RFID and Privacy

  • Marc Langheinrich
Part of the Data-Centric Systems and Applications book series (DCSA)


Radio-frequency identification (RFID) technology has become one of the most hotly debated ubiquitous computing technologies, and public fears of its alleged capability for comprehensive surveillance have prompted a flurry of research trying to alleviate such concerns. The following chapter aims at introducing and briefly evaluating the range of proposed technical RFID privacy solutions. It also attempts to put the problem of RFID privacy into the larger perspective of both applications and policy, in order to properly assess the feasibility of the discussed solutions.


Smart Card Location Privacy Read Range Comprehensive Surveillance Ubiquitous Computing Technology 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    M.F. Relfe. When Your Money Fails. League of Prayer, Montgomery, AL, USA, January 1981.Google Scholar
  2. 2.
    S. Garfinkel and B. Rosenberg, editors. RFID: Applications, Security, and Privacy. Addison-Wesley, July 2005.Google Scholar
  3. 3.
    EPIC — Electronic Privacy Information Center. Radio frequency identification (RFID) systems. The A to Z’s of Privacy Website, 2006.Google Scholar
  4. 4.
    Capgemini. RFID and consumers-what European consumers think about radio frequency identification and the implications for business, February 2005.Google Scholar
  5. 5.
    S.A. Brown. Revolution at the Checkout Counter: The Explosion of the Bar Code. Wertheim Publications in Industrial Relations. Harvard University Press, Cambridge, MA, USA, 1997.Google Scholar
  6. 6.
    K. Finkenzeller. RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification. Wiley, 2003.Google Scholar
  7. 7.
    R. Want. RFID-a key to automating everything. Scientific American, 290(1):46–55, January 2004.CrossRefGoogle Scholar
  8. 8.
    R. Want. The magic of RFID. ACM Queue, 2(7):41–48, October 2004.CrossRefGoogle Scholar
  9. 9.
    M. Lampe, C. Flörkemeier, and S. Haller. Einführung in die RFID-Technologie. In E. Fleisch and F.n Mattern, editors, Das Internet der Dinge — Ubiquitous Computing und RFID in der Praxis, pages 69–86. Springer, 2005.Google Scholar
  10. 10.
    C. Law, K. Lee, and K.Y. Siu. Efficient memoryless protocol for tag identification (extended abstract). In Proceedings of the Fourth International Workshop on Discrete Algorithms and Methods for Mobile Computing and Communications, pages 75–84. ACM Press, 2000.Google Scholar
  11. 11.
    A. Juels. RFID security and privacy: A research survey. IEEE Journal on Selected Areas in Communication, 24(2):381–394, February 2006.CrossRefMathSciNetGoogle Scholar
  12. 12.
    Z. Kfir and A. Wool. Picking virtual pockets using relay attacks on contactless smartcard systems. In Conference on Security and Privacy for Emerging Areas in Communication Networks — SecureComm 2005. IEEE, September 2005.Google Scholar
  13. 13.
    B. Krebs. Leaving Las Vegas: So long DefCon and Blackhat. washingtonpost. com Weblog, August 2005.Google Scholar
  14. 14.
    T. Finke and H. Kelter. Abhörmöglichkeiten der Kommunikation zwischen Lesegerät und Transponder am Beispiel eines ISO14443-Systems. BSI White Paper, 2004.Google Scholar
  15. 15.
    S.A. Weis. Security and Privacy in Radio-Frequency Identification Devices. Master’s thesis, Massachusetts Institute of Technology, Cambridge, MA, USA, May 2003.Google Scholar
  16. 16.
    B. Fabian, O. Günther, and S. Spiekermann. Security analysis of the object name service for RFID. In Proceedings of the 1st International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, July 2005.Google Scholar
  17. 17.
    A. Kantor. Tiny transmitters give retailers, privacy advocates goosebumps., December 19, 2003.Google Scholar
  18. 18.
    C.R. Schoenberger. The internet of things. Forbes Magazine, 2002(6).Google Scholar
  19. 19.
    M. Zeidler. RFID: Der Schnüffelchip im Joghurtbecher. Monitor-Magazin, January 8, 2003.Google Scholar
  20. 20.
    M. Roberti. Big brother’s enemy. RFID Journal, July 2003.Google Scholar
  21. 21.
    R. Curnow. The privacy to pay for VIP status., October 6, 2004.Google Scholar
  22. 22. Two U.S. employees injected with RFID microchips at company request. Press Release, February 2006.Google Scholar
  23. 23.
    O. Berthold, O. Günther, and S. Spiekermann. Verbraucherängste und Verbraucherschutz. Wirtschaftsinformatik, 47(6):1–9, 2005.Google Scholar
  24. 24.
    A. Juels. Attack on a cryptographic RFID device. Guest Column in RFID Journal, February 28, 2005.Google Scholar
  25. 25.
    J. Lettice. Face and fingerprints swiped in Dutch biometric passport crack. The Register, January 30, 2006.Google Scholar
  26. 26.
    Association for Automatic Identification and Mobility. The ROI of privacy invasion. RFID Connections Webzine, January 2004.Google Scholar
  27. 27.
    Auto-ID Center/ EPCglobal, Cambridge, MA, USA. 900 MHz Class 0 Radio Frequency (RF) Identification Tag Specification, 2003.Google Scholar
  28. 28.
    S.A. Weis, S.E. Sarma, R.L. Rivest, and D.W. Engels. Security and privacy aspects of low-cost radio frequency identification systems. In D. Hutter et al., editor, Security in Pervasive Computing — First International Conference, Boppard, Germany, March 12–14, 2003, Revised Papers, volume 2802 of Lecture Notes in Computer Science, pages 201–212. Springer, 2003.Google Scholar
  29. 29.
    Auto-ID Center/ EPCglobal, Cambridge, MA, USA. 860 MHz–930 MHz Class 1 Radio Frequency (RF) Identification Tag Radio Frequency & Logical Communication Interface Specification, 2002.Google Scholar
  30. 30.
    G. Karjoth and P.A. Moskowitz. Disabling RFID tags with visible confirmation: clipped tags are silenced. In V. Atluri et al., editor, Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society (WPES 2005), pages 27–30, Alexandria, VA, USA, 2005. ACM Press.Google Scholar
  31. 31.
    R. Stapleton-Gray. Scanning the horizon: A skeptical view of RFIDs on the shelves, July 2005.Google Scholar
  32. 32.
    A. Juels, R.L. Rivest, and M. Szydlo. The blocker tag: Selective blocking of RFID tags for consumer privacy. In S. Jajodia et al., editor, Proceedings of the 10th ACM Conference on Computer and Communication Security, pages 103–111, Washington, D.C., USA, 2003. ACM Press.Google Scholar
  33. 33.
    A. Juels. RFID privacy: A tecnical primer for the non-technical reader. In K. Strandburg and D. Stan Raicu, editors, Privacy and Technologies of Identity: A Cross-Disciplinary Conversation. Springer, 2005.Google Scholar
  34. 34.
    A. Juels, P. Syverson, and D. Bailey. High-power proxies for enhancing RFID privacy and utility. In G. Danezis and D. Martin, editors, Privacy Enhancing Technologies (PET), May 2005.Google Scholar
  35. 35.
    C. Flörkemeier, R. Schneider, and M. Langheinrich. Scanning with a purpose — supporting the fair information principles in RFID protocols. In H. Murakami et al., editor, Ubiquitous Computing Systems — Second International Symposium, UCS Tokyo, Japan, November 8–9, 2004, Revised Selected Papers, volume 3598 of Lecture Notes in Computer Science, pages 214–231. Springer, June 2005.Google Scholar
  36. 36.
    Data Protection Commissioners. Resolution on radio frequency identification. 25th International Conference of Data Protection and Privacy Commissioners, November 2003.Google Scholar
  37. 37.
    S. Garfinkel. An RFID bill of rights. Technology Review, 105(8):35, October 2002.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Marc Langheinrich
    • 1
  1. 1.Institute for Pervasive ComputingETH ZurichSwitzerland

Personalised recommendations