1. Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels

2. Introduction 1)RFID system primer 2)Security and Privacy Risks 3)RFID security Settings and Assumptions 4)Security Proposals 1.Hash-Based Access Control 2.Randomized Access Control 3.Silent Tree Walking and Backward Channel Key Negotiation

3. RFID system primer(1/2) 1)The RFID tag (or transponder), carries object identifying data. 2)The RFID reader (or transceiver), reads and writes tag data. 3)The back-end database associates records with tag data collected by readers.

4. RFID system primer(2/2) Memory on tags may be read-only, write- once read-many, or fully rewritable. The readers may contain internal storage, processing power, or an additional functionality. The tags may either be actively or passively powered.

5. Security and privacy risks(1/1) Unprotected tags may have vulnerabilities to eavesdropping, traffic analysis, spoofing or denial of service.

6. RFID security settings and assumptions Assuming tags will be passive and provide only simple read-only identification functionality and tags contain a few hundred bits of storage and have an operating range of a few meters. Assuming tag memory is insecure and susceptible to physical attacks revealing their entire contents. The readers are assumed to have a secure connection to a back-end database.

8. Security proposals(1/3) 1.Hash-based access control Each hash-enabled tag has a temporary metaID and it can operate in either a locked or unlocked state. To lock a tag, the tag hash a random key as the tag’s metaID, i.e. hash (key)  metaID. Then it stores both the key and metaID in a back-end database. While locked, a tag responds to all queries with only its metaID and offers no other functionality. To unlock a tag, the reader queries the metaID from the tag, find a suitable key and send the key to the tag. The tag checks whether the correctness of the key. If the values match, it unlocks itself and offers its full functionality to any nearby readers.

10. Security proposals(2/3) 2.Randomized access control In this mode, a tag must not respond to unauthorized users but must be identifiable by legitimate readers. This scheme based on one-way hash functions best suited for a small number of tags and it offers a theoretically stronger pseudo-random functions (PRFs). The tags respond to reader with the pair (r, h (ID|| r)), where r is a random number chosen uniformly at random and hashing its ID concatenated with r. Then the reader perform a brute-force search of its known IDs until it finds a match.

12. Security proposals(3/3) 3.Silent tree walking and backward channel key negotiation