Radio Frequency Identification (RFID) is a system that wirelessly enables massive identification and tracking of items. The first RFID tag was developed in 1973, implemented a passive transponder to unlock a door without a key. However, this device does not open up a commercial wealth, until with live stock tracking in 1990s’[1]. Without a standard in the 90s’, several different and incompatible types of identifiers and protocols are used, depending on application developer and device vendor. In 1999, the AutoID center at the Massachusetts Institute of Technology was founded to guide and standardize the development of RFID technology[2], which resulted in the adoption of the Electronic Product Code (EPC) as an international standard. In addition, the wireless nature with no line-of-sight requirement makes RFID ideal for massive inventory control and fast check out. Thus, each tag embedded with a unique identifier follows a standardized electronic product code (EPC), which is anticipated to serve on consumer product as a successor to the ubiquitous ”UPC” bar code in near future. The making of EPC standard has benefited the RFID technology to be comprehensively adapted in a broad range of application nowadays, such as electronic toll collection for highways, inventory management, employee badges, and wireless electronic or credit card payment
Two components involved in the systems are RFID tags and readers. The tags, usually attached to item, contain a radio frequency transponder and a read-only (sometimes re-writable) memory chip that was preloaded with a unique identifier. Power source is typically used to distinguish passive and active tags. Active tags includes a small battery to transmit information directly to reader, whereas passive tags work by taking the energy received from the reader through an antenna and using that energy to transmit its secret data back to the reader. Passive tags are likely to be more widely used, because of their low cost production.
When tags get queried by readers, they respond with their unique identifier. After querying the tags, the readers usually transmit the data back to a back-end system, i.e. a database. The readers are designed to query multiple tagged items at once and distinguish between each one of them. Nevertheless, in practice, both parties are constantly exposed in the untrusted environment, due to unencrypted transmission, lack of data integrity, or mutual authentication, and thereby damaging the privacy[3].