A Family of Dunces: Trivial RFID Identification and Authentication Protocols
Source: University of California
RFID technology is rapidly becoming ubiquitous. In the near future, it is expected to replace barcodes as the most common means of product and merchandise identification. Current and emerging applications range from toll transponders, passports and livestock/pet tracking devices to miniscule stealthy tags in everyday items, such as clothing, pharmaceuticals, library books and so on. Unlike barcodes, RFID tags do not require close physical proximity between a reader and a scanned object and also do not require a line-of-sight communication channel. Furthermore, RFID tags' smaller form factor takes up less valuable packaging "Real estate". However, current and emerging RFID proliferation into many spheres of everyday life raises numerous privacy and security concerns. One of the main issues has to do with malicious tracking of RFID-equipped objects. While tracking RFID tags is typically one of the key features and goals of a legitimate RFID system unauthorized tracking of RFID tags is viewed as a major privacy threat. In general, in-roads recently made by the RFID technology have prompted some public discontent and controversy. Privacy advocates have pointed out some sinister consequences of malicious tag tracking. Proposed protocols require as little as one light-weight cryptographic operation on the tag and storage. They are particularly well-suited for the batch mode of tag identification whereby a reader interrogates a multitude of tags and later identifies them in bulk.