Abstract
RFID systems have increasingly impact on both public and private domains. However, due to the inherent weaknesses of underlying wireless radio communications, RFID systems are plagued with security and privacy threats. Approach for enhancing security and privacy in certain RFID applications location-related information can serve as a legitimate access context. Examples of these applications include access cards, credit cards, and other payment tokens. To defend against unauthorized reading and relay attacks, such context information can be leveraged in two ways. First, contextual information can be used to design context-aware selective unlocking mechanisms so that tags can selectively respond to reader interrogations and thus minimize unauthorized reading and “ghost-and-leech” relay attacks. Second, contextual information can be used as a basis for context-aware secure transaction verification that allows a bank server to decide whether to approve or deny a payment transaction and detect a specific type of relay attack involving malicious readers.