1. RFID Technology: An Analysis of Privacy and Security Issues
Gary M. Pisarsky
Abstract Today the de facto standard for automatic identification
As Radio Frequency Identification (RFID) technology is the bar code. The Universal Product Code (UPC) is a
becomes pervasive in our lives, literally woven into the familiar optical version developed in 1973 and is used to
fabric of our society, there exists the danger to personal label most products today. The Electronic Product Code
privacy, loss of anonymity, and violation of location (EPC)  is the next evolution of the UPC barcode. As
privacy to all individuals. Even cash, which offers true RFID costs drop to the US $.05 level and below,
anonymity for consumers, may be threatened by RFID embedding Electronic Product Codes into RFID “smart
technology. labels” will replace or complement the ubiquitous printed
As the size and cost of RFID tags decrease, their use as UPC label and provide efficiencies for supply chain and
smart labels will become the dominant technique for the inventory management. EPC enabled RFID devices will
electronic collection of data. Used for automatic promise a more flexible and intelligent handling of
identification (Auto-ID) of goods, RFID technology consumer purchases from automated checkout through
promises to offer great gains in productivity. Along with return of goods after purchase. With these benefits also
these gains, new threats to personal privacy and security comes the possibility of abuse to personal privacy and
will be exposed. Low cost tags have no access control security .
function and broadcast their ID whenever in proximity of a
reader. Personal preferences and buying patterns are 1.1 Privacy and Security Challenges
traceable and personal sensitive information available to As recognized by Weis , advances in RFID
eavesdropping. With the severe cost and size constraints technology may come at a cost to privacy and security.
of these devices, the use of conventional cryptographic “Vulnerabilities to physical attacks, counterfeiting,
techniques for the protection of data is prohibitive. spoofing, eavesdropping, traffic analysis or denial of
This paper will present a brief overview of RFID service could all threaten unprotected tags”.
technology, investigate the privacy and security issues The problem to be addressed is the threat to consumer
associated with RFID technology, and analyze and privacy and what security measures are proposed to
compare proposed solutions. To conclude, this paper will address this threat in low-cost RFID tags. Low-cost tags
provide a comparison of proposed solutions and have no provisions for authentication between the tag and
recommend which of these solutions best meets the goals reader, and no access control mechanism. Tags will
and assumptions to address the privacy and security risks broadcast their programmed ID whenever in the proximity
that result from the use of RFID tags. of a reader. Personal preferences and buying patterns are
traceable and personal sensitive information susceptible to
1.0 Introduction eavesdropping. Reading of insecure tags by an adversary
Radio Frequency Identification (RFID) tags are can result in corporate espionage, forgery, and theft.
miniscule microchips that have already shrunk to half the
size of a grain of sand [1, 2]. They listen for a radio query 1.2 Proposed Solutions
and respond by transmitting their unique ID code. Most This paper will discuss five proposed schemes for
RFID tags have no batteries; they are inductively powered protecting user privacy and addressing security challenges
via an RF signal from the reader . Tags that are actively in low-cost RFID systems. One proposed solution is the
powered contain an on-board power source, such as a killing of tags after purchase, permanently disabling them
battery. Readers interrogate tags for their contents through at checkout, and making them forever after inoperable.
an RF interface. Readers may contain internal storage, Hash-Lock, re-encryption, and silent tree-walking
processing power, and an interface to a back-end database schemes are also viable approaches of making RFID tags
for added functionality. smarter. In the Hash-Lock approach, a meta-ID y is given
The MIT Auto-ID Center , now known as the MIT to the tag when it is locked. The tag can only be unlocked
Auto-ID Lab, worked with a consortium of industry when a key value x is presented to the tag such that y=h(x).
sponsors to research and develop exceptionally low-cost Juels and Pappu  describe re-encryption as a solution of
RFID tags for use in a system-level approach of automatic addressing the privacy issues of RFID tags embedded in
object identification. Auto Identification (Auto-ID) banknotes. Re-encryption uses the banknote tag serial
systems are now, more then ever before, becoming numbers encrypted with a law enforcement public key.
common place in many economic sectors. From theft Due to the resource constraints in low-cost RFID tags,
prevention and intelligent asset management to logistic Juels and Pappu propose the use of external agents to
management which includes manufacturing, materials perform the re-encryption. Silent tree-walking is another
handling, and distribution. Auto-ID systems provide proposed solution based on the asymmetric reader to tag
information about people, animals, goods and products in field strength. An eavesdropper may be able to hear the
transit. signal broadcast by the reader to the tag but is unable to
20th Computer Science Seminar
2. hear the response from the tag. The blocker tag is an transportation segment, automated toll collection systems
approach that exploits the tree-walking singulation using RFID technology allow drivers to slow down instead
(collision avoidance) protocol used to identify an of stopping to pay toll collectors, reducing the number of
individual tag. Another possible solution is the use of collectors and time needed for toll payment. TransCore, a
symmetric and asymmetric cryptographic methods; transportation technology company, in their eGotm product
however due to resource constraints and cost line, offers a paper–thin sticker-like tag that does not
considerations would be difficult to implement. require batteries and allows user information to be read or
written by a reader. This product can be used by
2.0 Overview of an RFID System Electronic Toll Collection (ETC) systems and in Electronic
Vehicle Registration (EVR) applications. This product
RFID systems are the next generation of Auto-ID may also be used in the medical field to prevent the
devices. The roots of RFID technology originate from abduction of infants from maternity wards. When used for
transponder technology developed in the late 1940s and infant protection, the system involves a tag being put
used in aircraft IFF (Identification Friend or Foe) systems. around a baby's ankle, which responds to sensor panels
A typical RFID system includes: an RFID tag and antenna located at hospital exits. If the baby is taken through the
(transponder), a reader and antenna, and possibly a back- sensor, an alarm goes off and the hospital's security team is
end database. Transponders are categorized as passive (no alerted. In addition, advanced RFID systems are being
battery support) and active (has an optional battery), and developed whereby the tag can be tracked beyond the
have a frequency range from 135 kHz (long-wave) to 5.8 confines of the hospital.
Passive tags use inductive or capacitive coupling of
power from the reader for all of its power requirements. 3.0 Security Goals and Assumptions
Approximately 90% of all RFID transponders sold today When addressing security risks for RFID systems it is
use inductive coupling for a power source. Tag important to realize the security goals and security
characteristics are small in size and may have a read/write requirements that should be imposed on the system. An
range of up to one meter. assessment needs to be performed to determine the
Active tags use a battery for an internal power source. incentive that the system represents to an adversary. What
Active tags can include micro-controllers, nonvolatile flash could be gained and what is the cost if the system is
memory for program and data, and static memory for compromised? What are the system assumptions
scratch pad purposes. Active tags have enhanced regarding security?
functionality over passive tags and can be configured as
small wireless network nodes. Many support encryption 3.1 Closed RFID Systems
and operate in the UHF/Microwave range. Characteristics In a closed RFID system where access by individuals
of these tags are larger in size, higher priced and support is controlled, the probability of an attack is low. A closed
read/write ranges from one meter to greater than fifteen system typically would use a proprietary protocol between
meters over passive tags. the readers and transponders. The use of a proprietary
Passive tags are comprised of a data-carrying device, protocol itself makes an attack on such a system more
typically in the form of a microchip, and a large area difficult. An example of such a system is an assembly line
antenna coil. When a passive tag is brought into proximity in a manufacturing facility, where the benefit to an attacker
of a reader’s antenna coil, the reader’s coil generates a is low. Though a malicious attack could cause a critical
strong high frequency electromagnetic field. The operational malfunction and lost time, no money or
electromagnetic field cuts across the cross-section of the material goods are threatened.
tag’s coil and the area around the coil causing, by
inductance, a voltage to be generated in the transponder. 3.2 Open RFID Systems
A capacitor attached across the reader’s antenna creates a
parallel resonate circuit with a resonant frequency In an open RFID system where published
corresponding to the transmission frequency of the reader. specifications are easily accessible and standard protocols
The resonate circuit causes very high currents to flow in are used, an application connected with money and
the antenna coil of the reader, which is used to generate the material goods provides a high level of motivation to an
required field strengths used to operate the remote adversary. In such an RFID system, tags must keep the
transponder. The reader’s antenna coil and the identity of their holders confidential. Tags must not
transponder’s antenna coil can be viewed as a transformer, communicate information to unauthorized readers. Tags
which provides the power to the transponder via must randomize output to minimize the possibility of
transformer coupling. associating information that could be used to track an
individual. Trust must be established between tags and
readers. Tag holders must be allowed to disable tags if
2.1 RFID Efficiencies they choose to. Spoofing, session hijacking, man in the
Since RFID systems allow the tags to be read without middle attacks, power analysis, probing, energy attacks
any physical contact, they can provide efficiencies in many and other physical attacks need to be considered.
different market segments. In the retail segment, a cashier
at a register no longer needs to remove and scan each 3.3 RFID System Assumptions
individual item in a customer’s cart. Just passing a reader
in the vicinity of the cart can read all the items at once, Before analyzing proposed solutions to privacy and
reducing the amount of time a customer spends in security issues, several assumptions need to be made. The
checkout lines, and increasing the number of customers a focus is on low-cost RFID open systems with limited
cashier can support. Managing pallets of inventory resources and power requirements. For wide spread use of
becomes more efficient by allowing business owners to RFID tags a cost of US $.05 or less per tag will be
have real-time access to inventory information. In the required. Tags will be passively powered, using the
20th Computer Science Seminar
3. energy from the reader. At most, tags will support 128 bits tags and readers. An adversary that would be able to
of storage, 100 to 200 read operations per second utilizing interfere with the communications between the tag and
anticollision techniques, and a maximum communication reader by jamming this signal or destroying the tag, might
range of several meters. result in theft. Denial of service is especially a threat in
According to Weise , to construct a 5-cent tag, the the retail market where RFID technology can be used for
IC cost should not exceed 2 cents, limiting the gate count automatic checkout.
between 7.5k to 15k gates. The Maximum gate count for a
100-bit EPC chip is roughly 5,000 – 10,000 gates , 4.1 The Kill Tag Approach
leaving approximately 2.5k to 5k gates available for A simple solution to consumer privacy issues is to kill
security, making public key or symmetric key encryption the RFID tag. Once killed, a tag can never be re-activated.
prohibitive. Even efficient algorithms using Elliptic Curve The Auto-ID lab  defined a mode of operation for
Cryptography or NTRU  would be difficult to standard supported tags in which a tag could be killed
implement with the resource and cost constraints of low- upon purchase of the tagged product. The kill command
cost tags. would require a special 8-bit password to be sent to the
The communications channel between tags and reader tag. Upon receiving this password the tag would
is assumed to be vulnerable to eavesdropping. The unconditionally erase itself. An implementation of the kill
communications channel between readers and any back- tag solution is that at checkout time a clerk would kill tags
end database is carried out over a secure channel that has attached to purchased items. In theory this would
authentication and access control methods in place to guarantee that no purchased goods contained active RFID
provide strong security. tags, satisfying all the security goals and requirements.
Several disadvantages exist with the kill tag approach.
3.3.1 Asymmetric Channel Strength The kill command takes a conscience effort to enact; if
An issue that is inherent to the use of passive tags is the overlooked it would allow live tags on items to leave the
forward versus reverse asymmetric channel strength. store. When killing a tag, there is no way to ensure that
Since a reader must supply the power for a tag, the reader the kill command was properly executed. With each
to tag field strength is typically much greater then the tag password being only 8-bits long, a brute force attack using
to reader field strength. With this greater field strength in all 256 possible addresses could lead to abuse for
the forward direction, it may be possible for an malicious purposes. As stated previously, once a tag is
eavesdropper to monitor communications from the reader killed it can never be re-activated. As new and innovative
to the tag. In the reverse direction, from the tag to the consumer applications are developed, consumers may
reader, the field strength is much weaker. An decide to have tags remain operational. Applications such
eavesdropper may not be able to monitor the as smart microwave ovens, intelligent refrigerators, and
communications from the tag to the reader. product refund or recall are just a few examples of possible
future use of active RFID tags by consumers.
4.0 Addressing Privacy and Data Security Issues
4.2 The Hash-Lock Approach
Low cost RFID tags will respond with their
programmed identifier (EPC) to a reader when placed The Hash-Lock approach proposed by Weis et al. 
within the reader’s interrogation zone. With no uses the concept of locking and unlocking the tag to allow
authentication required between the tag and reader, trust access. The security of the Hash-Lock approach uses the
between the tag and reader does not exist, allowing principle based on the difficulty of inverting a one-way
unprotected tags to be vulnerable to eavesdropping. hash function. The scheme makes use of a back-end
database to provide correct reader to tag identification and
Replacing the tag ID with a pseudonym would provide the concept of a meta-ID stored in each tag.
a level of security to secure product identification
information. However for every query the tag will respond
with the same pseudonym allowing the tracking of an
individual. Even though the eavesdropper cannot identify
the product, the location privacy of the individual is
Erasing all product identification information from the
tag at the time of purchase but leaving manufacturing and
product information intact, would allow consumers to have Fig 4.1 Hash-Locking: Reader unlock protocol .
future access to the information without a unique ID that To lock the tag the reader sends a hash of a random
can be used for tracking purposes. Erasing identification key, as the meta-ID, to the tag. i.e. meta-ID<-
information still presents a problem allowing an hash(key). The reader then stores the meta-ID and
eavesdropper to track groups of products. An example key in the back end database. While locked, the tag only
would be consumers who all have purchased Rolex responds with the meta-ID when queried. As shown in
watches, or other goods. Fig. 4.1, to unlock the tag, the reader will query the tag for
The attacks identified are passive attacks, needing only the meta-ID. The reader will then use the meta-ID to
the capability to monitor the conversation between the lookup a key and ID for the tag in the database. If the
reader and tag. An adversary that has the ability to meta-ID is found, the reader then sends the key to the tag
participate in the protocol between the tag and reader can in an attempt to unlock the tag. The tag hashes the key and
re-write more expensive items with tag data from less compares the results against the meta-ID stored in the tag.
expensive items. Counterfeit tags could result in theft. If this compares successfully, the tag will unlock itself and
Another risk is denial of service. RFID systems use allow access to the reader. The Hash-Lock scheme meets
wireless RF communications to communicate between the several security goals and requirements stated in this
20th Computer Science Seminar
4. paper. It establishes trust between the tags and readers and Another privacy threat identified by Weis et al.  is
will prevent unauthorized readers from reading tag that an eavesdropper is more likely to hear transmissions
contents. By using a meta-ID, tags keep the identity of from the reader-to-tag, versus transmissions from the tag-
their holders confidential. The holder has the capability to to-reader. The forward channel range versus reverse
disable (lock) or enable (unlock) tags, should they desire to channel range threat is shown in Fig. 4.3.
do so. Disadvantages include that tags could only be
unlocked briefly to minimize the possibility of being
hijacked. The use of meta-IDs assumes that the hash 4.3.1 Standard Tree-Walking Algorithm
function can be implemented in the hardware of low-cost RFID systems often encounter multiple transponders
tags with limited resources. The Hash-Lock approach is attempting to communicate to a reader at the same time.
susceptible to spoofing using a man-in-the-middle attack Multi-access communication from a number of tags
for later replay. The meta-ID itself acts as an identifier require that the reader must reliably prevent the
and may allow tracking of individuals. Additionally, it transponder’s data from becoming corrupt and unreadable
may be difficult for consumers to manage and update if a data collision should occur. To support multi-access
meta-IDs for a large number of tags. communication, RFID systems must provide anticollision
procedures (access protocol) to singulate tag IDs.
Typically the implementation of an access protocol
4.2.1 Randomized Hash-Lock Enhancement involves the reader first sending a request for all
Weis et al.  proposes an enhancement to the above transponders in its interrogation zone to respond with their
protocol to help prevent the disclosure of meta-IDs while a IDs. By analyzing the results of the response, the reader
tag is in the locked state. Randomizing the tag response determines if a collision occurred and identifies the bit
during the query process prevents tracking of individuals position of the collision. Armed with this information the
based on meta-IDs. reader can now request a subset of all transponders by
requesting the ID’s of transponders based on the
representation of the ID from where the collision occurred.
To reduce the number of request packets sent from the
reader, a binary search algorithm is typically used (Fig.
Fig 4.2 Hash-Locking: Enhanced reader unlock protocol using a
randomized hash .
The randomized Hash-Lock approach requires tags to
compute a one-way hash function and include an onboard,
random number generator. As shown in Fig 4.2, a tag
responds to a query with a random number r, and a hash of
its ID concatenated with random number r. The reader
queries the database for all IDs and hashes each ID
concatenated with the returned random number r from the
tag. If a match is found, the reader sends the ID to the tag Fig. 4.4 Tree Walk example: Each tag in this example has a 3-bit
for authentication. Disadvantages include a brute force serial number .
search that must be performed by the reader, making the
Hash-Lock randomized approach time consuming and 4.3.2 Implementation of Silent Tree-Walking
relevant to only a small number of tags. Another As described earlier, an eavesdropper may hear
disadvantage of the randomized Hash-Lock protocol is that transmissions from the reader many meters away. The
while a one-way hash function is difficult to reverse, it anti-collision algorithms used by RFID tags to request the
may still leak bits of its input. Such leaks could ID from the tag can be used to determine the ID of the tag.
compromise the tag’s ID value. Moreover, the addition of To prevent this “Backward Channel Key Negotiation”
a random number generator may be costly to implement Weis et al suggests encoding the reader’s transmissions so
based on resource constraints. that a passive eavesdropper is unable to determine the IDs
of the tags being read. By having the reader request the
“Next Bit” from the tag instead of sending an ID during
4.3 The Silent Tree-Walking Approach the singulation process (Fig 4.5), passive eavesdropping
can be eliminated.
Fig. 4.5 Silent Tree Walking: Left hand represents a non-
collision; the right hand illustrates a collision .
Fig. 4.3 The forward reader to tag range is much greater than the In the above figure, after the collision, the reader
less powerful tag to reader range. . responds with “Last Bit” XOR “tag 01” = 0 XOR 1 = 1.
Tag 01 continues while the shaded tag 00 ceases to
20th Computer Science Seminar
5. respond to the protocol. The concept is that the reader in to remain active. In a universal configuration this would
the backward channel will be able to hear the responses block all possible tag IDs when queried by the reader. An
from the tag, whereas the eavesdropper in the forward added advantage to the blocker tag approach is that a
channel will not hear the tag response. Thus the reader blocker tag can be configured to have “Multiple Privacy
and tag share a secret - namely the bit value without Zones” allowing ranges of IDs to be blocked while
reveling it to the eavesdropper. The Silent-Tree Walking allowing other ranges to operate normally. The selective
scheme only meets the security requirement of protection blocker tag only requires minor changes to a standard
against eavesdropping and does not provide protection RFID tag. A password would be needed to identify
against active attacks; it does not protect against privacy zones. If a low-cost RFID tag costs US $0.05, a
eavesdropping in the reverse direction and also assumes selective blocker tag should cost no more the US $0.10.
that tag IDs are grouped with a common prefix. Creating a Blocker tags do not require any expensive encryption. For
common prefix can be difficult with a large numbers of practical use as a privacy tool, selective blocking is
tags. suggested. If used in a universal mode the blocker tag
method would provide privacy protection at the cost of
4.4 The Re-Encryption Approach disrupting the communications of all RFID tags in the
area. Disadvantages of this approach include a mechanism
Juels and Pappu  propose the use of public-key that would be needed for readers to identify what “zones”
cryptography and the employment of re-encryption of the are being blocked. Another disadvantage is in the
serial numbers on banknotes for user privacy protection selection of privacy zones. Having too many zones could
while still allowing the tracking of these notes by act as an identifier undermining individual privacy.
authorized law enforcement agencies. Because of the Lastly, a blocker tag can be used maliciously for
resource constraints of the RFID tags embedded on these implementing denial of service attacks.
notes, the re-encryption would be done by agents, which in
practice could be shops, retail banks and even by
consumers. 5.0 Summary
The problem being addressed is that even if the serial The following table presents a comparison of the
numbers of these notes where encrypted, the static proposed solutions. The first column identifies the
ciphertext of the serial numbers itself represents a unique solution. In column two an evaluation is made on how
identifier, allowing the tracking of individuals. Re- compliant the solution is in regards to the Goals and
encryption of the ciphertext would allow the ciphertext to Assumptions made in section 3.0. The third column places
change in appearance without changing the serial number some value on how user friendly the solution is, or what
of the plaintext message. Re-encryption used in mix impact the solution has on the tag holders. Column four
networks is introduced by Golle et al. , Mix nets use addresses the added cost to implement the solution, and the
the homomorphic properties of El Gamal public key last column places some weight on if the solution is
cryptography to re-encrypt ciphertext with knowledge of practical based on the assumptions made.
only the public parameters and not the plain text. In the Table 1: A Comparison of Proposed Solutions
method employed by Juels and Pappu, re-encryption is
defined based on the knowledge that agents will have Solution Meets User Added Practical
access to the plain text, i.e. serial number. Their concept is Security Friendly Cost
that an agent receives a banknote and using a scanning Reqmnts
device such as an optical reader, reads the plain text serial Kill Tag All Some None Yes
number, encrypts it using the law enforcement public key what
and writes the results back to the RFID. To help prevent
Hash-Lock Minimal Lesser Med/ Yes
fraud, two different contact channels are defined: an
optical channel that allows the update of ciphertext to the High
RFID and a transmission channel for RFID query access. Enhanced Some Lesser High Maybe
Including a digital signature during the encryption process Hash-Lock
further strengthens this approach. The problem when Silent Tree- Minimal Lesser Low/ Yes
addressing consumer privacy in the re-encryption approach Walking Med
is the rate at which re-encryption must take place. If this
rate is very low, the static ciphertext will not change, Selective Most More so Low/ Yes
resulting in a unique identifier. Additionally, The cost of Blocker Med
the necessary equipment placed on agents to perform the Tag
re-encryption can make this approach economically
unattractive. Standard All Would Very No
Encryption be High
4.5 The Blocker Tag Approach Based on this summary, the selective blocker tag
solution provides the best value with minimal added cost
Juels et al.  suggest the concept of a blocker tag to and is practical for implementation by today’s standards.
address the issue of consumer privacy. The blocker tag The selective blocker tag does impact the holders of tags
approach uses the tree walking protocol to simulate many since they must purchase or obtain a blocker for use
different tags simultaneously. A blocker tag, blocks the against active tags.
reader from successfully allowing a tag that is in the
interrogation zone to successfully respond with its unique For completeness, standard encryption has been added
ID number. The blocker tag achieves this by causing a as a solution. Using standard encryption schemes would
collision for each bit in the request from the reader. In provide strong privacy and be transparent to the holder.
effect this would “jam” tags that the consumer has in their Unfortunately, based on the technology available today,
possession, preserving their privacy but allowing the tags the cost would be prohibitive and would not be practical.
20th Computer Science Seminar
6. 6.0 Conclusion  S.A.Weis, S.E.Sarma, R.L. Revest, D.W. Engels,
The work by Sarma et al.  predicts that over the “Security and Privacy Aspects of Low-Cost Radio
next several years, development of low-cost tags in the Frequency Identification Systems“ accepted for
range of US $0.05 or less will continue to present a publication to the First International Conference on
challenge to manufacturers. Low-cost tags will remain Security in Pervasive Computing (SPC 2003),
extremely resource scarce, passively powered, and have March 12-14, 2003.
limited memory resources comprised of several hundred  D. Boneh, P. Golle, “Almost Entirely Correct
bytes, as opposed to kilobytes. The range of Mixing With Applications to Voting,” Proceedings
communications will be a few meters, with a limit on of the 9th ACM conference on Computer and
computational power. Using standard cryptographic communications security, 2002, pp. 68 - 77.
security mechanisms will exceed the capability of these  A. Juels, R.L. Rivest, M. Szydlo, “The Blocker Tag:
devices. To meet these challenges, more work must be Selective Blocking of RFID Tags for Consumer
done to develop new hardware-efficient hash functions Privacy.” Conference on Computer and
within low-cost RFID tags, along with new lightweight Communications Security Proceedings of the 10th
cryptographic primitives and protocols. Any new and ACM conference on Computer and communication
efficient functions need to take into account the limited security, October 2003, 103-111.
resources of low-cost RFID tags.  A. Juels, “Privacy and Authentication in Low-Cost
In this paper the threats to personal privacy and RFID Tags”, in submission, 2003
security that exist in low-cost RFID tags have been http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/
identified, goals and assumptions defined, and proposed publications/pt-rfid
solutions to address these privacy and security risks  S. Sarma, S. Weis, D. Engels, “Radio-frequency
analyzed. Based on the comparison of these solutions, the identifiers: Security Risks and Challenges,”
selective blocker tag provides the best solution satisfying
most requirements. CryptoBytes, vol. 6, no. 1, Spring 2003
As RFID technology advances allowing “smarter” tags,
the line between RFID devices, smart cards, and general-
purpose computers will blur. Today’s research benefiting
RFID devices will aid in the development of secure
ubiquitous computing systems in the future.
 T, McConnel, “RFID advances bring fundamental
changes to security and personal safety,”
4S0047, June 6, 2003
 K. Takaragi, M. Usami, R. Imura, R. Itsuki, T.
Satoh, “An ultra small individual recognition
security chip,” Micro, IEEE Nov/Dec 2001 Pages
43 – 49, Volume 21, Issue 6
 K.V.S. Rao, “An overview of backscattered radio
frequency identification system (RFID”),
Microwave Conference, 1999 Asia Pacific, meeting
date 11/30/1999 – 12/03/1999, Volume: 3, Pages:
746 – 749
 MIT Auto-ID Center. http://www.autoidcenter.org
 S. Sarma, D. Brock, D. Engels, “Radio frequency
identification and the electronic product code,”
Micro, IEEE, vol. 21, no. 6, Nov. – Dec. 2001,
pp.50 – 54.
 D. McCullough. RFID tags: Big Brother in small
packages. CNet, 13 January 2003. From
 Steven A. Weis, , “Security and Privacy in Radio-
Frequency Identification Devices” MIT Master of
Science Thesis, submitted May 2003.
 A. Juels, R. Pappu, “Squealing Euros: Privacy
Protection in RFID-Enabled Banknotes.” In R.
Wright, ed., Financial Cryptography ’03. Pringer-
 J. Hoffstein, J. Pipher, J. H. Silverman, “NTRU: A
Ring-Based Public Key Cryptosystem.” Lecture
Notes in Computer Science, 1423:267, 1998.
20th Computer Science Seminar