Addressing Security and Privacy Issues in Low-Cost RFID Systems

Zeeshan Bilal

Research output: ThesisDoctoral Thesis

1599 Downloads (Pure)


Radio Frequency Identification (RFID) systems are being used in numerous applications such as transportation ticketing, animal tracking, supply chain management, medical records, electronic passports and identity cards. These systems consist of three main components, namely: server, reader and tag. A tag is a small microchip with antenna attached to an item which needs identification. A reader scans a tag(s) and collects the identification information. This information is then passed on to a server by the reader for further operations.
Providing security and preserving privacy of these systems come with a cost. In sensitive applications such as e-passports, the embedded tags are resourceful enough to accommodate standard cryptographic functionality. These resourceful tags are high-cost. However in the most widely deployed RFID systems, such as in supply chain management of daily consumer goods, it is not feasible to use such high-cost tags. Therefore the tags used in these applications are low-cost tags which are constrained in their resources. Since these tags cannot afford the luxury of conventional cryptographic primitives, low-cost RFID systems are prone to both passive as well as active adversaries. Some of the typical threats related to an RFID system include tag cloning, impersonation, replay, relay, de-synchronization, DoS, content privacy leakage, tracing and tracking attacks, etc. Therefore it is imperative to think out of the box to provide security and privacy to these low-cost RFID systems.
This thesis makes six contributions in this regard. In the first and second contribution, very basic low-cost tags are considered. These tags are very constrained with respect to their resources. To secure such tags, researchers have proposed ultra-lightweight mutual authentication protocols (UMAPs). First we demonstrate multiple attacks in detail on two of such UMAPs. Then we carry out analysis of existing UMAPs and highlight weaknesses. We also propose a new UMAP which overcomes the weaknesses of existing discussed schemes.
The next three contributions focus on the most widely used application of RFID
systems, supply chain management. This application generally uses a standard EPC-global Class-1 Gen-2 (EPCC1G2). We contribute by first proposing a scheme which provides security and privacy to tagged items throughout a supply chain cycle with online as well as offline readers. Then we focus our work on the counterfeit problem in supply chain management, which causes huge losses to businesses. We propose a hierarchical anti-counterfeit mechanism to counter the problem of counterfeiting during the supply chain cycle. Finally we devise a framework to provide an anti-counterfeiting feature to individual customers who cannot afford the luxury of standard readers and access to a back-end database server.
Lastly we discuss the problem of ownership transfer in RFID systems. Since tags
travel to different geographic locations, there is a need of ownership transfer, where an owner is an entity which can interact with the tag using a shared secret key. A simple ownership transfer involves transfer of a shared secret key from old owner to new owner. This raises concerns where an old owner would retain a copy of the key and can still interact with the tag even after its ownership is revoked. Similarly, if the key is not changed before transfer, a new owner can trace past transactions of an old owner. We propose a secure ownership transfer scheme which meets certain requirements. We further elaborate on additional properties required to achieve a robust ownership
transfer process.
Original languageEnglish
Awarding Institution
  • Royal Holloway, University of London
  • Martin, Keith M., Supervisor
  • Markantonakis, Konstantinos, Advisor
Award date1 Feb 2015
Publication statusUnpublished - 2015


  • RFID
  • lightweight cryptography
  • authentication protocols
  • ultra-lightweight mutual authentication protocols
  • EPC tags
  • ownership transfer protocols

Cite this