Protecting the privacy of RFID tags

Radio Frequency Identification (RFID) is being extensively used for a large number of applications, which includes supply chain management (SCM). One among the major privacy concerns is the ability of rogue RFID readers to access the unique identifier of RFID tags. To prevent the eavesdropping of tag through communication channel, methods like one-way hashing, cryptography and one-time pads have been used; however these methods do not prevent the clandestine tracking of tags using their unique identifier.

We propose a scheme in which we use an authenticating agent co-coordinating with a local entity to can dynamically reprogram RFID tags to protect their identity. We ensure visibility of goods to authorized RFID readers at any point in the transit of RFID tagged goods from one location to another, while denying information to unauthorized readers. The approach protects the identity of the RFID tags without significant changes to the existing infrastructure and obviates the need for expensive active RFID tags. We present our scheme in the context of a transit vehicle like a truck which carries RFID tagged goods from one place to another. We study the feasibility of the proposed scheme with the existing EPC Class 1 tags and reader capabilities. We present the results we obtain using RFID readers from a leading vendor and passive RFID tags. We develop a working prototype of the scheme and show the scheme to be effective.