Vulnerabilities and Improvements on HRAP+, a Hash-Based RFID Authentication Protocol

In the last decade, Radio Frequency Identification (RFID)systems are employed in many authentications and identifications applications. In RFID systems, in order to providesecure authentication between RFID users, different authentication protocols proposed. In 2011, Cho et al. proposeda hash-based mutual RFID authentication protocol(HRAP). They claimed that HRAP protocol provides secure communication between RFID users and also it can provideusers privacy. In that year, Habibi et al. investigated the security and privacy of HRAP protocol and showed that HRAP protocol has some weaknesses. Then, Habibi et al.proposed an improved version of HRAP protocol (HRAP+) that eliminates all weaknesses of HRAP protocol. In thisstudy, we cryptanalyze the HRAP+ protocol and we show that there are some flaws in HRAP+ protocol still. It is shown that, an attacker can perform tag impersonation,server impersonation, and replay attacks with success probability greater than 1 4 . Then, in order to omit all mentionedweaknesses, we propose an improved version of HRAP+ protocol. Security analysis shows that the improved protocol can improve the performance of HRAP+ protocol. In addition,we compare the security of the proposed protocol with some hash-based protocols that proposed recently.