This paper presents the design, implementation, and evaluation of the RFID Guardian, the first-ever unified platform for RFID security and privacy administration. The RFID Guardian resembles an ``RFID firewall,'' that monitors and controls access to RFID tags by combining a standard-issue RFID reader with unique RFID tag emulation capabilities. Our system provides a platform for both automated and coordinated usage of RFID security mechanisms, offering fine-grained control over RFID-based auditing, key management, access control, and authentication capabilities. We have prototyped the RFID Guardian using off-the-shelf components, and our experience has shown that active mobile devices are a valuable tool for managing the security of RFID tags in a variety of applications, including protecting low-cost tags that are unable to regulate their own usage.
More philosophically, RFID technology vividly illustrates the difficulties of security administration in a world of increasingly pervasive, decentralized, low-cost, and low-power computing. Our paper thus also offers a glimpse of what system administration may be like in the future, when laymen face the responsibility to manage systems of tiny computers that they are barely aware of.