A secure supply-chain RFID system that respects your privacy

Alex Arbit, Yossef Oren*, Avishai Wool

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review


Supply-chain RFID systems introduce significant privacy issues to consumers, making it necessary to encrypt communications. Because the resources available on tags are very small, it is generally assumed that only symmetric-key cryptography can be used in such systems. Unfortunately, symmetric-key cryptography imposes negative trust issues between the various stake-holders, and risks compromising the security of the whole system if even a single tag is reverse engineered. This work presents a working prototype implementation of a secure RFID system which uses public-key cryptography to simplify deployment, reduce trust issues between the supply-chain owner and tag manufacturer, and protect user privacy. The authors' prototype system consists of a UHF tag running custom firmware, a standard off-the-shelf reader and custom point-of-sale terminal software. No modifications were made to the reader or the air interface, proving that high-security EPC tags and standard EPC tags can coexist and share the same infrastructure.

Original languageEnglish
Article number6818503
Pages (from-to)52-60
Number of pages9
JournalIEEE Pervasive Computing
Issue number2
StatePublished - 2014
Externally publishedYes


  • RFID
  • pervasive computing
  • security
  • supply chain


Dive into the research topics of 'A secure supply-chain RFID system that respects your privacy'. Together they form a unique fingerprint.

Cite this