Formal security and privacy analysis and improvements of RFID hash-based authentication protocol

Radio Frequency IDentification (RFID) technology has been used in most applications for authentication and authorization.However, RFID systems can be traced by an adversary. Many protocols have been proposed to improve the efficiency, security and privacy requirements of RFID. Most of protocols are vulnerable to desynchronization, impersonation, replay, and traceability attacks. In this paper, we prove that the new hash function-based protocol proposed by Zhang Xiaohong is insecure against the impersonation, replay, data desynchronization, traceability, and forward/backward traceability attacks. Also, we apply simulation based privacy model proposed by Vaudenay to analyze privacy aspects. The protocol cannot support any level of privacy as well.Then we propose an improved protocol to prevent the mentioned attacks and guarantee both security and privacy.