Application Security Testing: An Integral Part of DevOps
Radio Frequency Identification Device (RFID) has been getting a ton of coverage in the press ever since Wal-mart stated that they were going to require their suppliers to tag products. Over the past few years, the ability to use RFID has gotten not only cheaper, but also easier to use. By the end of this article, you'll see just how easy it has gotten to implement a passive RFID system that hooks into your applications. I use C# and .NET in my example, but you could also use Java or several other languages to do the same thing.
The RFID Hardware
RFID generally involves a reader and a set of tags. The reader scans a tag and pulls information from it. This information can be used to uniquely identify the tag and thus identify whatever is associated to the given tag.
There are a variety of readers that can be used. These range from readers for passive tags to readers for active (non-passive) tags.
Active tags have a power source within them, such as a small battery. As such, they actually transmit can their information a much farther distance than the passive tags. A good example of the use of active tags is in cards used to pay highway toll fees as you drive by.
Passive tags are cheaper and thus are more likely what people are looking to use for solutions such as inventory, ID cards, and other forms of monitoring. Passive tags also come in a variety of shapes and sizes that make them usable in a large number of applications. These can range from small stickers that can be stuck to products, to small glass vials that can be used to track liquids. There are even key chains, credit cards, watch bands, and other forms of passive tags. Figure 1 shows some of the passive tags that I've obtained.
Figure 1: A variety of passive RFID tags
The cost of RFID tags can vary depending on where you buy them and how many you purchase. Most of the tags in Figure 1 cost me between $1.20 and $3, but I purchased them individually. If you buy them in large quantities, the cost will obviously drop quickly. You can find these tags and other ones from a variety of sources. I obtained these from http://www.trossenrobotics.com/store/c/2964-EM4102.aspx.
In addition to passive versus active, you also have to know the radio wave range of the reader and tags you are using. The tags in Figure 1 are all passive tags that operate at the 125 KHz frequency. As such, they use a reader that can recognize this frequency. I used an RFID reader from Trossen Robotics . Figure 2 shows the small PhidgetsRFID passive tag reader.
Figure 2: The Phidgets RFID reader
This particular reader plugs into a USB port and will read passive tags that operate at 125khz. You can find this reader retails for about $65 US from either Phidgets or Trossen Robotics.
Each RFID tag contains a unique ID and possibly other information. As mentioned with the readers, there are passive tags and active tags. A passive tag generally contains an antennaactually a coil of wirethat when put near a reader creates a small charge that is enough to cause the tag to transmit its unique ID. This small charge, however, is minuscule, so a passive tag generally has to be within a couple of inches of a reader to work.
The unique tag ID is the key to using RFID in a program. The unique ID what sets one tag apart from all other tags. If you are tracking inventory, you can place a tag on an item and then associate the ID of the tag to that item. You've then given each item a unique key to access it by.
As an example, a credit card tag can be used as a membership card. Within your membership database, you simply need to add an additional field for the Tag ID. Before giving the card to the member, you can scan the card and associate the Tag ID to that member in your membership database. From that point forward, that unique RFID card will be associated to that member in your database. If you scan that card, you can use the retrieved unique tag ID to then search your membership database for the RFID tag number and then get the associated membership information.
This example should not sound too far off. If you have a "swipe card" that you use to access an office building, it is most likely that you are already using RFID in a manner similar to what I just described for a membership database.