Lightweight Cryptographic Authentication in Passive RFID-Tagged Systems

The explosion in recent interest in radio-frequency identification (RFID) tags stems primarily from advances in information processing in supply chain management. Given their processing power and memory capabilities, RFID tags can be used in a wide range of applications including those where barcodes can and cannot be used. Although the potential exists, it is hampered by the relatively high unit cost of implementation and issues related to privacy and security. As with any technology, unit cost of RFID tags and their related systems is bound to come down. As for security and privacy issues, the main impediments are limited processing power, memory, and external power to operate these tags. In spite of these resource constraints, recent years have seen a plethora of new authentication protocols that promise to alleviate security and privacy concerns associated with the use of RFID tags. We evaluate a few protocols that have been suggested for use in passive RFID-tagged systems and identify vulnerabilities that may be present. When appropriate, we present modifications of existing protocols to prevent identified vulnerabilities.