A Strengthened Version of a Hash-based RFID Server-less Security Scheme

Frequency IDentification (RFID) is a user-friendly and easy to use technology which has been deployed in different applications to identify and authentication objects and people.Due to employing RFID systems in some sensitive applications, the security of end-users has become more prominent and has gotmore attention by researchers. Recently, in order to provide security and privacy requirements of end-users, lots of RFIDauthentication have been proposed. In 2014, Deng et al.cryptanalyzed a server-less RFID authentication protocol and presented an improved protocol. They analyzed the security andprivacy of the improved protocol and claimed that their protocol is safe against various attacks. However, in this paper we showthat Deng et al.’s protocol is not safe yet and it suffers from secret parameters reveal, tag impersonation and reader impersonation attacks. In addition, we propose some modifications in Deng et al.’s protocol which overcomes all the reported weaknesses. Finally, the improved protocol compared with some similar protocols in the terms of security and privacy