The Outer Limits of RFID Security
It is tempting to regard RFID security and privacy primarily as questions of cryptographic protocol design. We would like RFID tags to authenticate themselves in a trustworthy manner. We would also like them to protect the identities and personal data of their bearers. We might imagine that our aims should be to squeeze cryptographic primitives down to the constrained environments of RFID tags and to craft protocols that scale up to populations of millions or billions of devices. By adapting existing tools, it might seem that we can readily fulfill the majority of our needs with some more circuitry in tags, a greater abundance of cycles and memory on application servers, and a bit of clever economizing.