A Secure RFID Mutual Authentication Protocol Conforming to EPC Class 1 Generation 2 Standard

RFID is a non-contact technology using radio frequencies to achieve automatic and unique identification. It has been widely applied in various areas, such as access management, toll collection, and contactless payment. However, because the information transmission medium between readers and tags is radio frequency, it is easy for attackers to eavesdrop on or tamper with data. Hence, creating a secure RFID protocol is very important. In 2012, Cho et al. proposed a hash-based RFID authentication protocol for defense against brute-force attacks. Unfortunately, we find that their protocol is vulnerable to DoS and replay attacks and two design weaknesses about privacy and the authentication procedure. To enhance security, we propose an improvement that conforms to the Electronic Product Code (EPC) Class 1 Generation 2 standard for passive tags. The analyses demonstrate that our protocol can defend against security threats existing in RFID systems and is more applicable for low-cost RFID tags.