Security and Privacy Issues of RFID

#Harpreet Bajaj1, Abhinav Bhandari2

1

CSE Department, PTU, Jalandhar DAVIET Jalandhar, preetbajaj2003@yahoo.co.in 2 CSE Department, PTU, Jalandhar LLRIET Moga, b_abhinavbhandari@yahoo.com
an RF interface. Readers may contain internal storage, processing power, and an interface to a back-end database for added functionality. The MIT Auto-ID Center [4], now known as the MIT Auto-ID Lab, worked with a consortium of industry sponsors to research and develop exceptionally low-cost RFID tags for use in a system-level approach of automatic object identification. Auto Identification (Auto-ID) systems are now, more then ever before, becoming common place in many economic sectors. From theft prevention and intelligent asset management to logistic management which includes manufacturing, materials handling, and distribution. Auto-ID systems provide information about people, animals, goods and products in transit. Today the de facto standard for automatic identification is the bar code. The Universal Product Code (UPC) is a familiar optical version developed in 1973 and is used to label most products today. The Electronic Product Code (EPC) [5] is the next evolution of the UPC barcode. As RFID costs drop to the US $.05 level and below, embedding Electronic Product Codes into RFID smart labels will replace or complement the ubiquitous printed UPC label and provide efficiencies for supply chain and inventory management. EPC enabled RFID devices will promise a more flexible and intelligent handling of consumer purchases from automated checkout through return of goods after purchase. With these benefits also comes the possibility of abuse to personal privacy and security [6]. 1.1 Privacy and Security Challenges As recognized by Weis [7], advances in RFID technology may come at a cost to privacy and security. Vulnerabilities to physical attacks, counterfeiting, spoofing, eavesdropping, traffic analysis or denial of service could all threaten unprotected tags. The problem to be addressed is the threat to consumer privacy and what security measures are proposed to address this threat in low-cost RFID

Abstract As Radio Frequency Identification (RFID) technology becomes pervasive in our lives, literally woven into the fabric of our society, there exists the danger to personal privacy, loss of anonymity, and violation of location privacy to all individuals. Even cash, which offers true anonymity for consumers, may be threatened by RFID technology. As the size and cost of RFID tags decrease, their use as smart labels will become the dominant technique for the electronic collection of data. Used for automatic identification (Auto-ID) of goods, RFID technology promises to offer great gains in productivity. Along with these gains, new threats to personal privacy and security will be exposed. Low cost tags have no access control function and broadcast their ID whenever in proximity of a reader. Personal preferences and buying patterns are traceable and personal sensitive information available to eavesdropping. With the severe cost and size constraints of these devices, the use of conventional cryptographic techniques for the protection of data is prohibitive. This paper will present a brief overview of RFID technology, investigate the privacy and security issues associated with RFID technology, and analyze and compare proposed solutions. To conclude, this paper will provide a comparison of proposed solutions and recommend which of these solutions best meets the goals and assumptions to address the privacy and security risks that result from the use of RFID tags. 1.0 Introduction Radio Frequency Identification (RFID) tags are miniscule microchips that have already shrunk to half the size of a grain of sand [1, 2]. They listen for a radio query and respond by transmitting their unique ID code. Most RFID tags have no batteries; they are inductively powered via an RF signal from the reader [3]. Tags that are actively powered contain an on-board power source, such as a battery. Readers interrogate tags for their contents through

tags. Low-cost tags have no provisions for authentication between the tag and reader, and no access control mechanism. Tags will broadcast their programmed ID whenever in the proximity of a reader. Personal preferences and buying patterns are traceable and personal sensitive information susceptible to eavesdropping. Reading of insecure tags by an adversary can result in corporate espionage, forgery, and theft. 1.2 Proposed Solutions This paper will discuss five proposed schemes for protecting user privacy and addressing security challenges in low-cost RFID systems. One proposed solution is the killing of tags after purchase, permanently disabling them at checkout, and making them forever after inoperable. Hash-Lock, re-encryption, and silent tree-walking schemes are also viable approaches of making RFID tags smarter. In the Hash-Lock approach, a meta-ID y is given to the tag when it is locked. The tag can only be unlocked when a key value x is presented to the tag such that y=h(x). Juels and Pappu [8] describe re-encryption as a solution of addressing the privacy issues of RFID tags embedded in banknotes. Re-encryption uses the banknote tag serial numbers encrypted with a law enforcement public key. Due to the resource constraints in lowcost RFID tags, Juels and Pappu propose the use of external agents to perform the re-encryption. Silent tree-walking is another proposed solution based on the asymmetric reader to tag field strength. An eavesdropper may be able to hear the signal broadcast by the reader to the tag but is unable to hear the response from the tag. The blocker tag is an approach that exploits the tree-walking singulation(collision avoidance) protocol used to identify an individual tag. Another possible solution is the use of symmetric and asymmetric cryptographic methods; however due to resource constraints and cost considerations would be difficult to implement. 2.0 Overview of an RFID System RFID systems are the next generation of Auto-ID devices. The roots of RFID technology originate from transponder technology developed in the late 1940s and used in aircraft IFF (Identification Friend or Foe) systems. A typical RFID system includes: an RFID tag and antenna (transponder), a reader and antenna, and possibly a back-end database. Transponders are categorized as passive (no battery support) and active (has an optional battery), and have a frequency range from 135 kHz (long-wave) to 5.8 GHz (micro-wave). Passive tags use inductive or capacitive coupling of power from the reader for all of its power requirements. Approximately 90% of all RFID

transponders sold today use inductive coupling for a power source. Tag characteristics are small in size and may have a read/write range of up to one meter. Active tags use a battery for an internal power source. Active tags can include micro-controllers, nonvolatile flash memory for program and data, and static memory for scratch pad purposes. Active tags have enhanced functionality over passive tags and can be configured as small wireless network nodes. Many support encryption and operate in the UHF/Microwave range. Characteristics of these tags are larger in size, higher priced and support read/write ranges from one meter to greater than fifteen meters over passive tags. Passive tags are comprised of a data-carrying device, typically in the form of a microchip, and a large area antenna coil. When a passive tag is brought into proximity of a readers antenna coil, the readers coil generates a strong high frequency electromagnetic field. The electromagnetic field cuts across the cross-section of the tags coil and the area around the coil causing, by inductance, a voltage to be generated in the transponder. A capacitor attached across the readers antenna creates a parallel resonate circuit with a resonant frequency corresponding to the transmission frequency of the reader. The resonate circuit causes very high currents to flow in the antenna coil of the reader, which is used to generate the required field strengths used to operate the remote transponder. The readers antenna coil and the transponders antenna coil can be viewed as a transformer, which provides the power to the transponder via transformer coupling. 2.1 RFID Efficiencies Since RFID systems allow the tags to be read without any physical contact, they can provide efficiencies in many different market segments. In the retail segment, a cashier at a register no longer needs to remove and scan each individual item in a customers cart. Just passing a reader in the vicinity of the cart can read all the items at once, reducing the amount of time a customer spends in checkout lines, and increasing the number of customers a cashier can support. Managing pallets of inventory becomes more efficient by allowing business owners to have real-time access to inventory information. In the transportation segment, automated toll collection systems using RFID technology allow drivers to slow down instead of stopping to pay toll collectors, reducing the number of collectors and time needed for toll payment. TransCore, a transportation technology company, in their eGotm product line, offers a paperthin sticker-like tag that does not require batteries and allows user information to be read or written by a

reader. This product can be used by Electronic Toll Collection (ETC) systems and in Electronic Vehicle Registration (EVR) applications. This product may also be used in the medical field to prevent the abduction of infants from maternity wards. When used for infant protection, the system involves a tag being put around a baby's ankle, which responds to sensor panels located at hospital exits. If the baby is taken through the sensor, an alarm goes off and the hospital's security team is alerted. In addition, advanced RFID systems are being developed whereby the tag can be tracked beyond the confines of the hospital. 3.0 Security Goals and Assumptions When addressing security risks for RFID systems it is important to realize the security goals and security requirements that should be imposed on the system. An assessment needs to be performed to determine the incentive that the system represents to an adversary. What could be gained and what is the cost if the system is compromised? What are the system assumptions regarding security? 3.1 Closed RFID Systems In a closed RFID system where access by individuals is controlled, the probability of an attack is low. A closed system typically would use a proprietary protocol between the readers and transponders. The use of a proprietary protocol itself makes an attack on such a system more difficult. An example of such a system is an assembly line in a manufacturing facility, where the benefit to an attacker is low. Though a malicious attack could cause a critical operational malfunction and lost time, no money or material goods are threatened. 3.2 Open RFID Systems In an open RFID system where published specifications are easily accessible and standard protocols are used, an application connected with money and material goods provides a high level of motivation to an adversary. In such an RFID system, tags must keep the identity of their holders confidential. Tags must not communicate information to unauthorized readers. Tags must randomize output to minimize the possibility of associating information that could be used to track an individual. Trust must be established between tags and readers. Tag holders must be allowed to disable tags if they choose to. Spoofing, session hijacking, man in the middle attacks, power analysis, probing, energy attacks and other physical attacks need to be considered. 3.3 RFID System Assumptions Before analyzing proposed solutions to privacy and security issues, several assumptions need to be made. The focus is on low-cost RFID open systems

with limited resources and power requirements. For wide spread use of RFID tags a cost of US $.05 or less per tag will be required. Tags will be passively powered, using the energy from the reader. At most, tags will support 128 bits of storage, 100 to 200 read operations per second utilizing anticollision techniques, and a maximum communication range of several meters. According to Weise [7], to construct a 5-cent tag, the IC cost should not exceed 2 cents, limiting the gate count between 7.5k to 15k gates. The Maximum gate count for a 100-bit EPC chip is roughly 5,000 10,000 gates [8], leaving approximately 2.5k to 5k gates available for security, making public key or symmetric key encryption prohibitive. Even efficient algorithms using Elliptic Curve Cryptography or NTRU [9] would be difficult to implement with the resource and cost constraints of low-cost tags. The communications channel between tags and reader is assumed to be vulnerable to eavesdropping. The communications channel between readers and any back-end database is carried out over a secure channel that has authentication and access control methods in place to provide strong security. 3.3.1 Asymmetric Channel Strength An issue that is inherent to the use of passive tags is the forward versus reverse asymmetric channel strength. Since a reader must supply the power for a tag, the reader to tag field strength is typically much greater then the tag to reader field strength. With this greater field strength in the forward direction, it may be possible for an eavesdropper to monitor communications from the reader to the tag. In the reverse direction, from the tag to the reader, the field strength is much weaker. An eavesdropper may not be able to monitor the communications from the tag to the reader. 4.0 Addressing Privacy and Data Security Issues Low cost RFID tags will respond with their programmed identifier (EPC) to a reader when placed within the readers interrogation zone. With no authentication required between the tag and reader, trust between the tag and reader does not exist, allowing unprotected tags to be vulnerable to eavesdropping. Replacing the tag ID with a pseudonym would provide a level of security to secure product identification information. However for every query the tag will respond with the same pseudonym allowing the tracking of an individual. Even though the eavesdropper cannot identify the product, the location privacy of the individual is violated. Erasing all product identification information from the tag at the time of purchase but leaving

manufacturing and product information intact, would allow consumers to have future access to the information without a unique ID that can be used for tracking purposes. Erasing identification information still presents a problem allowing an eavesdropper to track groups of products. An example would be consumers who all have purchased Rolex watches, or other goods. The attacks identified are passive attacks, needing only the capability to monitor the conversation between the reader and tag. An adversary that has the ability to participate in the protocol between the tag and reader can re-write more expensive items with tag data from less expensive items. Counterfeit tags could result in theft. Another risk is denial of service. RFID systems use wireless RF communications to communicate between the tags and readers. An adversary that would be able to interfere with the communications between the tag and reader by jamming this signal or destroying the tag, might result in theft. Denial of service is especially a threat in the retail market where RFID technology can be used for automatic checkout. 4.1 The Kill Tag Approach A simple solution to consumer privacy issues is to kill the RFID tag. Once killed, a tag can never be reactivated. The Auto-ID lab [4] defined a mode of operation for standard supported tags in which a tag could be killed upon purchase of the tagged product. The kill command would require a special 8-bit password to be sent to the tag. Upon receiving this password the tag would unconditionally erase itself. An implementation of the kill tag solution is that at checkout time a clerk would kill tags attached to purchased items. In theory this would guarantee that no purchased goods contained active RFID tags, satisfying all the security goals and requirements. Several disadvantages exist with the kill tag approach. The kill command takes a conscience effort to enact; if overlooked it would allow live tags on items to leave the store. When killing a tag, there is no way to ensure that the kill command was properly executed. With each password being only 8-bits long, a brute force attack using all 256 possible addresses could lead to abuse for malicious purposes. As stated previously, once a tag is killed it can never be re-activated. As new and innovative consumer applications are developed, consumers may decide to have tags remain operational. Applications such as smart microwave ovens, intelligent refrigerators, and product refund or recall are just a few examples of possible future use of active RFID tags by consumers. 4.2 The Hash-Lock Approach The Hash-Lock approach proposed by Weis et al. [10] uses the concept of locking and unlocking the

tag to allow access. The security of the Hash-Lock approach uses the principle based on the difficulty of inverting a one-way hash function. The scheme makes use of a back-end database to provide correct reader to tag identification and the concept of a meta-ID stored in each tag. Fig 4.18

Hash Locking: Reader unlocks protocol [10]. To lock the tag the reader sends a hash of a random key, as the meta-ID, to the tag. i.e. meta-ID<hash(key). The reader then stores the meta-ID and key in the back end database. While locked, the tag only responds with the meta-ID when queried. As shown in Fig. 4.1, to unlock the tag, the reader will query the tag for the meta-ID. The reader will then use the meta-ID to lookup a key and ID for the tag in the database. If the meta-ID is found, the reader then sends the key to the tag in an attempt to unlock the tag. The tag hashes the key and compares the results against the meta-ID stored in the tag. If this compares successfully, the tag will unlock itself and allow access to the reader. The Hash-Lock scheme meets several security goals and requirements stated in this paper. It establishes trust between the tags and readers and will prevent unauthorized readers from reading tag contents. By using a meta-ID, tags keep the identity of their holders confidential. The holder has the capability to disable (lock) or enable (unlock) tags, should they desire to do so. Disadvantages include that tags could only be unlocked briefly to minimize the possibility of being hijacked. The use of meta-IDs assumes that the hash function can be implemented in the hardware of low-cost tags with limited resources. The Hash-Lock approach is susceptible to spoofing using a man-in-the-middle attack for later replay. The meta-ID itself acts as an identifier and may allow tracking of individuals. Additionally, it may be difficult for consumers to manage and update meta-IDs for a large number of tags. 4.2.1 Randomized Hash-Lock Enhancement Weis et al. [10] proposes an enhancement to the above protocol to help prevent the disclosure of meta-IDs while a tag is in the locked state. Randomizing the tag response during the query

process prevents tracking of individuals based on meta-IDs.

Fig 4.2 Hash-Locking: Enhanced reader unlocks protocol using a randomized hash [10]. The randomized Hash-Lock approach requires tags to compute a one-way hash function and include an onboard, random number generator. As shown in Fig 4.2, a tag responds to a query with a random number r, and a hash of its ID concatenated with random number r. The reader queries the database for all IDs and hashes each ID concatenated with the returned random number r from the tag. If a match is found, the reader sends the ID to the tag for authentication. Disadvantages include a brute force search that must be performed by the reader, making the Hash-Lock randomized approach time consuming and relevant to only a small number of tags. Another disadvantage of the randomized HashLock protocol is that while a one-way hash function is difficult to reverse, it may still leak bits of its input. Such leaks could compromise the tags ID value. Moreover, the addition of a random number generator may be costly to implement based on resource constraints. 4.3 The Silent Tree-Walking Approach

4.3.1 Standard Tree-Walking Algorithm RFID systems often encounter multiple transponders attempting to communicate to a reader at the same time. Multi-access communication from a number of tags require that the reader must reliably prevent the transponders data from becoming corrupt and unreadable if a data collision should occur. To support multi-access communication, RFID systems must provide anticollision procedures (access protocol) to singulate tag IDs. Typically the implementation of an access protocol involves the reader first sending a request for all transponders in its interrogation zone to respond with their IDs. By analyzing the results of the response, the reader determines if a collision occurred and identifies the bit position of the collision. Armed with this information the reader can now request a subset of all transponders by requesting the IDs of transponders based on the representation of the ID from where the collision occurred. To reduce the number of request packets sent from the reader, a binary search algorithm is typically used (Fig. 4.4).

Another privacy threat identified by Weis et al. [10] is that an eavesdropper is more likely to hear transmissions from the reader-to-tag, versus transmissions from the tag-to-reader. The forward channel range versus reverse channel range threat is shown in Fig. 4.3.

4.3.2 Implementation of Silent Tree-Walking As described earlier, an eavesdropper may hear transmissions from the reader many meters away. The anti-collision algorithms used by RFID tags to request the ID from the tag can be used to determine the ID of the tag. To prevent this Backward Channel Key Negotiation Weis et al suggests encoding the readers transmissions so that a passive eavesdropper is unable to determine the IDs of the tags being read. By having the reader request the Next Bit from the tag instead of sending an ID during the singulation process (Fig 4.5), passive eavesdropping can be eliminated.

In the above figure, after the collision, the reader responds with Last Bit XOR tag 01 = 0 XOR 1 = 1. Tag 01 continues while the shaded tag 00 ceases to respond to the protocol. The concept is that the reader in the backward channel will be able to hear the responses from the tag, whereas the eavesdropper in the forward channel will not hear the tag response. Thus the reader and tag share a secret - namely the bit value without reveling it to the eavesdropper. The Silent-Tree Walking scheme only meets the security requirement of protection against eavesdropping and does not provide protection against active attacks; it does not protect against eavesdropping in the reverse direction and also assumes that tag IDs are grouped with a common prefix. Creating a common prefix can be difficult with a large numbers of tags. 4.4 The Re-Encryption Approach Juels and Pappu [8] propose the use of publickey cryptography and the employment of reencryption of the serial numbers on banknotes for user privacy protection while still allowing the tracking of these notes by authorized law enforcement agencies. Because of the resource constraints of the RFID tags embedded on these notes, the re-encryption would be done by agents, which in practice could be shops, retail banks and even by consumers. The problem being addressed is that even if the serial numbers of these notes where encrypted, the static cipher text of the serial numbers itself represents a unique identifier, allowing the tracking of individuals. Re-encryption of the cipher text would allow the cipher text to change in appearance without changing the serial number of the plaintext message. Re-encryption used in mix networks is introduced by Golle et al. [11], Mix nets use the homomorphic properties of El Gamal public key cryptography to re-encrypt cipher text with knowledge of only the public parameters and not the plain text. In the method employed by Juels and Pappu, re-encryption is defined based on the knowledge that agents will have access to the plain text, i.e. serial number. Their concept is that an agent receives a banknote and using a scanning device such as an optical reader, reads the plain text

serial number, encrypts it using the law enforcement public key and writes the results back to the RFID. To help prevent fraud, two different contact channels are defined: an optical channel that allows the update of cipher text to the RFID and a transmission channel for RFID query access. Including a digital signature during the encryption process further strengthens this approach. The problem when addressing consumer privacy in the re-encryption approach is the rate at which reencryption must take place. If this rate is very low, the static cipher text will not change, resulting in a unique identifier. Additionally, the cost of the necessary equipment placed on agents to perform the re-encryption can make this approach economically unattractive. 4.5 The Blocker Tag Approach Juels et al. [12] suggest the concept of a blocker tag to address the issue of consumer privacy. The blocker tag approach uses the tree walking protocol to simulate many different tags simultaneously. A blocker tag, blocks the reader from successfully allowing a tag that is in the interrogation zone to successfully respond with its unique ID number. The blocker tag achieves this by causing a collision for each bit in the request from the reader. In effect this would jam tags that the consumer has in their possession, preserving their privacy but allowing the tags to remain active. In a universal configuration this would block all possible tag IDs when queried by the reader. An added advantage to the blocker tag approach is that a blocker tag can be configured to have Multiple Privacy Zones allowing ranges of IDs to be blocked while allowing other ranges to operate normally. The selective blocker tag only requires minor changes to a standard RFID tag. A password would be needed to identify privacy zones. If a low-cost RFID tag costs US $0.05, a selective blocker tag should cost no more the US $0.10. Blocker tags do not require any expensive encryption. For practical use as a privacy tool, selective blocking is suggested. If used in a universal mode the blocker tag method would provide privacy protection at the cost of disrupting the communications of all RFID tags in the area. Disadvantages of this approach include a mechanism that would be needed for readers to identify what zones are being blocked. Another disadvantage is in the selection of privacy zones. Having too many zones could act as an identifier undermining individual privacy. Lastly, a blocker tag can be used maliciously for implementing denial of service attacks.

5.0 Summary The following table presents a comparison of the proposed solutions. The first column identifies the solution. In column two an evaluation is made on how compliant the solution is in regards to the Goals and Assumptions made in section 3.0. The third column places some value on how user friendly the solution is, or what impact the solution has on the tag holders. Column four addresses the added cost to implement the solution, and the last column places some weight on if the solution is practical based on the assumptions made

Based on this summary, the selective blocker tag solution provides the best value with minimal added cost and is practical for implementation by todays standards. The selective blocker tag does impact the holders of tags since they must purchase or obtain a blocker for use against active tags. For completeness, standard encryption has been added as a solution. Using standard encryption schemes would provide strong privacy and be transparent to the holder. Unfortunately, based on the technology available today, the cost would be prohibitive and would not be practical. 6.0 Conclusion The work by Sarma et al. [14] predicts that over the next several years, development of low-cost tags in the range of US $0.05 or less will continue to present a challenge to manufacturers. Low-cost tags will remain extremely resource scarce, passively powered, and have limited memory resources comprised of several hundred bytes, as opposed to

kilobytes. The range of communications will be a few meters, with a limit on computational power. Using standard cryptographic security mechanisms will exceed the capability of these devices. To meet these challenges, more work must be done to develop new hardware-efficient hash functions within low-cost RFID tags, along with new lightweight cryptographic primitives and protocols. Any new and efficient functions need to take into account the limited resources of low-cost RFID tags. In this paper the threats to personal privacy and security that exist in low-cost RFID tags have been identified, goals and assumptions defined, and proposed solutions to address these privacy and security risks analyzed. Based on the comparison of these solutions, the selective blocker tag provides the best solution satisfying most requirements. As RFID technology advances allowing smarter tags, the line between RFID devices, smart cards, and general-purpose computers will blur. Todays research benefiting RFID devices will aid in the development of secure ubiquitous computing systems in the future. References [1] T, McConnel, RFID advances bring fundamental changes to security and personal safety, http://www.iapplianceweb.com/story/OEG20 030604S0047, June 6, 2003 [2] K. Takaragi, M. Usami, R. Imura, R. Itsuki, T. Satoh, An ultra small individual recognition security chip, Micro, IEEE Nov/Dec 2001 Pages 43 49, Volume 21, Issue 6 [3] K.V.S. Rao, An overview of backscattered radio frequency identification system (RFID), Microwave Conference, 1999 Asia Pacific, meeting date 11/30/1999 12/03/1999, Volume: 3, Pages: 746 749 [4] MIT Auto-ID Center. http://www.autoidcenter.org Feb 2004. [5] S. Sarma, D. Brock, D. Engels, Radio frequency identification and the electronic product code, Micro, IEEE, vol. 21, no. 6, Nov. Dec. 2001, pp.50 54. [6] D. McCullough. RFID tags: Big Brother in small packages. CNet, 13 January 2003. From http://news.com.com/2010-1069980325.html. [7] Steven A. Weis, , Security and Privacy in Radio-Frequency Identification Devices MIT Master of Science Thesis, submitted May 2003.

[8] A. Juels, R. Pappu, Squealing Euros: Privacy Protection in RFID-Enabled Banknotes. In R. Wright, ed., Financial Cryptography 03. Pringer-Verlag. 2003 [9] J. Hoffstein, J. Pipher, J. H. Silverman, NTRU: A Ring-Based Public Key Cryptosystem. Lecture Notes in Computer Science, 1423:267, 1998. [10] S.A.Weis, S.E.Sarma, R.L. Revest, D.W. Engels, Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems accepted for publication to the First International Conference on Security in Pervasive Computing (SPC 2003), March 1214, 2003. [11] D. Boneh, P. Golle, Almost Entirely Correct Mixing With Applications to Voting, Proceedings of the 9th ACM conference on Computer and communications security, 2002, pp. 68 - 77. [12] A. Juels, R.L. Rivest, M. Szydlo, The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy. Conference on Computer and Communications Security Proceedings of the 10th ACM conference on

Computer and communication security, October 2003, 103-111. [13] A. Juels, Privacy and Authentication in LowCost RFID Tags, in submission, 2003 http://www.rsasecurity.com/rsalabs/staff/bios /ajuels/publications/pt-rfid [14] S. Sarma, S. Weis, D. Engels, Radiofrequency identifiers: Security Risks and Challenges, CryptoBytes, vol. 6, no. 1, Spring 2003