Protecting the privacy of RFID tags

Radio Frequency Identification (RFID) is an emerging wireless technology with many potential applications, including supply chain management, personnel tracking and point of sale checkout. Its wide spread adoption raises concerns about known security and privacy vulnerabilities, including the ability of rogue RFID readers to access the unique identifier and data of RFID tags. To prevent the eavesdropping of tag through communication channel, methods like one-way hashing, cryptography and one-time pads have been used; however they do not prevent the clandestine tracking of tags using their unique identifier.We describe a novel scheme to protect the identity of tags, and prevent them from being clandestinely tracked and inventoried.

Our approach uses inexpensive passive RFID tags, an RFID reader, an authenticating agent, and a local entity that can dynamically reprogram tags to protect their identity. We ensure visibility of goods to authorized RFID readers at any point in the transit of RFID tagged goods from one location to another, while denying information to unauthorized readers. The approach protects the identity of the RFID tags without significant changes to the existing infrastructure and obviates the need for expensive active RFID tags. We present our scheme in the context of a transit vehicle like a truck which carries RFID tagged goods from one place to another.