Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems

  • Stephen A. Weis
  • Sanjay E. Sarma
  • Ronald L. Rivest
  • Daniel W. Engels
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2802)


Like many technologies, low-cost Radio Frequency Identification (RFID) systems will become pervasive in our daily lives when affixed to everyday consumer items as ”smart labels”. While yielding great productivity gains, RFID systems may create new threats to the security and privacy of individuals or organizations. This paper presents a brief description of RFID systems and their operation. We describe privacy and security risks and how they apply to the unique setting of low-cost RFID devices. We propose several security mechanisms and suggest areas for future research.


Smart Card Advance Encryption Standard Privacy Risk Forward Channel Privacy Aspect 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Burrows, M., Kaufman, C., Lampson, B.W.: Authentication and Delegation with Smart-cards. In: Theoretical Aspects of Computer Software, pp. 326–345 (1991)Google Scholar
  2. 2.
    Anderson, R., Kuhn, M.: Low Cost Attacks on Tamper Resistant Devices. In: IWSP: International Workshop on Security Protocols. LNCS (1997)Google Scholar
  3. 3.
    Bing, B.: Broadband Wireless Access. Kluwer Academic Publishers, Dordrecht (2002)Google Scholar
  4. 4.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the Importance of Checking Cryptographic Protocols for Faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)Google Scholar
  5. 5.
    Canetti, R., Micciancio, D., Reingold, O.: Perfectly One-Way Probabilistic Hash Functions. In: 30th Annual ACM Symposium on Theory of Computing, pp. 131–140 (1998)Google Scholar
  6. 6.
    CAST Inc. AES and SHA-1 Cryptoprocessor Cores,
  7. 7.
    Chari, S., Jutla, C., Rao, J.R., Rohatgi, P.: A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards. In: Second Advanced Encryption Standard (AES) Candidate Conference, Rome, Italy (1999)Google Scholar
  8. 8.
    EAN International and the Uniform Code Council,
  9. 9.
    Gobioff, H., Smith, S., Tygar, J.D., Yee, B.: Smart Cards in Hostile Environments. In: 2nd USENIX Workshop on Elec. Commerce (1996)Google Scholar
  10. 10.
    Goldreich, O.: Foundations of Cryptography. Cambridge University Press, Cambridge (2001)zbMATHCrossRefGoogle Scholar
  11. 11.
    Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: A Ring-Based Public Key Cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  12. 12.
    Jakobsson, M., Wetzel, S.: Security Weaknesses in Bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, p. 176. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Juels, A., Pappu, R.: Squealing Euros: Privacy Protection in RFID-Enabled Banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Kaliski Jr., B.S., Robshaw, M.J.B.: Comments on Some New Attacks on Cryptographic Devices. RSA Laboratories’ Bulletin (5) (July 1997),
  15. 15.
    Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  16. 16.
    Kocher, P.C.: Cryptanalysis of Diffie-Hellman, RSA, DSS, and other Systems Using Timing Attacks. Technical report, Cryptography Research, Inc. (1995)Google Scholar
  17. 17.
    Krause, M., Lucks, S.: On the Minimal Hardware Complexity of Pseudorandom Function Generators. In: Ferreira, A., Reichel, H. (eds.) STACS 2001. LNCS, vol. 2010, pp. 419–435. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. 18.
    Luby, M., Rackoff, C.: How to Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM Journal on Computing 17(2), 373–386 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Menezes, A.J., van Oorshot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography, ch. 1.9. CRC Press, Boca Raton (1996)CrossRefGoogle Scholar
  20. 20.
    Metcalfe, R.M., Boggs, D.R.: Ethernet: Distributed Packet Switching for Local Computer Networks. Communications of the ACM 19(5), 395–404 (1976)CrossRefGoogle Scholar
  21. 21.
    MIT. Auto-ID Center,
  22. 22.
  23. 23.
    RFID Journal. Gillette to Purchase 500 Million EPC Tags (November 2002),
  24. 24.
    RFID Journal. Michelin Embeds RFID Tags in Tires (January 2003),
  25. 25.
    Rivest, R.L.: Chaffing and Winnowing: Confidentiality without Encryption. CryptoBytes (RSA Laboratories) 4(1), 12–17 (1998)Google Scholar
  26. 26.
    Sarma, S.E.: Towards the Five-Cent Tag. Technical Report MIT-AUTOID-WH-006, MIT Auto-ID Center (2001)Google Scholar
  27. 27.
    Sarma, S.E., Weis, S.A., Engels, D.W.: RFID Systems and Security and Privacy Implications. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 454–470. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  28. 28.
    Stajano, F., Anderson, R.: The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks. In: Malcolm, J.A., Christianson, B., Crispo, B., Roe, M. (eds.) Security Protocols 1999. LNCS, vol. 1796, pp. 172–194. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  29. 29.
    TAMPER Lab. University of Cambridge Tamper and Monitoring Protection Engineering Research Lab.,
  30. 30.
    Uniform Code Council. Homepage,
  31. 31.
    Weigart, S.H.: Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defences. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 302–317. Springer, Heidelberg (2000)Google Scholar
  32. 32.
    Wheeler, D.J., Needham, R.M.: TEA, a Tiny Encryption Algorithm. Technical report, Computer Laboratory, University of Cambridge (1995)Google Scholar
  33. 33.
    Wheeler, D.J., Needham, R.M.: TEA Extensions. Technical report, Computer Laboratory, University of Cambridge (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Stephen A. Weis
    • 1
  • Sanjay E. Sarma
    • 2
  • Ronald L. Rivest
    • 1
  • Daniel W. Engels
    • 2
  1. 1.Laboratory for Computer ScienceMassachusetts Institute of TechnologyCambridgeUSA
  2. 2.Auto-ID CenterMassachusetts Institute of TechnologyCambridgeUSA

Personalised recommendations