A comprehensive taxonomy of security and privacy issues in RFID

Internet of things (IoT) is made up of many devices like sensors, tags, actuators, mobile devices, and many more. These devices interact with each other without human interaction. Radio-frequency identification (RFID) devices are used to track people, assets, objects, etc. Along with the small memory capacity and low-power battery issues, these devices suffer from various security-related issues. These security threats include attacks such as replay, disclosure, tracking, offline guessing, denial of service attacks, and many more. In the last few decades, the researchers have suggested various security approaches to overcome these vulnerabilities. Hence, this paper discusses various possible attacks that can occur on an RFID system, and several security schemes that have been proposed to handle these attacks. First, the works presents the architecture of IoT in detail. Second, all possible attacks are described by categorizing them into confidentiality, integrity, and availability. Then, taxonomy of various security schemes, to deal with these attacks, is discussed under the criteria cryptography approaches, privacy, authentication, authorization, and availability. Finally, the paper describes various issues and challenges to have a better understanding of scope of the future research in the field of RFID security.