Protecting the privacy of passive RFID tags

Nimish Vartak, Anand Patwardhan, Anupam Joshi, Tim Finin, and Paul Nagy

September 1, 2006

Radio Frequency Identification (RFID) is an emerging wireless technology with many potential applications, including supply chain management, personnel tracking and point-of-sale checkout. Its widespread adoption raises concerns about known security and privacy vulnerabilities, including the ability of rogue RFID readers to access the unique identifier and data of RFID tags. To prevent the eavesdropping of tags through communication channel, methods like one-way hashing, cryptography and one-time pads have been used; however, they do not prevent the clandestine tracking of tags using their unique identifier. We describe a novel scheme to protect the identity of tags and prevent them from being clandestinely tracked and inventoried.

Our approach uses inexpensive passive RFID tags, an RFID reader, an authenticating agent, and a local entity that can dynamically reprogram tags to protect their identity. We ensure the visibility of goods to authorized RFID readers at any point in the transit of RFID-tagged goods from one location to another while denying information to unauthorized readers. The approach protects the identity of the RFID tags without significant changes to the existing infrastructure and obviates the need for expensive, active RFID tags. We present our scheme in the context of a transit vehicle like a truck that carries RFID-tagged goods from one place to another.

BibTeX OWL Tweet Scholar

Tags: pervasive computing, privacy, rfid, security

Type: TechReport

Publisher: University of Maryland, Baltimore County

Organization: Computer Science and Electrical Engineering

Note: TR CS-06-10

Downloads: 3305 downloads