PAP: A privacy and authentication protocol for passive RFID tags

Abstract

Passive Radio Frequency Identification (RFID) tags, due to their ability to uniquely identify every individual item and low cost, are well suited for supply chain management and are expected to replace barcodes in the near future. However, unlike barcodes, these tags have a longer range in which they are allowed to be scanned, subjecting them to unauthorized scanning by malicious readers and to various other attacks, including cloning attacks. Therefore, a security protocol for RFID tags is necessary to ensure the privacy and authentication between each tag and their reader. In order to accomplish this, we propose PAP, a privacy and authentication protocol for passive RFID tags. This protocol requires little computation and achieves both privacy and authentication, making it sufficient enough for use in supply chain management; however, this protocol is also suitable for use in other RFID applications as well.