Although RFID systems offer many noteworthy characteristics, security and privacy issues associated with them are not easy to address. In this paper, we investigate how to solve the eavesdropping, modification and one particular type of relay attacks toward the tag-to-reader communication in passive RFID systems without requiring lightweight ciphers or secret credentials shared by legitimate parties using a physical layer approach. To this end, we propose a novel physical layer scheme, called
Backscatter modulation- and Uncoordinated frequency hopping-assisted Physical Layer Enhancement
(BUPLE). The idea behind it is to use the amplitude of the carrier to transmit messages as normal, while to utilize its periodically varied frequency to hide the transmission from the eavesdropper/relayer and to exploit a random sequence modulated to the carrier’s phase to defeat malicious modifications. We further improve its eavesdropping resistance through the coding in the physical layer as BUPLE ensures that the tag-to-eavesdropper channel is strictly noisier than the tag-to-reader channel. Three practical Wiretap Channel Codes (WCCs) for passive tags are then proposed: two of them are constructed from linear error correcting codes, and the other one is constructed, for the first time to the best of our knowledge, from resilient vector Boolean functions. The security and usability of BUPLE in conjunction with WCCs are further confirmed by our proof of concept implementation and testing on the software defined radio platform with a programmable WISP tag.