Paper 2005/049

Adversarial Model for Radio Frequency Identification

Gildas Avoine


Radio Frequency Identification (RFID) systems aim to identify objects in open environments with neither physical nor visual contact. They consist of transponders inserted into objects, of readers, and usually of a database which contains information about the objects. The key point is that authorised readers must be able to identify tags without an adversary being able to trace them. Traceability is often underestimated by advocates of the technology and sometimes exaggerated by its detractors. Whatever the true picture, this problem is a reality when it blocks the deployment of this technology and some companies, faced with being boycotted, have already abandoned its use. Using cryptographic primitives to thwart the traceability issues is an approach which has been explored for several years. However, the research carried out up to now has not provided satisfactory results as no universal formalism has been defined. In this paper, we propose an adversarial model suitable for RFID environments. We define the notions of existential and universal untraceability and we model the access to the communication channels from a set of oracles. We show that our formalisation fits the problem being considered and allows a formal analysis of the protocols in terms of traceability. We use our model on several well-known RFID protocols and we show that most of them have weaknesses and are vulnerable to traceability.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
RFIDAdversarial ModelPrivacyUntraceabilityCryptanalysis
Contact author(s)
gildas avoine @ epfl ch
2005-02-21: received
Short URL
Creative Commons Attribution


      author = {Gildas Avoine},
      title = {Adversarial Model for Radio Frequency Identification},
      howpublished = {Cryptology ePrint Archive, Paper 2005/049},
      year = {2005},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.