Katholieke Universiteit Leuven
One of the concerns that come with the use of RFID tags is that these respond to any query. This can be overcome by having mutual authentication between reader and tag. However, the ordering between the two authentication steps is crucial. In this paper, the authors formalize mutual RFID authentication: capturing the necessary coupling between tag authentication and reader authentication as well as the ordering between these authentication steps. They show that the reader needs to authenticate first to the yet unknown tag to preserve the tag's privacy, make it more resistant to side-channel analysis and ensure that the end-user can observe the protocol's output.