Vulnerabilities and Improvements on HRAP+, a Hash-Based RFID Authentication Protocol

In the last decade, Radio Frequency Identification (RFID) systems are employed in many authentications and identifications applications. In RFID systems, in order to provide secure authentication between RFID users, different authentication protocols proposed. In 2011, Cho et al. proposed a hash-based mutual RFID authentication protocol (HRAP). They claimed that HRAP protocol provides secure communication between RFID users and also it can provide users privacy. In that year, Habibi et al. investigated the security and privacy of HRAP protocol and showed that HRAP protocol has some weaknesses. Then, Habibi et al. proposed an improved version of HRAP protocol (HRAP) that eliminates all weaknesses of HRAP protocol. In this study, we cryptanalyze the HRAP protocol and we show that there are some flaws in HRAP protocol still. It is shown that, an attacker can perform tag impersonation, server impersonation, and replay attacks with success probability greater than 1 4 . Then, in order to omit all mentioned weaknesses, we propose an improved version of HRAP protocol. Security analysis shows that the improved protocol can improve the performance of HRAP protocol. In addition, we compare the security of the proposed protocol with some hash-based protocols that proposed recently.