J Supercomput DOI 10.1007/s11227-013-1073-x An efficient mutual authentication RFID scheme based on elliptic curve cryptography Jue-Sam Chou © Springer Science+Business Media New York 2013 Abstract Radio frequency identification (RFID) tags have been widely deployed in many applications, such as supply chain management, inventory control, and traffic card payment. However, these applications can suffer from security issues or privacy violations when the underlying data-protection techniques are not properly designed. Hence, many secure RFID authentication protocols have been proposed. According to the resource usage of the tags, secure RFID protocols are classified into four types: full-fledged, simple, lightweight, and ultra-lightweight. In general, non-full-fledged protocols are vulnerable to desynchronization, impersonation, and tracking attacks, and they also lack scalability. If the tag resources allow more flexibility, full-fledged protocols seem to be an attractive solution. In this study, we examine full-fledged RFID authentication protocols and discuss their security issues. We then design a novel RFID authentication protocol based on elliptic curve cryptography, to avoid these issues. In addition, we present a detailed security analysis and a comparison with related studies; the results show that our scheme is more resistant to a variety of attacks and that it has the best scalability, while maintaining competitive levels of efficiency. Keywords RFID · Location privacy · Forward privacy · Mutual authentication · Untraceable privacy · ECDLP 1 Introduction Radio frequency identification (RFID) tags allow multiple tagged objects to be scanned simultaneously in a contactless manner, and they could potentially replace bar codes, which require objects to be scanned separately. RFID tagging can thus be applied J.-S. Chou (B) Department of Information Management, Nanhua University, Chiayi, Taiwan, ROC e-mail: jschou@mail.nhu.edu.tw 123