Security and Privacy Flaws in a Recent Authentication Protocolfor EPC C1 G2 RFID Tags

Recently, due to widespread use of Radio FrequencyIDentification (RFID) systems in personal applications, securityand privacy of these systems have got more attention. In order toprovide security and privacy of RFID users, differentauthentication protocols have been proposed. In 2014,Mohammadi et al. proposed an improved authentication protocolfor RFID systems. They claimed that their protocol is secureagainst various attacks. In this study, we investigate security andprivacy of their protocol. It is shown that their protocol is notsafe against several attacks including secret parameters reveal,tag impersonation, data integrity, desynchronization and also itcannot provide user privacy. Then, in order to omitaforementioned weaknesses, we apply some changes onMohammadi et al.’s protocol and we propose an improvedprotocol. In addition, the security and privacy of the proposedprotocol are analyzed against various attacks