Abstract:
We present a privacy-preserving mutual authentication scheme for RFID. The scheme is compatible with supply chains originating at multiple manufactures, and is based on decentralized local databases connected to RFID readers. RFID tag capabilities are compliant with EPG Class 1 Generation 2: tags perform only random number generation, crypto CRC and XOR operations and do not store any global secrets. The scheme with some proposed extensions provides protection against fake tags, fake readers, replay, man-in-themiddle, compromise of reader or tag, cloning, and desynchronization attacks. ©2009 IEEE.