Shostack + Friends Blog Archive

 

Is this idea feasible?

With all the reports of lost backup tapes, I wonder if it would be technically feasible to keep an eye on them using RFID tags. If a tape “tries to leave” a facility without having been pre-authorized, bells go off. If a tape can’t be found, there’s a record of where it was last detected by an RFID reader. Hey, it works for babies, right?
(I am awaiting the comment about how this naive notion is fundamentally flawed. I know EC has some readers who have expertise with RFID. I am somewhat heartened, now that I Googled this brainstorm, that others have thought of it)

8 comments on "Is this idea feasible?"

  • petrilli says:

    It’s not only feasible, it’s actually being evaluated in a few places. Not specifically for backup tapes, but for media. It’s also in test deployments for tracking medication.

  • It sounds reasonable, but keep in mind that many tapes are sent offsite locked inside a container. It may be a plastic bin, but I’ve seen heavy duty metal cases too. The metal ones may interfere with the signal.
    I can imagine its a potentially useful tool, even for employee theft measures (i.e. Espionage. Got a bone to pick with your employer? Grab the backup tapes from R&D and call the competition…)
    Like a lot of “NEW” technologies their are a lot of good ideas about what we could do with it…and the best ideas probably haven’t been thought of yet. While this might work very well, it could just as easily be way too costly to setup and maintain.

  • sungo says:

    It’s being implemented, and not just for backup tapes. My day job is RFID tagging hosts and switches and other critical infrastructure. It lessens the inventory time and makes sure that staff don’t “borrow” hardware. 🙂

  • Simson says:

    What’s your threat model? RFID tags have a very limited read range and are easily blocked.

  • Student says:

    Useful against accidental loss and very basic attacks, but if the attacker is aware of this protection you better hope he hasn’t got a metal bag or simply removes the tags.
    On the other hand if I have understood things correctly a majority of the losses are off site, usually in transport. In those cases this wouldn’t be much of a help…

  • Stian ØvrevÃ¥ge says:

    The feasibility of this idea depends on, as Simson points out, your threat model. Are you protecting against accidental loss and careless employees or against a highly motivated attacker?
    As for directed technical attacks against the system I can think of a few but probably very effective:
    – EMP to disable the RFID device
    – Shielding the RFID device
    – Jamming the RFID devices
    – Similar attacks on RFID readers
    When considering the sophistication of backup-thieves (http://www.schneier.com/blog/archives/2005/12/ehijacking.html) even if these vulnerabilities did not exist, the possibility of social-engineering is definitely there.
    I’ll quote Bruce Schneier on this one:
    “If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.”
    And, the thing with the baby-tracking is that it doesn’t work, it’s completely infeasible, as Schneier concludes in the article you linked to 😉

  • Chris says:

    heh. I knew this would get things going.
    Look for a follow-up post where I actually talk about the threat model, etc.

  • Kenton A. Hoover says:

    “EMP to disable the RFID device”
    …would tend to reliably “disable” the contents of the tape as well. I’d stick with the mylar bag.

Comments are closed.