Editing Radio-frequency identification (section)

===Security concerns===
A primary RFID security concern is the illicit tracking of RFID tags. Tags, which are world-readable, pose a risk to both personal location privacy and corporate/military security. Such concerns have been raised with respect to the [[United States Department of Defense]]'s recent{{When|date=January 2021}} adoption of RFID tags for [[supply chain management]].<ref>{{cite web|work = Radio Frequency Identification (RFID)|title = What's New|date = 4 April 2007|url = http://www.acq.osd.mil/log/rfid/index.htm|archive-url = https://web.archive.org/web/20060228101133/http://www.acq.osd.mil/log/rfid/index.htm|archive-date = 28 February 2006}}</ref> More generally, privacy organizations have expressed concerns in the context of ongoing efforts to embed electronic product code (EPC) RFID tags in general-use products. This is mostly as a result of the fact that RFID tags can be read, and legitimate transactions with readers can be eavesdropped on, from non-trivial distances. RFID used in access control,<ref>{{cite book |date=March 2014| pages=73–81|doi=10.1109/NRSC.2014.6835063|s2cid= 21520509| chapter=Comparative analysis of authentication techniques to Secure Low Level Reader Protocol (LLRP) connection| title=2014 31st National Radio Science Conference (NRSC)| last1=Elshrief| first1=Shreen Abd Elfatah| last2=Sadek| first2=Rowayda. A.| last3=Ghalwash| first3=Atef.| isbn=978-1-4799-3821-6}}</ref> payment and eID (e-passport) systems operate at a shorter range than EPC RFID systems but are also vulnerable to [[RFID skimming|skimming]] and eavesdropping, albeit at shorter distances.<ref name=Hancke>{{cite journal|last=Hancke|first=Gerhard P|title=Practical eavesdropping and skimming attacks on high-frequency RFID tokens|journal=Journal of Computer Security|year=2011|volume=19|issue=2|pages=259–288|doi=10.3233/JCS-2010-0407|url=http://iospress.metapress.com/content/xx855446h2kh84r2/|access-date=10 August 2012|archive-url=https://web.archive.org/web/20160527141257/http://iospress.metapress.com/content/xx855446h2kh84r2/|archive-date=27 May 2016|citeseerx=10.1.1.169.9341}}</ref>

A second method of prevention is by using cryptography. [[Rolling code]]s and [[challenge–response authentication]] (CRA) are commonly used to foil monitor-repetition of the messages between the tag and reader, as any messages that have been recorded would prove to be unsuccessful on repeat transmission.{{Clarify|reason=|date=January 2021}} Rolling codes rely upon the tag's ID being changed after each interrogation, while CRA uses software to ask for a [[cryptographic]]ally coded response from the tag. The protocols used during CRA can be [[symmetric key cryptography|symmetric]], or may use [[public key cryptography]].<ref name=RFIDHbook1>{{cite book|editor-last2=Ilyas |editor-first=Syed |editor-last=Ahson |editor-first2=Mohammad|title=RFID handbook: applications, technology, security, and privacy|year=2008|publisher=CRC Press|location=Boca Raton|isbn=978-1-4200-5499-6|section-url=https://books.google.com/books?id=q4aCyZnq0cwC&q=Rather,+the+reader+issues+a+challenge+to+the+tag,+which+responds+with+a+result+computed+using+a+cryptographic+circuit+keyed+with+some+secret+value&pg=PA478 |access-date=7 August 2012|page=478|section=26.5 Other security concerns}}</ref>

While a variety of secure protocols have been suggested for RFID tags,
in order to support long read range at low cost, many RFID tags have barely enough power available
to support very low-power and therefore simple security protocols such as [[cover-coding]].<ref>
[https://polygait.calpoly.edu/what-rfid/social-implications "RFID: Social Implications"].</ref>

Unauthorized reading of RFID tags presents a risk to privacy and to business secrecy.<ref>{{cite web|url=https://www.vde-verlag.de/proceedings-en/453168007.html|title=Business risks from naive use of RFID in tracking, tracing and logistics - Conference papers - VDE Publishing House|website=www.vde-verlag.de|access-date=2019-12-09}}</ref> Unauthorized readers can potentially use RFID information to identify or track packages, persons, carriers, or the contents of a package.<ref name=RFIDHbook1/> Several prototype systems are being developed to combat unauthorized reading, including RFID signal interruption,<ref>{{cite web|url = http://www.rsasecurity.com/rsalabs/node.asp?id=2115|title = RFID Privacy and Security|publisher = RSA Laboratories|access-date = 2013-09-22|archive-url = https://web.archive.org/web/20061218210709/http://www.rsasecurity.com/rsalabs/node.asp?id=2115|archive-date = 2006-12-18}}</ref> as well as the possibility of legislation, and 700 scientific papers have been published on this matter since 2002.<ref>{{cite web|url = http://avoine.net/rfid/|title = RFID Security and Privacy Lounge|publisher=Avoine.net|access-date=2013-09-22}}</ref> There are also concerns that the database structure of [[Object Naming Service]] may be susceptible to infiltration, similar to [[denial-of-service attack]]s, after the EPCglobal Network ONS root servers were shown to be vulnerable.<ref>{{cite web|first=Adi|last=Tedjasaputra|url=http://www.rfid-asia.info/2007/02/putting-rfid-network-security-in.htm|title=Putting RFID Network Security in Perspective|publisher=RFID Asia|date=2006-12-11|access-date=2007-08-03}}</ref>