HMAC-Based Authentication Protocol: Attacks and Improvements

As a response to a growing interest in RFID systems such as Internet of Things technology along with satisfying the security of these networks, proposing secure authentication protocols are indispensable part of the system design. Hence, authentication protocols to increase security and privacy in RFID applications have gained much attention in the literature. In this study, security and privacy of the recent well-known HMAC-based RFID mutual authentication protocol, is analyzed. We prove that this protocol is not secure against various attacks and also does not provide untraceability. Also, in order to improve the performance of the mentioned protocol and enhance the security of RFID users, a more effective and secure authentication HMAC-based protocol is presented. Furthermore, security of our protocol is explored against different attacks such as; the replay attack, the tag’s ID exposure, the spoofing attack, DoS attack and traceability attack. It is shown that our proposed protocol is safe against the attacks. Finally, the security of the presented protocol is compared with some well-known related protocols.