A Strengthened Version of a Hash-based RFID Server-less Security Scheme

Radio Frequency IDentification (RFID) is a user-friendly and easy to use technology which has been deployed in different applications to identify and authentication objects and people. Due to employing RFID systems in some sensitive applications, the security of end-users has become more prominent and has got more attention by researchers. Recently, in order to provide security and privacy requirements of end-users, lots of RFID authentication have been proposed. In 2014, Deng et al. cryptanalyzed a server-less RFID authentication protocol and presented an improved protocol. They analyzed the security and privacy of the improved protocol and claimed that their protocol is safe against various attacks. However, in this paper we show that Deng et al.’s protocol is not safe yet and it suffers from secret parameters reveal, tag impersonation and reader impersonation attacks. In addition, we propose some modifications in Deng et al.’s protocol which overcomes all the reported weaknesses. Finally, the improved protocol compared with some similar protocols in the terms of security and privacy.