RFID Technology: An Analysis of Privacy and Security Issues ...


Published on

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

RFID Technology: An Analysis of Privacy and Security Issues ...

  1. 1. RFID Technology: An Analysis of Privacy and Security Issues Gary M. Pisarsky Abstract Today the de facto standard for automatic identification As Radio Frequency Identification (RFID) technology is the bar code. The Universal Product Code (UPC) is a becomes pervasive in our lives, literally woven into the familiar optical version developed in 1973 and is used to fabric of our society, there exists the danger to personal label most products today. The Electronic Product Code privacy, loss of anonymity, and violation of location (EPC) [5] is the next evolution of the UPC barcode. As privacy to all individuals. Even cash, which offers true RFID costs drop to the US $.05 level and below, anonymity for consumers, may be threatened by RFID embedding Electronic Product Codes into RFID “smart technology. labels” will replace or complement the ubiquitous printed As the size and cost of RFID tags decrease, their use as UPC label and provide efficiencies for supply chain and smart labels will become the dominant technique for the inventory management. EPC enabled RFID devices will electronic collection of data. Used for automatic promise a more flexible and intelligent handling of identification (Auto-ID) of goods, RFID technology consumer purchases from automated checkout through promises to offer great gains in productivity. Along with return of goods after purchase. With these benefits also these gains, new threats to personal privacy and security comes the possibility of abuse to personal privacy and will be exposed. Low cost tags have no access control security [6]. function and broadcast their ID whenever in proximity of a reader. Personal preferences and buying patterns are 1.1 Privacy and Security Challenges traceable and personal sensitive information available to As recognized by Weis [7], advances in RFID eavesdropping. With the severe cost and size constraints technology may come at a cost to privacy and security. of these devices, the use of conventional cryptographic “Vulnerabilities to physical attacks, counterfeiting, techniques for the protection of data is prohibitive. spoofing, eavesdropping, traffic analysis or denial of This paper will present a brief overview of RFID service could all threaten unprotected tags”. technology, investigate the privacy and security issues The problem to be addressed is the threat to consumer associated with RFID technology, and analyze and privacy and what security measures are proposed to compare proposed solutions. To conclude, this paper will address this threat in low-cost RFID tags. Low-cost tags provide a comparison of proposed solutions and have no provisions for authentication between the tag and recommend which of these solutions best meets the goals reader, and no access control mechanism. Tags will and assumptions to address the privacy and security risks broadcast their programmed ID whenever in the proximity that result from the use of RFID tags. of a reader. Personal preferences and buying patterns are traceable and personal sensitive information susceptible to 1.0 Introduction eavesdropping. Reading of insecure tags by an adversary Radio Frequency Identification (RFID) tags are can result in corporate espionage, forgery, and theft. miniscule microchips that have already shrunk to half the size of a grain of sand [1, 2]. They listen for a radio query 1.2 Proposed Solutions and respond by transmitting their unique ID code. Most This paper will discuss five proposed schemes for RFID tags have no batteries; they are inductively powered protecting user privacy and addressing security challenges via an RF signal from the reader [3]. Tags that are actively in low-cost RFID systems. One proposed solution is the powered contain an on-board power source, such as a killing of tags after purchase, permanently disabling them battery. Readers interrogate tags for their contents through at checkout, and making them forever after inoperable. an RF interface. Readers may contain internal storage, Hash-Lock, re-encryption, and silent tree-walking processing power, and an interface to a back-end database schemes are also viable approaches of making RFID tags for added functionality. smarter. In the Hash-Lock approach, a meta-ID y is given The MIT Auto-ID Center [4], now known as the MIT to the tag when it is locked. The tag can only be unlocked Auto-ID Lab, worked with a consortium of industry when a key value x is presented to the tag such that y=h(x). sponsors to research and develop exceptionally low-cost Juels and Pappu [8] describe re-encryption as a solution of RFID tags for use in a system-level approach of automatic addressing the privacy issues of RFID tags embedded in object identification. Auto Identification (Auto-ID) banknotes. Re-encryption uses the banknote tag serial systems are now, more then ever before, becoming numbers encrypted with a law enforcement public key. common place in many economic sectors. From theft Due to the resource constraints in low-cost RFID tags, prevention and intelligent asset management to logistic Juels and Pappu propose the use of external agents to management which includes manufacturing, materials perform the re-encryption. Silent tree-walking is another handling, and distribution. Auto-ID systems provide proposed solution based on the asymmetric reader to tag information about people, animals, goods and products in field strength. An eavesdropper may be able to hear the transit. signal broadcast by the reader to the tag but is unable to 20th Computer Science Seminar SA3-T1-1
  2. 2. hear the response from the tag. The blocker tag is an transportation segment, automated toll collection systems approach that exploits the tree-walking singulation using RFID technology allow drivers to slow down instead (collision avoidance) protocol used to identify an of stopping to pay toll collectors, reducing the number of individual tag. Another possible solution is the use of collectors and time needed for toll payment. TransCore, a symmetric and asymmetric cryptographic methods; transportation technology company, in their eGotm product however due to resource constraints and cost line, offers a paper–thin sticker-like tag that does not considerations would be difficult to implement. require batteries and allows user information to be read or written by a reader. This product can be used by 2.0 Overview of an RFID System Electronic Toll Collection (ETC) systems and in Electronic Vehicle Registration (EVR) applications. This product RFID systems are the next generation of Auto-ID may also be used in the medical field to prevent the devices. The roots of RFID technology originate from abduction of infants from maternity wards. When used for transponder technology developed in the late 1940s and infant protection, the system involves a tag being put used in aircraft IFF (Identification Friend or Foe) systems. around a baby's ankle, which responds to sensor panels A typical RFID system includes: an RFID tag and antenna located at hospital exits. If the baby is taken through the (transponder), a reader and antenna, and possibly a back- sensor, an alarm goes off and the hospital's security team is end database. Transponders are categorized as passive (no alerted. In addition, advanced RFID systems are being battery support) and active (has an optional battery), and developed whereby the tag can be tracked beyond the have a frequency range from 135 kHz (long-wave) to 5.8 confines of the hospital. GHz (micro-wave). Passive tags use inductive or capacitive coupling of power from the reader for all of its power requirements. 3.0 Security Goals and Assumptions Approximately 90% of all RFID transponders sold today When addressing security risks for RFID systems it is use inductive coupling for a power source. Tag important to realize the security goals and security characteristics are small in size and may have a read/write requirements that should be imposed on the system. An range of up to one meter. assessment needs to be performed to determine the Active tags use a battery for an internal power source. incentive that the system represents to an adversary. What Active tags can include micro-controllers, nonvolatile flash could be gained and what is the cost if the system is memory for program and data, and static memory for compromised? What are the system assumptions scratch pad purposes. Active tags have enhanced regarding security? functionality over passive tags and can be configured as small wireless network nodes. Many support encryption 3.1 Closed RFID Systems and operate in the UHF/Microwave range. Characteristics In a closed RFID system where access by individuals of these tags are larger in size, higher priced and support is controlled, the probability of an attack is low. A closed read/write ranges from one meter to greater than fifteen system typically would use a proprietary protocol between meters over passive tags. the readers and transponders. The use of a proprietary Passive tags are comprised of a data-carrying device, protocol itself makes an attack on such a system more typically in the form of a microchip, and a large area difficult. An example of such a system is an assembly line antenna coil. When a passive tag is brought into proximity in a manufacturing facility, where the benefit to an attacker of a reader’s antenna coil, the reader’s coil generates a is low. Though a malicious attack could cause a critical strong high frequency electromagnetic field. The operational malfunction and lost time, no money or electromagnetic field cuts across the cross-section of the material goods are threatened. tag’s coil and the area around the coil causing, by inductance, a voltage to be generated in the transponder. 3.2 Open RFID Systems A capacitor attached across the reader’s antenna creates a parallel resonate circuit with a resonant frequency In an open RFID system where published corresponding to the transmission frequency of the reader. specifications are easily accessible and standard protocols The resonate circuit causes very high currents to flow in are used, an application connected with money and the antenna coil of the reader, which is used to generate the material goods provides a high level of motivation to an required field strengths used to operate the remote adversary. In such an RFID system, tags must keep the transponder. The reader’s antenna coil and the identity of their holders confidential. Tags must not transponder’s antenna coil can be viewed as a transformer, communicate information to unauthorized readers. Tags which provides the power to the transponder via must randomize output to minimize the possibility of transformer coupling. associating information that could be used to track an individual. Trust must be established between tags and readers. Tag holders must be allowed to disable tags if 2.1 RFID Efficiencies they choose to. Spoofing, session hijacking, man in the Since RFID systems allow the tags to be read without middle attacks, power analysis, probing, energy attacks any physical contact, they can provide efficiencies in many and other physical attacks need to be considered. different market segments. In the retail segment, a cashier at a register no longer needs to remove and scan each 3.3 RFID System Assumptions individual item in a customer’s cart. Just passing a reader in the vicinity of the cart can read all the items at once, Before analyzing proposed solutions to privacy and reducing the amount of time a customer spends in security issues, several assumptions need to be made. The checkout lines, and increasing the number of customers a focus is on low-cost RFID open systems with limited cashier can support. Managing pallets of inventory resources and power requirements. For wide spread use of becomes more efficient by allowing business owners to RFID tags a cost of US $.05 or less per tag will be have real-time access to inventory information. In the required. Tags will be passively powered, using the 20th Computer Science Seminar SA3-T1-2
  3. 3. energy from the reader. At most, tags will support 128 bits tags and readers. An adversary that would be able to of storage, 100 to 200 read operations per second utilizing interfere with the communications between the tag and anticollision techniques, and a maximum communication reader by jamming this signal or destroying the tag, might range of several meters. result in theft. Denial of service is especially a threat in According to Weise [7], to construct a 5-cent tag, the the retail market where RFID technology can be used for IC cost should not exceed 2 cents, limiting the gate count automatic checkout. between 7.5k to 15k gates. The Maximum gate count for a 100-bit EPC chip is roughly 5,000 – 10,000 gates [8], 4.1 The Kill Tag Approach leaving approximately 2.5k to 5k gates available for A simple solution to consumer privacy issues is to kill security, making public key or symmetric key encryption the RFID tag. Once killed, a tag can never be re-activated. prohibitive. Even efficient algorithms using Elliptic Curve The Auto-ID lab [4] defined a mode of operation for Cryptography or NTRU [9] would be difficult to standard supported tags in which a tag could be killed implement with the resource and cost constraints of low- upon purchase of the tagged product. The kill command cost tags. would require a special 8-bit password to be sent to the The communications channel between tags and reader tag. Upon receiving this password the tag would is assumed to be vulnerable to eavesdropping. The unconditionally erase itself. An implementation of the kill communications channel between readers and any back- tag solution is that at checkout time a clerk would kill tags end database is carried out over a secure channel that has attached to purchased items. In theory this would authentication and access control methods in place to guarantee that no purchased goods contained active RFID provide strong security. tags, satisfying all the security goals and requirements. Several disadvantages exist with the kill tag approach. 3.3.1 Asymmetric Channel Strength The kill command takes a conscience effort to enact; if An issue that is inherent to the use of passive tags is the overlooked it would allow live tags on items to leave the forward versus reverse asymmetric channel strength. store. When killing a tag, there is no way to ensure that Since a reader must supply the power for a tag, the reader the kill command was properly executed. With each to tag field strength is typically much greater then the tag password being only 8-bits long, a brute force attack using to reader field strength. With this greater field strength in all 256 possible addresses could lead to abuse for the forward direction, it may be possible for an malicious purposes. As stated previously, once a tag is eavesdropper to monitor communications from the reader killed it can never be re-activated. As new and innovative to the tag. In the reverse direction, from the tag to the consumer applications are developed, consumers may reader, the field strength is much weaker. An decide to have tags remain operational. Applications such eavesdropper may not be able to monitor the as smart microwave ovens, intelligent refrigerators, and communications from the tag to the reader. product refund or recall are just a few examples of possible future use of active RFID tags by consumers. 4.0 Addressing Privacy and Data Security Issues 4.2 The Hash-Lock Approach Low cost RFID tags will respond with their programmed identifier (EPC) to a reader when placed The Hash-Lock approach proposed by Weis et al. [10] within the reader’s interrogation zone. With no uses the concept of locking and unlocking the tag to allow authentication required between the tag and reader, trust access. The security of the Hash-Lock approach uses the between the tag and reader does not exist, allowing principle based on the difficulty of inverting a one-way unprotected tags to be vulnerable to eavesdropping. hash function. The scheme makes use of a back-end database to provide correct reader to tag identification and Replacing the tag ID with a pseudonym would provide the concept of a meta-ID stored in each tag. a level of security to secure product identification information. However for every query the tag will respond with the same pseudonym allowing the tracking of an individual. Even though the eavesdropper cannot identify the product, the location privacy of the individual is violated. Erasing all product identification information from the tag at the time of purchase but leaving manufacturing and product information intact, would allow consumers to have Fig 4.1 Hash-Locking: Reader unlock protocol [10]. future access to the information without a unique ID that To lock the tag the reader sends a hash of a random can be used for tracking purposes. Erasing identification key, as the meta-ID, to the tag. i.e. meta-ID<- information still presents a problem allowing an hash(key). The reader then stores the meta-ID and eavesdropper to track groups of products. An example key in the back end database. While locked, the tag only would be consumers who all have purchased Rolex responds with the meta-ID when queried. As shown in watches, or other goods. Fig. 4.1, to unlock the tag, the reader will query the tag for The attacks identified are passive attacks, needing only the meta-ID. The reader will then use the meta-ID to the capability to monitor the conversation between the lookup a key and ID for the tag in the database. If the reader and tag. An adversary that has the ability to meta-ID is found, the reader then sends the key to the tag participate in the protocol between the tag and reader can in an attempt to unlock the tag. The tag hashes the key and re-write more expensive items with tag data from less compares the results against the meta-ID stored in the tag. expensive items. Counterfeit tags could result in theft. If this compares successfully, the tag will unlock itself and Another risk is denial of service. RFID systems use allow access to the reader. The Hash-Lock scheme meets wireless RF communications to communicate between the several security goals and requirements stated in this 20th Computer Science Seminar SA3-T1-3
  4. 4. paper. It establishes trust between the tags and readers and Another privacy threat identified by Weis et al. [10] is will prevent unauthorized readers from reading tag that an eavesdropper is more likely to hear transmissions contents. By using a meta-ID, tags keep the identity of from the reader-to-tag, versus transmissions from the tag- their holders confidential. The holder has the capability to to-reader. The forward channel range versus reverse disable (lock) or enable (unlock) tags, should they desire to channel range threat is shown in Fig. 4.3. do so. Disadvantages include that tags could only be unlocked briefly to minimize the possibility of being hijacked. The use of meta-IDs assumes that the hash 4.3.1 Standard Tree-Walking Algorithm function can be implemented in the hardware of low-cost RFID systems often encounter multiple transponders tags with limited resources. The Hash-Lock approach is attempting to communicate to a reader at the same time. susceptible to spoofing using a man-in-the-middle attack Multi-access communication from a number of tags for later replay. The meta-ID itself acts as an identifier require that the reader must reliably prevent the and may allow tracking of individuals. Additionally, it transponder’s data from becoming corrupt and unreadable may be difficult for consumers to manage and update if a data collision should occur. To support multi-access meta-IDs for a large number of tags. communication, RFID systems must provide anticollision procedures (access protocol) to singulate tag IDs. Typically the implementation of an access protocol 4.2.1 Randomized Hash-Lock Enhancement involves the reader first sending a request for all Weis et al. [10] proposes an enhancement to the above transponders in its interrogation zone to respond with their protocol to help prevent the disclosure of meta-IDs while a IDs. By analyzing the results of the response, the reader tag is in the locked state. Randomizing the tag response determines if a collision occurred and identifies the bit during the query process prevents tracking of individuals position of the collision. Armed with this information the based on meta-IDs. reader can now request a subset of all transponders by requesting the ID’s of transponders based on the representation of the ID from where the collision occurred. To reduce the number of request packets sent from the reader, a binary search algorithm is typically used (Fig. 4.4). Fig 4.2 Hash-Locking: Enhanced reader unlock protocol using a randomized hash [10]. The randomized Hash-Lock approach requires tags to compute a one-way hash function and include an onboard, random number generator. As shown in Fig 4.2, a tag responds to a query with a random number r, and a hash of its ID concatenated with random number r. The reader queries the database for all IDs and hashes each ID concatenated with the returned random number r from the tag. If a match is found, the reader sends the ID to the tag Fig. 4.4 Tree Walk example: Each tag in this example has a 3-bit for authentication. Disadvantages include a brute force serial number [12]. search that must be performed by the reader, making the Hash-Lock randomized approach time consuming and 4.3.2 Implementation of Silent Tree-Walking relevant to only a small number of tags. Another As described earlier, an eavesdropper may hear disadvantage of the randomized Hash-Lock protocol is that transmissions from the reader many meters away. The while a one-way hash function is difficult to reverse, it anti-collision algorithms used by RFID tags to request the may still leak bits of its input. Such leaks could ID from the tag can be used to determine the ID of the tag. compromise the tag’s ID value. Moreover, the addition of To prevent this “Backward Channel Key Negotiation” a random number generator may be costly to implement Weis et al suggests encoding the reader’s transmissions so based on resource constraints. that a passive eavesdropper is unable to determine the IDs of the tags being read. By having the reader request the “Next Bit” from the tag instead of sending an ID during 4.3 The Silent Tree-Walking Approach the singulation process (Fig 4.5), passive eavesdropping can be eliminated. Fig. 4.5 Silent Tree Walking: Left hand represents a non- collision; the right hand illustrates a collision [10]. Fig. 4.3 The forward reader to tag range is much greater than the In the above figure, after the collision, the reader less powerful tag to reader range. [10]. responds with “Last Bit” XOR “tag 01” = 0 XOR 1 = 1. Tag 01 continues while the shaded tag 00 ceases to 20th Computer Science Seminar SA3-T1-4
  5. 5. respond to the protocol. The concept is that the reader in to remain active. In a universal configuration this would the backward channel will be able to hear the responses block all possible tag IDs when queried by the reader. An from the tag, whereas the eavesdropper in the forward added advantage to the blocker tag approach is that a channel will not hear the tag response. Thus the reader blocker tag can be configured to have “Multiple Privacy and tag share a secret - namely the bit value without Zones” allowing ranges of IDs to be blocked while reveling it to the eavesdropper. The Silent-Tree Walking allowing other ranges to operate normally. The selective scheme only meets the security requirement of protection blocker tag only requires minor changes to a standard against eavesdropping and does not provide protection RFID tag. A password would be needed to identify against active attacks; it does not protect against privacy zones. If a low-cost RFID tag costs US $0.05, a eavesdropping in the reverse direction and also assumes selective blocker tag should cost no more the US $0.10. that tag IDs are grouped with a common prefix. Creating a Blocker tags do not require any expensive encryption. For common prefix can be difficult with a large numbers of practical use as a privacy tool, selective blocking is tags. suggested. If used in a universal mode the blocker tag method would provide privacy protection at the cost of 4.4 The Re-Encryption Approach disrupting the communications of all RFID tags in the area. Disadvantages of this approach include a mechanism Juels and Pappu [8] propose the use of public-key that would be needed for readers to identify what “zones” cryptography and the employment of re-encryption of the are being blocked. Another disadvantage is in the serial numbers on banknotes for user privacy protection selection of privacy zones. Having too many zones could while still allowing the tracking of these notes by act as an identifier undermining individual privacy. authorized law enforcement agencies. Because of the Lastly, a blocker tag can be used maliciously for resource constraints of the RFID tags embedded on these implementing denial of service attacks. notes, the re-encryption would be done by agents, which in practice could be shops, retail banks and even by consumers. 5.0 Summary The problem being addressed is that even if the serial The following table presents a comparison of the numbers of these notes where encrypted, the static proposed solutions. The first column identifies the ciphertext of the serial numbers itself represents a unique solution. In column two an evaluation is made on how identifier, allowing the tracking of individuals. Re- compliant the solution is in regards to the Goals and encryption of the ciphertext would allow the ciphertext to Assumptions made in section 3.0. The third column places change in appearance without changing the serial number some value on how user friendly the solution is, or what of the plaintext message. Re-encryption used in mix impact the solution has on the tag holders. Column four networks is introduced by Golle et al. [11], Mix nets use addresses the added cost to implement the solution, and the the homomorphic properties of El Gamal public key last column places some weight on if the solution is cryptography to re-encrypt ciphertext with knowledge of practical based on the assumptions made. only the public parameters and not the plain text. In the Table 1: A Comparison of Proposed Solutions method employed by Juels and Pappu, re-encryption is defined based on the knowledge that agents will have Solution Meets User Added Practical access to the plain text, i.e. serial number. Their concept is Security Friendly Cost that an agent receives a banknote and using a scanning Reqmnts device such as an optical reader, reads the plain text serial Kill Tag All Some None Yes number, encrypts it using the law enforcement public key what and writes the results back to the RFID. To help prevent Hash-Lock Minimal Lesser Med/ Yes fraud, two different contact channels are defined: an optical channel that allows the update of ciphertext to the High RFID and a transmission channel for RFID query access. Enhanced Some Lesser High Maybe Including a digital signature during the encryption process Hash-Lock further strengthens this approach. The problem when Silent Tree- Minimal Lesser Low/ Yes addressing consumer privacy in the re-encryption approach Walking Med is the rate at which re-encryption must take place. If this rate is very low, the static ciphertext will not change, Selective Most More so Low/ Yes resulting in a unique identifier. Additionally, The cost of Blocker Med the necessary equipment placed on agents to perform the Tag re-encryption can make this approach economically unattractive. Standard All Would Very No Encryption be High 4.5 The Blocker Tag Approach Based on this summary, the selective blocker tag solution provides the best value with minimal added cost Juels et al. [12] suggest the concept of a blocker tag to and is practical for implementation by today’s standards. address the issue of consumer privacy. The blocker tag The selective blocker tag does impact the holders of tags approach uses the tree walking protocol to simulate many since they must purchase or obtain a blocker for use different tags simultaneously. A blocker tag, blocks the against active tags. reader from successfully allowing a tag that is in the interrogation zone to successfully respond with its unique For completeness, standard encryption has been added ID number. The blocker tag achieves this by causing a as a solution. Using standard encryption schemes would collision for each bit in the request from the reader. In provide strong privacy and be transparent to the holder. effect this would “jam” tags that the consumer has in their Unfortunately, based on the technology available today, possession, preserving their privacy but allowing the tags the cost would be prohibitive and would not be practical. 20th Computer Science Seminar SA3-T1-5
  6. 6. 6.0 Conclusion [10] S.A.Weis, S.E.Sarma, R.L. Revest, D.W. Engels, The work by Sarma et al. [14] predicts that over the “Security and Privacy Aspects of Low-Cost Radio next several years, development of low-cost tags in the Frequency Identification Systems“ accepted for range of US $0.05 or less will continue to present a publication to the First International Conference on challenge to manufacturers. Low-cost tags will remain Security in Pervasive Computing (SPC 2003), extremely resource scarce, passively powered, and have March 12-14, 2003. limited memory resources comprised of several hundred [11] D. Boneh, P. Golle, “Almost Entirely Correct bytes, as opposed to kilobytes. The range of Mixing With Applications to Voting,” Proceedings communications will be a few meters, with a limit on of the 9th ACM conference on Computer and computational power. Using standard cryptographic communications security, 2002, pp. 68 - 77. security mechanisms will exceed the capability of these [12] A. Juels, R.L. Rivest, M. Szydlo, “The Blocker Tag: devices. To meet these challenges, more work must be Selective Blocking of RFID Tags for Consumer done to develop new hardware-efficient hash functions Privacy.” Conference on Computer and within low-cost RFID tags, along with new lightweight Communications Security Proceedings of the 10th cryptographic primitives and protocols. Any new and ACM conference on Computer and communication efficient functions need to take into account the limited security, October 2003, 103-111. resources of low-cost RFID tags. [13] A. Juels, “Privacy and Authentication in Low-Cost In this paper the threats to personal privacy and RFID Tags”, in submission, 2003 security that exist in low-cost RFID tags have been http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/ identified, goals and assumptions defined, and proposed publications/pt-rfid solutions to address these privacy and security risks [14] S. Sarma, S. Weis, D. Engels, “Radio-frequency analyzed. Based on the comparison of these solutions, the identifiers: Security Risks and Challenges,” selective blocker tag provides the best solution satisfying most requirements. CryptoBytes, vol. 6, no. 1, Spring 2003 As RFID technology advances allowing “smarter” tags, the line between RFID devices, smart cards, and general- purpose computers will blur. Today’s research benefiting RFID devices will aid in the development of secure ubiquitous computing systems in the future. References [1] T, McConnel, “RFID advances bring fundamental changes to security and personal safety,” http://www.iapplianceweb.com/story/OEG2003060 4S0047, June 6, 2003 [2] K. Takaragi, M. Usami, R. Imura, R. Itsuki, T. Satoh, “An ultra small individual recognition security chip,” Micro, IEEE Nov/Dec 2001 Pages 43 – 49, Volume 21, Issue 6 [3] K.V.S. Rao, “An overview of backscattered radio frequency identification system (RFID”), Microwave Conference, 1999 Asia Pacific, meeting date 11/30/1999 – 12/03/1999, Volume: 3, Pages: 746 – 749 [4] MIT Auto-ID Center. http://www.autoidcenter.org Feb 2004. [5] S. Sarma, D. Brock, D. Engels, “Radio frequency identification and the electronic product code,” Micro, IEEE, vol. 21, no. 6, Nov. – Dec. 2001, pp.50 – 54. [6] D. McCullough. RFID tags: Big Brother in small packages. CNet, 13 January 2003. From http://news.com.com/2010-1069-980325.html. [7] Steven A. Weis, , “Security and Privacy in Radio- Frequency Identification Devices” MIT Master of Science Thesis, submitted May 2003. [8] A. Juels, R. Pappu, “Squealing Euros: Privacy Protection in RFID-Enabled Banknotes.” In R. Wright, ed., Financial Cryptography ’03. Pringer- Verlag. 2003 [9] J. Hoffstein, J. Pipher, J. H. Silverman, “NTRU: A Ring-Based Public Key Cryptosystem.” Lecture Notes in Computer Science, 1423:267, 1998. 20th Computer Science Seminar SA3-T1-6