As radio frequency identification (RFID) technology becomes widespread, such as for high-speed highway toll payments, ensuring user security and privacy is paramount. At issue is the unauthorized accessing of RFID user tags through an adversary RFID reader, with the intent to track or masquerade as the user. The authors describe two RFID privacy-preserving concepts that provide user anonymity and unlinkability of the protocol transcripts of a tag. They describe the difference between “unp-privacy” (based on the unpredictability of a tag) and “ind-privacy” (based on the indistinguishability between two tags). Even though ind-privacy is arguably the correct notation, proven implementations haven’t been observed. Thus, the authors provide their own unp*-privacy protocol, which they say implies ind-privacy.

This paper provides a very readable layman’s explanation of the adversary issues with RFID technology, “including eavesdropping, alteration of communication messages, replay attacks, corruption of tags, and physical or side-channel attacks to tags.” Throughout the paper, the authors describe these issues and include the rigor of detailed theorems and proofs. They describe an RFID model, the adversary, and the completeness and soundness of RFID systems.

With that RFID model foundation, the authors go on to describe the various limitations of the privacy models. For example, even though the various protocols provide two or three round-trip query communications between a reader and the RFID tag, there are still areas an adversary can exploit. In contrast to other security protocols, large or unlimited amounts of communication are not acceptable here because of the rapid response requirements, such as that car traveling through the toll. In addition, most current privacy flaws occur because the RFID protocols are too lightweight and cannot implement appropriate cryptographic functions.

Finally, the authors provide detailed information on their new privacy model, unp*-privacy. They show how an adversary cannot distinguish the output of a real tag from that of a virtual tag without the secret key. This means the number of round-trip queries doesn’t affect the protocol’s effectiveness. However, in contrast to lightweight protocols, the unp*-privacy protocol requires that each RFID tag must be able to compute a pseudorandom function (PRF) or its equivalent. The authors identify these constraints and define the open problems for finding a minimal condition to enforce ind-privacy in RFID systems.

This paper will be valuable to those developing various large-scale RFID systems, like traffic tolling systems, where privacy and anonymity has always been a concern. The described techniques allow developers to create more advanced capabilities, without the issues inherent to the various lightweight and privacy-prone approaches.