Privacy and Security in Library RFID Issues, Practices, and Architectures

We expose privacy issues related to Radio Frequency Identification (RFID) in libraries, describe current deployments, and suggest novel architectures for library RFID. Libraries are a fast growing application of RFID; the technology promises to relieve repetitive strain injury, speed patron self-checkout, and make possible comprehensive inventory. Unlike supply-chain RFID, library RFID requires item-level tagging, thereby raising immediate patron privacy issues. Current conventional wisdom suggests that privacy risks are negligible unless an adversary has access to library databases; we show this is not the case. In addition, we identify private authentication as a key technical issue: how can a reader and tag that share a secret efficiently authenticate each other without revealing their identities to an adversary? Previous solutions to this problem require reader work linear in the number of tags and cryptographic primitives such as collision-resistant hash functions or pseudo-random functions. We give a scheme for building private authentication with work logarithmic in the number of tags, and protocols that achieve private authentication without expensive cryptographic primitives; we believe this scheme will be of independent interest beyond RFID applications.