. The database should be setup in a way that only a few individuals have access to the building at anytime, so if the criminal obtains the ID number of a typical employee then their access to the building will be restricted from times when they would be hoping to commit criminal activities. In some instances it might almost be safer to provide the top management with ordinary keys for their access into the building during atypical hours. The active RFID tags are the type that evokes the feeling of a police state. An active tag is capable of sending out its signal without relying on the scanner. The passive tag does not have power to send out its signal, the scanner that reads the tag provides the power source. The active tags would be capable of sending out signals in a clandestine manner, but the fear of being spied on through the use of an active tag is not that intimidating when the ability to track people through GPS is widely available.

The major issue that I have with RFID tags is the information that is stored on the tag. The data on the tag should be small and should not contain information that can be used without a corresponding database. It is reckless when the information on the tag is useful to criminals on its own. The new US passports contain a RFID tag that contains personal information about the passport holder. It not only contains the information that identifies the passport holder, but it also contains a digital photo of the individual. This is an example of RFID tag usage that is frightening. To have all of your information capable of being stolen without even losing the passport is not an appealing prospect for people. When personal information is stored on the RFID tag it makes the belief that one needs a Faraday cage / shield to stop unauthorized reading of the tag seem more prudent than paranoid.

follow up paper

David Stevens
MCS 760
April 30, 2007

Mesh Networking Follow-up Paper

The use of networks from linking systems to sharing an Internet access point makes the stability of these networks paramount. The stability of a mesh networked system makes the network design layout appealing. The network is not reliant upon one source to gain access to the Internet, and the network is also not reliant on a server hub for accessing or sending information among the end-users. A mesh networking setup is cost affective because it is easy to maintain and is not always crippled by the failure of an access point since there are multiple.

The presentation covered the history of mesh networking and showed examples of the present use of mesh networking; however, the importance of mesh networking for future networking endeavors should not be lost. As mobile computing devices become smaller and more versatile the concept of a global network providing information access is an attractive prospective. The ability to provide cheap wireless access in residential areas by spreading the cost of Internet access over multiple end-users for each node with a backhaul to the Internet was discussed during the presentation. In this manner, communities will be able to fight the cost of high-speed internet access while utilizing their bandwidth in the most efficient manner. This is an appropriate option with the present technologies of MIMO (multiple in multiple out) routers and draft-N signal strength for residential communities. However, the users will get good performance from their network, but the setup will not be ideal for prolonged downloading (the usage of BitTorrent could cripple the network). The current community mesh network lacks the power to appease bandwidth gluttony; however, the stability of a mesh network allows the node administrators to spend more of their time limiting single users from draining the community bandwidth cache.

The idea of a regional to global mesh network makes the prospect of mobile computing devices inviting, and it also allows people to look at other options for staying connected. A regional mesh network would make the prospect of owning a mobile VOIP phone a cheap alternative to the cost of owning a cell phone. The topic of Fonero was discussed during the presentation. This idea of making a global mesh network is having a hard time overcoming the resistance people have to sharing their Internet access. The amount of spy-ware and computer viruses on the Internet does not make people feel comfortable about providing and utilizing a mesh network. It is hard to be trusting with all of the bad things that have been put onto the Internet in the past. However, if the regional mesh network movement is to gain a foothold people are going to have to trust the security programs and the other users that they allow into their mesh network. In an ideal world, people could trust one and another without having to worry about someone taking malicious actions against them. This is not the case presently so people need to set up a mesh network that repeats a wireless signal while being protective of the content on their own computer.

RFID the good and the bad

My Fourth Position Paper

By Nancy

There are many times that we run into the applications of Radio Frequency Identification (RFID) technology in our daily activities without realizing what they are, for example, shopping in supermarket store such as Wal-mart and Walgreen, or paying electronic toll like i-Pass when driving to the toll way. Typically, a basic RFID system are composed of an antenna, a transceiver (with a decoder), and a transponder (RFID tag) electronically programmed. The antenna (packaged in the transceiver and decoder) emits radio waves in ranges from one inch to 100 feet or more, depending upon its power output and the radio frequency used. When the RFID tag passes through the electromagnetic zone, it detects the reader's activation signal. The reader decodes the data encoded in the tag's integrated circuit (silicon chip) which is then passed to the host computer for data processing, i.e., count the number of products sold in the store or reduce the amount of money paid from the transportation payment account.

RFID tags are categorized as either passive or active. Passive tags require no internal power supply whereas active tags do. Consequently, passive tags are much lighter and less expensive than active ones. However, they can be used within shorter distance and require a higher-powered reader. RFID tags come in a wide variety of sizes and shapes depending on their applications. RFID systems are also distinguished by their frequency ranges: low-frequency system (30-500 KHz) used in security access, assets tracking, and animal identification applications, and high-frequency system (850-950 MHz or 2.4-2.5 GHz) used in automated toll application. The higher performance of high-frequency RFID systems results in higher initial and operating cost.

Advantages over Barcode Technology:
Even though the barcode label (a visual-format surface that contains information which will be read by an optical scanner making computer entry process much faster) is very cost-effective, however, the significant advantage of all types of RFID systems is the non-contact, non-beam-of-light nature of the technology. Tags can be read through a variety of substances such as snow, fog, ice, painted/crusted surface, or other visually and environmentally challenging conditions, where barcodes or other optically read technologies would be useless.

RFID tags can also be read in challenging circumstances at remarkable speeds (electronic toll collection) and in most cases responding in less than 100 milliseconds. The read/write capability of an active RFID system is also the significant advantage in interactive applications such as work-in-process or maintenance tracking. Though it is a more expensive technology (compared with barcode), RFID has become indispensable for a wide range of automated data collection and identification applications that would not be possible for the barcode technology.

Business Applications:
There are many RFID applications that are beneficial to business industries. For example, they are used in supply chain management, product tracking, and inventory systems.

One of the most important features of RFID technology is that it can collect a wealth of real-time data. It is going to generate gigantic amount of data about the location of individual products in the supply chain, information about when and where merchandise is manufactured, picked, packed and shipped, and numbers of products that will have to be stored, transmitted in real-time, and shared with warehouse management, inventory management, financial and other enterprise systems.

RFID technology is also one of the most important key elements for being a real-time enterprise. Applications of RFID technology are also going to need to rely on a novel computing architecture, in which vast amounts of data processing will take place.

Standard Issues:
Until now, there is no global regulation that governs the frequencies used for RFID. Many documents that are set out to review today’s RFID standards or standards relevant to RFID express no warrantee that they will become out of date after they are published. A number of standard organizations regarding to RFID technology include FCC, ANSI, ASTM, and ISO.

In general, low-frequency (LF) and high-frequency (HF) RFID tags can be used without any license. Ultrahigh-frequency (UHF) cannot be used globally since there is no single global standard. For example, the US UHF standard is not accepted in France as it interferes with France’s military bands. Most of Asian countries have no regulation for the use of UHF. Application for UHF in some countries needs a license, which can be applied at the local authorities and later can be revoked if necessary.

Privacy Issues:
The expanding uses of RFID — embraced by large retailers such as Wal-Mart and Target, ePassport by US government with RFID Tag, or Verichip implanting, have raised some concerns on privacy issues. Because scanners can read RFID chips from a short distance for security, convenient, and commercial purposes, privacy advocates worry that the technology could eventually be used to track people’s movements that would later lead to wrongful uses.

Members of the groups including IT vendors, RFID users, and consumer advocates recommend all companies using RFID tags on products to always tell their customers that RFID tags are active in their stores and also make sure they know whether they can deactivate the tags or how that data will be used.
For ePassport, US government is now working on the process on how to prevent the privacy and identity theft on the ePassport’s RFID tag. Form what I heard, current RFID trackers cannot be accessed to obtain information if our passports stay tightly closed in our briefcase or pocket.

The implementations of Verichip, the human body implanting chip, which could be used to track and access the individual medical record, employment, and personal information or allow gain in different level of data access for an employee, are still in dispute. The developers argue that the level of authorized access to personal information will depend upon the receiver equipment. General tracker tool would be able to get only the tag ID. However, in my opinion, I would not feel comfortable anyway. Technology moves around so fast, perhaps shortly there after, some hackers may come up with the new method or tools to steal our information. And the idea of implanting a chip into human’s body may also make one terrified.

Security Issues:
There are two main concerns in terms of security issues on RFID technology. The first one is tag cloning that may cause data stealing or unauthorized reading. Several cryptographic protocols are developed to solve this problem. One major challenge is to shortage the computational resources within the tag. Standard cryptographic techniques require high performance circuits than ones available in most low cost RFID devices. Various policy measures have also been proposed, such as marking RFID tagged objects with an industry standard label.

The second concern is RFID database protection. There was a report in 2006 on viruses that could infect airport terminal RFID databases for baggage, and Passport databases that obtain confidential information on the passport holder. One core issue is whether RFID data should be centralized, decentralized or both. The product information should be associated with the tag on the network, or off. And if product information resides on the tag, how can a company protect consumer privacy? There are still on-going debates among these issues.

Summary:
Developments in RFID technology continue to yield higher capacities such as larger memory, wider reading ranges, and faster processing and its applications grow tremendously into different areas of interest including medical, business transportation, and automobile industries. It is believed that the technology will ultimately replace the barcode since RFID has so many benefits to offer such as real-time data processing and read/write capabilities even in harsh environment. If some standard issues are resolved, whereby RFID equipment from different manufacturers can be used interchangeably, the market will likely grow exponentially.

Privacy and security issues are also one of the most important concerns in RFID implementation. How well one’s individual information including medical, financial, personal records are maintained and properly used is still in a lot of arguments. For business applications, better management in terms of data analysis plans for such high amount of data in real-time manners and integration strategies to better suit the company’s organizational structure are needed for future RFID business demands.

RFID What?!?

Tanner Dabel

4^th Opinion paper

RFID

RFID What?!?

Radio Frequency Identification (aka RFID) actually isn’t a new concept. It’s been around its been around as RFID for at least the last two – three decades and even more if you look at its predecessor technology from as far back as the 1920’s and 30’s. What you might have noticed however, is that RFID technology is currently in the state of rapid devolvement and has become the latest technology trend. What is RFID? Well it’s the fairly simple idea of having a RFID tag in or on something and will respond to radio waves sent by a near by transponder or antenna. In the most general sense, RFID is used to tag and track something. RFID can be coupled with other type of sensors so that it can gather readings of humidity, shock, temperature, light and vibration (among other things). This allows for RFID tagging to be very flexible in its use.

Current uses of RFID technology include; passports, transportation payment, product tracking, animal tracking, authentication, record keeping among many other tasks. RFID has proven to be a cheap and cost efficient way to record information about a certain item or thing. So, now that we’ve had a brief review of what RFID is, let’s get into the nitty gritty of how a business might use leverage RFID to gain a competitive advantage and a few potential pitfalls to RFID technology.

First up, let’s look at the RFID in a companies supply chain. Externally and internally speaking, using RFID is a good cost effective move to keeping a company competitive in today’s world market. As a large company, if you enforce that the suppliers of your products use RFID, shipments could be tracked easier and inventory records become more accurate. This would allow for more automation of some processes within the external aspects of the supply chain dealing with your suppliers. This automation can eliminate the cost human error while increasing productivity. Productivity is increased by the fact that this automation of processes can run near to if not around the clock 24/7. This automation ultimately over time will create a reduction of cost for those suppliers of your products. When this occurs, the suppliers will be able to charge less on their items and yet make the same profit, allowing your company to save when buying from the supplier.

Another benefit mentioned above is that of tracking. With RFID tagging, it is very easy to track shipments weather it be on a ship, truck or on a hand truck just about to be delivered. Your company can see the log of where the items are and when they are expected to reach specific destinations on the path to your stores warehouse. This is helpful because most of the time, the last leg of a trip for an item is via trucking service. There are many people on the road and accidents can happen. For this example, lets say there’s a five car pile up ten miles North on the interstate your truck full of RFID items is on (don’t worry, no one was hurt, just a lot of insurance claims). As the truck approaches the crash site, travel time is lost (and if the truck has to stop, a lot of travel time is lost!) At this point, little can be done about the shipment arriving on time. But, as soon as the truck hits its next check point, those RFID tags will get logged and your company will see there was a delay in reaching the check point. Because of this, the tracking system has already updated its manifest to show when the shipment will hit its next check points and when the shipment will ultimately arrive at the company warehouse. All this information can be communicated without a single person having to do anything outside of what they already were doing. The truck driver keeps their rig moving. The company checks its logs to see when the truck is expected, and the supplier continues to supply goods by filling trucks and sending shipments out. This is called added value to the company. The RFID has allowed for an awful lot of information to be communicated through an automated process. With this new information, a company can plan for the delay and work around it. As the saying goes, “Information is Power” and with this, more information can be recorded through less means of actual human interaction with a higher percentage of accuracy. In the end, this means saved dollars on the bottom line.

Lastly a company can help to better understand its own inventory through the means of RFID tagging. As an inventory control, RFID tags can help keep a better account of the physical inventory than a human could. It is also easier to scan and more can be scanned quicker through the means of RFID tagging. Because of this, internal inventory processes within a company can be streamlined, be more accurate and allow for better efficiency. Again, over the long term, this means more saved dollars and a better looking bottom line for such a company.

Moving on to the some of the more controversial aspects of RFID, let’s discuss such issues as security and privacy. The use of RFID in such things like security badges and building access cards are good examples. On the surface, having RFID used for security might seem like a great idea, but problems have occurred. Not everything is completely peachy with RFID when it comes to security. When using RFID there are some trade offs people sometimes forget, such as a.) RFID can be cracked and hacked and b.) full disclosure isn’t always provided.

RFID currently is susceptible to phenomena called illicit tracking. Meaning, a third party attempts (and sometimes is successful) in gathering information being sent or received by the RFID tag. Most encryption has held up, but where RFID has failed hasn’t been in the encryptions, but rather in bugs that were found and exploited. Once the bugs are known viruses can be used to compromise the information contained on a RFID tag. If the information on the RFID tag is limited, then I’d agree that it is a good idea to use them for security purposes within a company. To ensure that the employee’s right to privacy isn’t being compromised, the security aspect of the RFID technology needs to a.) be strongly encrypted with either a challenge-response authentication (which can be costly), or to a lesser degree, the rolling code scheme and b.) contain only the most necessary information on the tag required. Any extra information beyond that of what is essentially needed runs the risk of being compromised.

The other area where RFID sometimes gets in trouble is what information is being kept on the RFID tag and does the user know of what is all being kept on the RFID tag. This issue isn’t as concerned with security as it is with privacy. Full disclosure of what information is being kept and tracked on the RFID tag is the primary concern. To ensure information isn’t abused, business polices need to be implemented to explain why such information is being collected and how it will be collected. To give a new employee a security badge or building access card without explicitly stating what information is being kept on that badge/card and how that information is being used would be a violation of that employee’s privacy. Once a employee understands what rights to privacy they are giving up in exchange for the card/badge, then I’m entirely ok with this process, but an employee should have the right to know they are being watched and by how.

So as you can see, RFID has many uses and with that some uses are more suitable than others. When it comes to uses that strictly involve the tracking and monitoring of items through the supply chain (e.g. truck loads, or pallets) I feel there are more benefits to warrant such a use and things appear to be very black and white. My recommendation is that it be used for this purpose. However, when it comes other uses that directly involve an individual (such as access cards), things become greyer. When an individual’s rights and privacy are thrown into the equation I begin to question at what degree RFID should be used. With the policy of full disclosure and strong encryption I can reluctantly agree to its usage, but users need to be aware of the technologies pitfalls; weather it be weakness within the technology design or outside influences such as third party eavesdroppers and skimmers. Information is power and knowledge is power, without either, one would be a fool to use any such technology.

Radio-frequency identification (RFID)

Third Position Paper

By Kamakshi Samala

Radio-frequency identification (RFID) is an automatic identification method of coupling of electromagnetic or electrostatic in the RF (radio frequency) portion of the electromagnetic spectrum which is used to transmit signals. RFID system consists of an antenna and a transceiver that reads the radio frequency and transfers the information to a processing device, and a transponder, or tag, (an integrated circuit containing the RF circuitry and information to be transmitted).

Even though the RFID technology is similar in theory of bar code identification, the key difference is RFID eliminates the need for line-of-sight reading that bar coding depends on. Also, RFID scanning can be done from a greater distances than bar code scanning. High frequency RFID systems (850 MHz to 950 MHz and 2.4 GHz to 2.5 GHz) offer transmission ranges of more than 90 feet, although wavelengths in the 2.4 GHz range are absorbed by water (the human body) and therefore has limitations.

RFID cards are also known as "proximity", "proxy" or "contactless cards" and come in three varieties: passive, semi-passive (also known as semi-active), or active.

Passive RFID tags – These tags have no internal power supply. A minute electrical current is induced in the antenna by the incoming radio frequency signal. This provides enough power for the CMOS integrated circuit in the tag to power up. This helps to transmit a response. Most passive tags have antenna designed to both collect power from the incoming signal and also to transmit the outbound backscatter signal. The response of a passive RFID tag is not just an ID number; the tag chip can contain non-volatile EEPROM for storing data. Since this lacks an onboard power supply, which means that the device can be quite small.

Active RFID tags - Unlike passive RFID tags, these tags have their own internal power source which is used to power any integrated circuits that generate the outgoing signal. As these tags have ability to conduct session with a reader, they are much more reliable than the passive tags. They also transmit higher power levels than passive tags as they have onboard power supply. This feature makes them more effective in "RF challenged" environments like water (including humans/cattle, which are mostly water), metal (shipping containers, vehicles), or at longer distances. Many active tags have practical ranges of hundreds of meters, and a battery life of up to 10 years. The smallest active tags are about the size of a cold capsule and cost a few dollars.

Uses of RFID

There are many uses of RFID. Some are as follows;

1. Used in passports as e-passports which not only records the travel information but a thin metal lining incorporated in the passport makes it difficult for unauthorized readers to "skim" information when the passport is closed.

2. Used in Transport payments. E.g. T-money cards (Seoul), SUICa (Japan), Octopus Card (Hong Kong), etc. are used for paying in public transportation; Public toll roads are equipped with an RFID payment system, for example, AutoPass (Norway), E-ZPass , SunPass, EZ Tag, K-Tag etc are used in U.S.

3. Used in product tracking. For e.g., Farmers use it to identify a bovine's herd of origin; used in library book or bookstore tracking, pallet tracking, building access control, airline baggage tracking, apparel and pharmaceutical item tracking; used to track supply chain from warehouse to consumer; also used to track shipping container, and truck and trailer tracking in shipping yards.

4. RFID is also used for animal identification; human implants, for example Night Clubs in Rotterdam, The Netherlands, use an implantable chip to identify their VIP customers, who in turn use it to pay for drinks.

5. Used in Automotives. Microwave RFID tags are used in long range access control for vehicles. It’s used as a Smart Key/Smart Start option in vehicles. The key uses an active RFID circuit allowing the car to detect the key approximately 3 feet from the sensor. The driver can open the doors and start the car with the key in his pocket. Ford, Honda, and several other manufacturers use RFID-equipped ignition keys as anti-theft measures.

Pros of RFID

RFID provides valuable service by which companies can track products in a more efficient manner. Military, retailers, suppliers, consulting firms, producers of the technology, and consumers, are benefited by it in many ways. It provides companies a better alternative to bar-code using as it contains information on the product that is easily readable and accessible for the reader. This in turn would also help to revolutionize the entire supply chain of the companies by improving its efficiencies and overall business intelligence and thereby reducing costs and human errors.

The U.S. military is also benefited by the use of active and passive RFID systems. The Department of Defense has created the RFID Military Compliance Solution to help suppliers and manufacturers meet the military’s new standards for RFID. This has helped to improve their communication and transportation system during wars and has also helped to save large amount of money. This way the military was successful in creating better visibility on their supply chain which thereby increased their productivity and stability.

Companies and retailers that have high demand for supply chain can gain advantage by using this system in their supply chain management. This would help to improve their productivity, save on human labor costs, and would give companies real-time visibility with their products. Wal-Mart was the first retailer to use RFID in their distribution centers and warehouses. Once Wal-Mart was successful, many companies started using this system.

Retailers and other companies that have a demanding supply chain can gain advantage by using RFID in the supply chain. By demanding that all levels of their supply chain be RFID, it’s capable to be a sizable investment. The productivity increase that follows the initial investment and implementation for companies will pay for their investment.

RFID makes the business world seem like a smaller place when the companies that combined their supply chain technologies with the RFID, started seeing great results. This will help to achieve the goal of companies supply chain by reducing the time needed to be productive, and by automating as much of the supply chain as possible. It also reduces human error, and machines are capable of running twenty-four hours a day and cost less than human labor. The application of RFID on a large company like Wal-Mart or Target, as well as smaller retail stores can ensure a better shopping experience with more in-stock items and a more knowledgeable store.

The market of RFID is booming. Many technological companies have gotten in this game of producing RFID parts and systems thereby allowing many companies to become consulting firms for the RFID technology. The RFID market was roughly one billion dollars in 2006 and is estimated to grow anywhere from $1.3 billion by IDC, to $4.2 Billion by the Yankee Group in 2008. Roughly 20-25% of the market is made up of consulting work for the technology and the last 5% is made up of software for RFID. The biggest challenge for producers and consultants of RFID is the reliability and durability of RFID systems and products. It is hard to predict the wear and tear a product will experience over a period time. But researchers say that it not only help the companies to control human errors but will also help the companies to prove their ROI (Return on Investment), can help save one time operating costs and will help to provide better customer service by having real time information on the products. It would also help to reduce theft in the store and warehouses.

Ultimately the consumers should be the winner with RFID being implemented throughout a company’s supply chain. Stores will save money in the long run by bringing down the costs of the products. This way the consumers can expect more informative customer service with the companies using RFID, by the way of the company sharing their real time data with the customers. Having RFID tags on certain products can also make people’s lives much easier. For example, a microwave reads and recognizes the tag of the food we put in and will automatically cook it according to the directions on the tag. It also helps environmentally because companies will use resources more efficiently, benefiting everyone. Once RFID tags are able to be used on food products it will make a recall on a certain item much easier and it could potentially save lives. Also consumers use RFID everyday and many do not realize the benefits they are receiving from the technology. For example, the “Speedpass” allows contactless form of payment thereby allowing customers to wave the card in front of a reader to pay for gas or anything in the convenient store. Visa and MasterCard allows people to have money on a card (either debit or credit) which decreases waiting time at check-out places and increases loyalty for the companies that offer this feature. Another use of smart cards is keyless entries, and many more. Therefore, RFID is a beneficial technology for consumers which help to save time and offer those conveniences that traditional bar coding, credit cards and keys cannot offer.

Cons of RFID

RFID has been around for more than fifty years but there has been a rapid development in technology since last five to six years. Even though it has many potential advantages but there are many disadvantages as well.

U.S. military was the early adopter of this technology. The biggest problem they faced was the security issues. The tags consisted complete product information which made easy for the enemy to collect information from the tags thereby creating more risks of attacks from the enemies.

Large companies using RFID tags also face some potential problems. RFID has no proven infrastructure which makes difficult for suppliers to keep up with the company’s demands to become RFID-ready. Therefore, suppliers cannot implement RFID into the business and retailers cannot get information about their supply chain. This way the retailers trying to solve their supply chain management problems by using RFID, cannot benefit from it.

Privacy issue is the main disadvantage of RFID. The retailers cannot have any specific information of the consumer if the tags are affixed to pallets and cartons of the product. But by having RFID tags on individual products, retailers can trace consumer’s buying habits; keep articles from theft and keep their inventory at an acceptable level. But this process leads to disclosure of other consumer information which the consumer would prefer to keep private.

RFID could also be bad for our health. Supporters of RFID predict a world where RFID reader devices are everywhere - in stores, in floors, in doorways, on airplanes, even in the refrigerators and medicine cabinets of our own homes. In such a world, our lives would be continually exposed to electromagnetic energy. Research is taking place in this area but researchers still do not know the long-term health effects of chronic exposure to the energy emitted by these reader devices.

The main disadvantages of RFID are the privacy concerns, technological imperfections, cost of the technology and no proven methods to set up an RFID system for a company. The government and corporations are the two main groups that are most concerned for privacy issues. Hidden tags and readers threaten to take away human mystery thereby offering a world where people see, feel and hear only what the government and large corporation want people to do.

Hence, in my opinion, RFID is at the very outset of its evolution and diffusion. The technology will surely witness many exciting and interesting developments over the next few years. But the future of RFID is still uncertain. The privacy issues will still persist even though the cost of RFID system decreases. If privacy issues are not watched closely, people will become tagged and there will always be someone watching and analyzing every person’s decisions. Therefore, in order to be successful in their business, the companies must work with privacy advocate groups in order to develop a fair way of using RFID system without making their customers hostile.

RFID: A New Identification Device

Chinnapong Somsueb
ID# 1671071
4th Position paper
MCS 760

RFID: A New Identification Device

RFID (Radio-frequency identification) is an automatic identification method relying on storing and remotely retrieving data. It is often used with devices called RFID tags or transponders. Currently, its usages are expanding and will become a part of our daily lives. Even though we do not recognize any RFID devices, the usage of them would be increase considerably. The common use of RFID would be a personal and unique identification, transport payment, and product identification.

RFID could be used for the personal identification like a biometric passport system which has already been implemented in several countries. It could prevent some kinds of skimming or cloning which could be done from the old system. Moreover, the RFID chip inside a biometric passport could store some information like smartcard does. Therefore, important information in a digital format such as signatures and images could be stored inside this chip besides the actual passport picture. Furthermore, we could also put a tiny RFID chip in our pets in order to track their position which could prevent losing them.

One of the common usages of RFID is in transportation. It could be used as the identification for toll payment. According to the fact that it would be detected in a very short period and within a few feet, several cities around the world have implemented their RFID system for years in order to avoid using actual money and papers. This system can also decrease a travel time in rush hour by avoiding paying a toll.

From a business perspective, RFID can be used instead of barcode. Merchants could track their inventory and link that data to an inventory system. Moreover, RFID can also be used as detection tool as well as theft prevention. Retailers can implement this for both item identification for matching with their inventory and prevent shop lifting.

On the other hand, RFID technology is more expensive than barcode. Its cost would affect both consumers and retailers. In addition, being a new technology, RFID will take time for people to be familiar with it. Several mistakes can happen by using RFID system, such as misuse of the RFID toll lane without the device, forgetting to deactivate before leaving the store, or vulnerability through stored information.

In conclusion, this technology could lead to a new emerging firm, such as an automobile identification, auto payment, and retail theft prevention business. In my point of view, I think that this technology has a strong potential for growth due to a variety of applications which are expanding dramatically. Not only retail, transportation, and packaging business, but also health care, pharmaceutical, and chemical businesses could implement this technology in order to improve their productivity. According to cio.com’s information, the 1.3 billion RFID tags produced in 2005, and predicted that more than 33 billion RFID tags will be produced globally by 2010. As a result, if there are a number of usages, the price of RFID would be reduced. We can use this technology with any additional features with any unpredictable applications, which can lead to convenience and accuracy.

Mesh Networking

Rokeshia Robinson
3rd Position paper
Mesh Networking



Wikipedia states that Mesh networking is a way to route data, voice and instructions between nodes. It allows for continuous connections and reconfiguration around broken or blocked paths by “hopping” from node to node until the destination is reached. A mesh network whose nodes are all connected to each other is a fully connected networks. Mesh networks differ from other networks in that the component parts can all connect to each other via multiple hops, and they generally are not mobile.

Like every other topic that we have discussed in class, there are several advantages and disadvantages with mesh networking. Advantages of mesh networking can allow organizations to revolutionize the way they communicate, helping them to cut costs, boost employee productivity, improve community service, and increase public safety. Mesh networks allow organizations to extend the reach of their wired infrastructure to deliver affordable managed wireless broadband services. A managed service offering helps enable employees and customers to:

• Shift expense from capital outlay to operational expenses, making it easier to win budget approval
• Eliminate the need for new hires and incremental staff to deploy and operate equipment
• Minimize backhaul transport costs
• Pay as they grow, allowing organizations to scale services as needed
• Get service rapidly deployed
• Provide wireless roaming and access in facilities such as plazas, office buildings, libraries, community centers, etc.

On the most basic level, a mesh network is appealing to businesses and other organizations because it saves money on cabling. With a mesh network, a business only has to run a power cable, not a data cable, to most access points. The data is transmitted over the air from one access point to another until one finally ties into the hard-wired network. Using such a system, a network manager might only have to connect one of every five or 10 access points to the hard-wired network.

Instead of moving data from a device to a wireless access point to a wired network, a mesh network moves data from access point to access point, depending on availability and proximity, and then eventually onto a wired network. Mesh network traffic flows in much the same way that data travels across multiple points on the Internet before reaching a final destination. In its most complex form, a mesh network could work like a peer-to-peer network, where devices both send their own data and forward data on for other devices. In an environment like that, the more devices on a network, the better the network functions.

Mesh networking technology lets providers augment their wired backhaul infrastructure to provide wireless broadband services with very high security, reliability, and scalability. It relies on the mature 802.11 standard for wireless networking and thus is a highly stable technology, unlike other emerging transport methods that are unproven and do not utilize the ubiquitous installed base of 802.11 clients. Mesh networks also feature self-healing and dynamic route optimization capabilities, making them simple and cost-effective to deploy and manage.
In addition to advantages, there are several disadvantages to mesh networks. Mesh networks are a great concept. But the challenge lies in managing the dynamics of mesh networks so users receive an acceptable level of performance in terms of both latency and throughput. One disadvantage to mesh networking is that it requires a lot of access points, so deploying in a mesh architecture can be expensive, initial cost. The other issue is scalability. In a very large network there would be so much routing information moving from access point to access point, it would be unclear how much these networks can scale and maintain their bandwidth for users. Last, but no where near least, a mesh network is not pure 802.11, so it does not integrate well with WLAN.

In conclusion, there are several advantages and disadvantage that can be argued when supporting and implementing mesh networks in organizations. I believe that mesh networking works well in public organizations such as universities, parks, etc, but can be a real headache for some smaller public and private organizations. All in all, I can’t wait to hear what issues and concerns that are going to be addressed in class tonight.