A New RFID Authentication Protocol with Resistance to Server Impersonation

Security is one of the main issues to adopt RFID technology in daily use. Due to resource constraints of RFID systems, it is very restricted to design a private authentication protocol based on existing cryptographic functions. In this paper, we propose a new RFID authentication protocol. The proposed protocol provides better protection against privacy and security threats than those before. Our proposed protocol is resistant to server impersonation attack introduced in [17]. Former proposal assumes that the adversary should miss any reader-to-tag communication flows and claims that their protocol is secure against forward traceability only in such communication environment. We show that even under such an assumption, the former proposed protocol is not secure. Our proposed protocol is secure against forward traceability, if the adversary misses any reader-to-tag communication flows. Our protocol also has low computational load on both the tag and the server side.