A taxonomy of system attacker behavior reveals security vulnerabilities in RFID authorization and monitoring systems. RFID systems are classified by their informational goals-typically, authorization and monitoring. Authorization systems replace the more traditional approaches of granting an entity access to a particular zone, whereas monitoring systems establish an entity's location in that zone. Although their informational goals differ, the underlying hardware is identical for both types of systems; consequently, attacks at the hardware level are the same. However, because attacker behavior invalidates each subsystem's informational goals differently, RFID security requirements should consider these goals individually.