Secure and private search protocols for RFID systems


In many real world applications, there is a need to search for RFID tagged items. In this paper, we propose a set of protocols for secure and private search for tags based on their identities or certain criteria they must satisfy. When RFID enabled systems become pervasive in our life, tag search becomes crucial. Surprisingly, the problem of RFID search has not been widely addressed in the literature. We analyzed the privacy and security features of the proposed tag search protocols, and concluded that our protocols provide tag identity privacy, tag source location privacy, and tag-reader communication privacy. For the first time, we propose a formal method to securely search RFID tags which satisfy certain search criteria.

This is a preview of subscription content, access via your institution.

Fig. 1


  1. Aho, A., Lam, M, Sethi, R., & Ullman, J. (2007). Compilers: Principles, techniques & tools, 2 nd Edition. Pearson Education, Inc.

  2. Avoine, G. (2005). Cryptography in radio frequency identification and fair exchange protocols. PhD thesis, Ecole Polytechnique Federale de Lausanne.

  3. Avoine, G. (2006). Security and privacy in RFID systems.

  4. Burmester, M., & Medeiros, B. (2007). RFID security: Attacks, countermeasures and challenges. 5th RFID Academic Convocation. The RFID Journal Conference, April 30 - May 2, Orlando, USA.

  5. Burmester, M., Medeiros, B., & Motta, R. (2008). Provably secure grouping-proofs for RFID tags. Proceedings of 8th Smart Card Research and Advanced Application Conference, September 8-11, Ehgam, UK.

  6. Buttyan, L., Holczer, T., & Vajda, I. (2006). Optimal key-trees for tree-based private authentication. In Danezis G. & Golle P. (Eds.), Privacy enhancing technologies. Springer, LNCS 4258, pp. 332-350.

  7. Castelluccia, C., & Avoine, G. (2006). Noisy Tags: A pretty good key exchange protocol for RFID tags. Proceedings of 7th IFIP WG 8.8/11.2 International Conference on Smart Card Research and Advanced Applications, April 19-21, Tarragona, Spain.

  8. Garfinkel, S., Juels, A., & Pappu, R. (2005). RFID Privacy: An overview of problems and proposed solutions. IEEE Security & Privacy, pp. 34-43.

  9. Glover, B., & Bhatt, H. (2006). RFID essentials. O’Reilly Publisher.

  10. Gong, L., Needham, R., & Yahalom, R. (1990). Reasoning about belief in cryptographic protocols. Proceedings of IEEE Symposium on Security and Privacy, May 1990, Oakland, California, USA.

  11. Hopper, N., & Blum, M. (2001). Secure human identification protocols. In C. Boyd (Ed.), Advances in cryptology – ASIA CRYPT 2001, Vol. 2248, Lecture notes in computer science, pp. 52-66, Springer-Verlag.

  12. Juels, A. (2004). Minimalist cryptography for low-cost RFID tags. Proceedings of Fourth Conference on Security in Communication Networks, pp. 149-153, September 8-10, Amalfi, Italy.

  13. Juels, A. (2006). RFID security and privacy: A research survey. IEEE Journal on Selected Areas in Communication, 24(2), February 2006.

  14. Juels, A., & Weis, S. (2005). Authenticating pervasive devices with human protocols. In V. Shoup (Ed.), Advances in cryptology – crypto 05, Lecture notes in computer science. Springer-Verlag.

  15. Juels, A., & Weis, S. (2007). Defining strong privacy for RFID. Proceedings of 5th Annual IEEE International Conference on Pervasive Computing and Communications, March 19-23, White Plains, USA.

  16. Katz, J., & Shin, J. (2006). Parallel and concurrent security of the HB and HB++ protocols. In Advances in cryptology – EURO CRYPT 2006, Vol. 4004, Lecture notes in computer science, pp. 73-87, Springer.

  17. Lim, C., & Kwon, T. (2006). Strong and robust RFID authentication enabling perfect ownership transfer. Proceedings of the 8th Conference on Information and Communications security, December 4-7, Raleigh, NC, USA.

  18. Molnar, D., & Wagner, D. (2004). Privacy and security in library RFID: Issues, practices, and architectures. Proceedings of the ACM Conference on Computer and Communications Security, Washington DC, USA.

  19. Ozturk, C., Zhang, Y., & Trappe, W. (2004). Source-location privacy in energy-constrained sensor network routing. Proceedings of the 2 nd ACM Workshop on Security of Ad hoc and Sensor Networks, October 25, Washington DC, USA.

  20. Peris-Lopez, P., Hernandez-Castro, C., Estevez-Tapiador, J., & Ribagorda, A. (2006a). LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. Proceedings of 2 nd Workshop on RFID Security, July 12-14, Graz, Austria.

  21. Peris-Lopez, P., Hernandez-Castro, C., Estevez-Tapiador, J., & Ribagorda, A. (2006b). M2AP: A minimalist mutual-authentication protocol for low-cost RFID tags. Proceedings of International Conference on Ubiquitous Intelligence and Computing, pp. 912-923, September 3-6, Wuhan, China.

  22. Song, B., & Mitchell, C. (2008). RFID Authentication protocol for low-cost tags. Proceedings of first ACM Conference on Wireless Network Security, March 31-April 2, 2008, Alexandria, Virginia, USA.

  23. Swedberg, C. (2008). GE Develops passive tag that functions as multiple sensors. Journal of RFID.

  24. Tan, C., Sheng, B., & Li, Q. (2007). Secure and serverless RFID authentication and search protocols. Proceedings of International Conference on Pervasive Computing and Communications, March 2007, New York, USA.

  25. Tsudik, G. (2006). YA-TRAP:Yet another trivial RFID authentication protocol. Proceedings of 4th Annual IEEE International Conference on Pervasive Computing and Communications, March 13-17, Pisa, Italy.

  26. Vajda, I., & Buttyan L. (2003). Lightweight authentication protocols for low-cost RFID tags. Proceedings of Second Workshop on Security in Ubiquitous Computing, October 12, Seattle, Washington, USA.

  27. Weis, S., Sarma, S., Rivest, R., & Engels, D. (2003). Security and privacy aspects of low-cost radio frequency identification systems. Proceedings of the 1 st International Conference on Security in Pervasive Computing, March 12-14, Boppard, Germany.

  28. Xi, Y., Schwiebert, L., & Shi, W. (2006). Preserving source location privacy in monitoring-based wireless sensor networks. Proceedings of 20th International Parallel and Distributed Processing Symposium, April 25-29, Rhodes Island, Greece.

  29. Yang, J., Park, J., Lee, H., Ren, K., & Kim, K. (2005). Mutual authentication protocol for low-cost RFID. Handout of the Ecrypt Workshop on RFID and Lightweight Crypto, July 14-15, Graz, Austria.

  30. Yuksel, K. (2004). Universal hashing for ultra-low-power cryptographic hardware applications. Master’s Thesis, Worcester Polytechnic Institute, USA.

Download references


The author is thankful to Dr. Robert Herklotz for his support, which made this work possible.

Author information



Corresponding author

Correspondence to Yanjun Zuo.

Additional information

This work was supported in part by US Air Force Office of Scientific Research under grant FA 9550-09-1-0215.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Zuo, Y. Secure and private search protocols for RFID systems. Inf Syst Front 12, 507–519 (2010).

Download citation


  • RFID
  • Tag search
  • Protocol
  • Security
  • Privacy