Using RFID to Effectively Support the Pharmaceutical Supply Chain

June 15, 2005
To get the most out of RFID, manufacturers must embrace the technology, but understand its limitations. Darren Suprina, chief security architect at Verifichi, offers wisdom and guidance.
The high value, small product size, and lengthy distribution chains that characterize the pharmaceutical industry present unique security challenges to manufacturers, distributors, and retailers. Radio frequency identification (RFID) technologies represent a rapidly maturing means by which firms can overcome or mitigate several of the challenges inherent in this highly-regulated industry, including concerns regarding transport, information dissemination, and product quality. All parties involved need to be aware of the security benefits — and risks — that RFID tags can provide, so they can make intelligent, effective, and cost-conscious decisions regarding the use of these tags.The potentialRFID tags may be used to support the pharmaceutical supply chain in a variety of significant ways, including goods transport, information dissemination and quality control. The use of tags to provide positive product identification and counterfeit rejection is well understood, with such validations supporting the automation of inventory management. This is perhaps the most common use of RFID technologies. With a variety of tags of differing capabilities available, coordination between all participants in the distribution chain as to how each product is to be uniquely tagged is critical to avoid confusion.Electronic tags are like icebergs, with an entire underlying infrastructure hidden behind a few bytes of encoded data. Tags may be used not only to identify a product by type but by serial number as well, and thus support the tracking of individual consignments as they are passed to their ultimate destination. Furthermore, data specific to pharmaceutical shipments (such as compound name, formulation, quantity, potency and use guidance) need not be stored on the tag, but rather referenced by a tag’s unique serial number. The practical upside is a supply chain wherein high-value shipments are not easily identified by transport personnel – the electronic equivalent of a plain, brown wrapper to mask the content from view. The cost of such a system is the additional burden of maintaining and sharing data about product and shipments, which firms responsible for logistics are well adept at handling.The current generation of RFID tags is used to identify product. This type of tag is, in essence, a statement of identity and placement at the instance in time the tag is read. But these devices are small computing systems, and, looking forward, they may prove to be a useful platform for assuring quality once the product has left the loading dock. Pharmaceuticals, like other ingestibles, generally have limited shelf lives and limitations as to environmental extremes, such as prolonged exposure to elevated temperatures, which must be adhered to. The adoption of RFID tags capable of recording exposure to unacceptable conditions during transport and storage could mitigate the potential impact of transport and storage on product quality, and serve to identify any steps throughout the process that fail to meet the manufacturer’s guidelines.Securing the product pipelineIt is a certainty that the manufacturer of pharmaceuticals loses a great deal of control over goods once they leave the loading dock. It is also a given that while products are in transit, there exists the potential for challenges to the brands, reputations and bottom lines of these firms. Thievery, counterfeiting, and purposeful alteration represent just some of the negative impacts that RFID may be used to control.Though not a perfect solution, the current state-of-the-art in radio tag technologies represents the means by which a manufacturer of a product, the resellers of that product, and a public reliant on that same product can be safeguarded. Of course, no RFID tag will prevent a container from being forcibly compromised. But assuming that controls are in place to safeguard goods in transit from such access, or at least to detect such compromise, tags may be applied so as to indisputably identify the product, its source, and possibly the intended recipient as well. Good security is often a combination of physical, electronic, and procedural controls. Understanding RFID’s potential and limitations is key to its successful application.For example, the information inside RFID tags supporting read-write operations may be vulnerable to alteration, corruption and deletion. The degree to which tags may be tampered with is dependent upon the strength of the system contained within that tag to identify it uniquely and then to enter into a secure conversation (between the tag and the tag reader) without itself compromising tag security. Until a mathematically provable, high-value security can be provided on-tag for such purposes, it is recommended that rollouts of RFID tags be limited to read-only devices.An important consideration is the impact of “Moore’s Law,” i.e., that the capabilities of computing systems double approximately every 18 months. If this holds true, then the strength of any cryptographic technique used to secure an RFID tag and its data halves at the same rate. The practical downside is the necessity of anticipating that any data security techniques adopted today will be demonstrably less secure next year. Therefore it is important to consider the maximum time a product is likely be in transit and/or spend being warehoused prior to sale. This must be done to ensure that the tag selected does not inadvertently present too great a risk of compromise prior to its replacement by a unit offering support for stronger cryptography.Tag security can be expressed in terms of the strength of the cryptography employed, the processing speed of the tag and the amount of time it takes to establish a secure channel of communication with that tag. Compromising the security techniques employed in an effort to reduce tag complexity — and cost — yields tags whose mean time to "crack" may be measured in too short a timeframe to be considered secure.An example of this risk is the recent compromise of the ExxonMobil Speedpass system. Considered secure when introduced in 1997, this RFID-based system was recently compromised using off-the-shelf computing components. In effect, every 18 months for the eight years since its introduction, the technical solution became only half as secure as it had been before. While it is unlikely that pharmaceuticals produced and tagged today will still be found lingering on warehouse shelves eight years from now, it is certainly reasonable to assume that manufacturers will not wish to make multiple changes to the tag(s) being used, nor wish to force their supply chain partners to update their technology any more often than is truly necessary.Understanding the commitment to tag "technology refresh" should be factored into the cost model when electing to embrace RFID technologies. In essence, electronic tags become part of a firm’s infrastructure in support of the manufacture and movement of goods, mandating the regular updating of this technology just as if it were any other IT solution. Yet unlike information technology choices made to support the internal needs of a company, tags become part of the IT solution embraced by multiple firms. If gaining consensus to undertake technology upgrades is difficult within the confines of a single organization, it is reasonable to anticipate that far greater resistance to change will be faced when a company's suppliers, logistic agents and distributors become involved. In short, be prepared for this expanded level of interdependence when embracing RFID.Market forces meet technical realitiesCurrently, there is a tremendous push for consolidation of RFID technology with regard to capability. However, with multiple standards and developers seeking to gain the upper hand through their own intellectual property, many businesses are adopting the technology before it is fully ripened. This, in turn, complicates the resolution of issues surrounding security.Companies using RFID tags should be able to query tags securely without unauthorized parties being able to trace them. Unfortunately, Generation 2 tags have yet to be subjected to the same rigorous, open and mathematically provable security analysis that has encouraged the explosive growth of Web-based transaction services.Early adopters of RFID technologies need to understand the limitations of these devices as secure and effective conveyers of product identification, shipping, and quality control information. Current generation tags feature a small and rapidly declining cost footprint. Yet these same tags provide a very limited amount of data storage, and thus present significant challenges to those seeking the additional bits required to support the strong cryptographic algorithms required to assure identity, privacy, and non-refutability.For example, tags such as Symbol Technologies' read-only Class 0 product provide 112 bits of data storage. While this may be sufficient for highly compressed cleartext (that is, non-encrypted) data storage, such a small number of bits represents a significant challenge if the tag’s content happens to warrant the privacy that cryptography affords.Fortunately, the tradeoffs inherent in such decisions – differences in computational horsepower required, memory sizes, and mean times to crack encrypted messages – are already well understood by the IT departments of most firms. By seeking guidance from those charged with the securing of internal and customer-facing IT systems, the actual costs and limitations of RFID tags can be recognized, analyzed and selected in accordance to the firm's business requirements.Trust, but verifyWith all but the strongest data security algorithms subject to successful brute-force cracking using portable or networked computing resources, the cryptographic capability of each tag becomes an important consideration in its selection. The security of information between RFID tags and readers is only now being strengthened to meet commercial needs with Gen 2 tags. Tags that present surmountable barriers for compromise represent not only a potential supply chain disruption opportunity, but may permit the purposeful insertion of counterfeit product into the supply chain.Thus, tag selection by pharmaceutical manufactures should follow the old Cold War adage: trust, but verify. Distribution partners may have earned the trust of their customers, but they also employ individuals who may be compromised by need or greed. RFID tags of sufficient strength render attempts at supply chain violation detectable, and thus strengthen the technology's reliability for the entire industry.Education is the best policyIrrespective of the means used to identify and track product, a clear understanding of the limitations and risks associated with RFID is a necessary precursor to its successful and cost-effective use. Electronic tags present both benefits and risks similar to those of a company’s IT infrastructure, with potential impact varying based on the product being tracked, the reliability of the tags employed, the security regimen supported by the devices, and the purpose for which the tags are employed. Each new information handling technology is potentially subject to multiple attack vectors, and each should be sufficiently and provably resistant to attack so as to meet the security policy guidelines of manufacturers and distributors alike.Due to the complexity of systems involved and the necessity of a clear understanding of the responsibilities all parties have to their stakeholders, regulators, business partners and their ultimate consumers, the assistance of certified auditors should be sought. Such individuals can provide guidance and serve as educators in support of RFID rollout efforts.Individual firms may choose to “go it alone” and attempt to gain business advantages based on tag technologies. Because of the inherent complexity and risk associated with the pharmaceutical supply chain, gaining consensus across the industry is a necessary precursor to widespread adoption of this technology, and the prevention of multiple competing standards from arising. Such a fragmentation of effort would only serve to distract the industry from its core missions – providing high-value product, minimizing risk and growing a healthy bottom line.About the AuthorDarren Suprina is chief security architect at Verifichi (, where he develops new initiatives that leverage organizations' needs for security, data management and wireless access.
About the Author

Darren Suprina | chief security architect