Building Scalable, Private RFID Systems

Abstract

Due to low cost and easy deployment, RFID has become a promising technology in many applications, such as retailing, medical-patient management, logistics, and supply chain management. Although a number of RFID standards have been issued and widely adopted by many off-the-shelf products, those standards, however, scarcely added privacy concerns because of computing and communication patterns. On the other hand, in RFID systems, RF tags emit their unique serial numbers to RF readers. Without privacy protection, however, any reader can identify a tag ID via the emitted serial number. Indeed, a malicious reader can easily perform bogus authentications with detected tags to retrieve sensitive information within its scanning range. The main obstacle to preserving privacy in RFID systems lies in the capability of tags. Due to the cost consideration, common RFID tags have tight constraints on power, computational capacity, and memory. Therefore, the mature cryptographic tools for bulky PCs are not suitable for RFID devices. In this chapter, the author focuses on the privacy issue to establish scalable and private RFID systems. The chapter first discusses the privacy issue in RFID systems; and then correspondingly introduces privacy preserving techniques including privacy-preserving authentication and secure ownership transfer. Finally, the theoretic formal privacy models for RFID systems are given, in which the author formally defines privacy and the behaviors of adversaries in RFID systems. Based on a formal model, say the weak privacy model, the chapter illustrates the methodology for designing highly efficient privacy-preserving authentication protocols.