RFID Mutual Authentication Protocol based on Synchronized Secret

Radio Frequency Identification (RFID) tags, due to their ability to uniquely identify every individual item and low cost, are well suited for supply chain management and are expected to replace barcodes in the near future. However, unlike barcodes, these tags have a longer range in which they are allowed to be scanned, subjecting them to unauthorized scanning by malicious readers and to various other attacks, including cloning attacks. Privacy and security concerns inhibit the fast adaption of RFID technology for many applications. A number of authentication protocols that address these concerns have been proposed but realworld solutions that are secure and maintain low communication cost are still needed and being investigated. Recently, Cho et al. proposed a hash-based RFID mutual authentication protocol using a secret value. However, this paper shows that Cho et al.’s protocol is weak against desynchronization attack and proposes a remedy mutual authentication protocol, which offers a high level of security based on hash operation with synchronized secret. The protocol is applicable to resource, power and computationally constraint platforms such as RFID tags. Our investigation shows that it can provide mutual authentication and untraceability as well as resistance to replay, denial-of-service and man-in-the-middle attacks, while retaining a competitive computation cost.