Vulnerabilities and Improvements on HRAP + , a Hash-Based RFID Authentication Protocol Seyed Mohammad Alavi 1 , Behzad Abdolmaleki 2 , and Karim Baghery 3 1 Imam Hossein Comprehensive University Tehran, Iran malavi@ihu.ac.ir 2 Information Systems and Security Lab (ISSL), Sharif University of Technology Tehran, Iran b.abdolmaleki.ir@ieee.org 3 Information Systems and Security Lab (ISSL), Sharif University of Technology Tehran, Iran k.baghery.1988@ieee.org Abstract In the last decade, Radio Frequency Identification (RFID) systems are employed in many authentications and identifi- cations applications. In RFID systems, in order to provide secure authentication between RFID users, different au- thentication protocols proposed. In 2011, Cho et al. pro- posed a hash-based mutual RFID authentication protocol (HRAP). They claimed that HRAP protocol provides secure communication between RFID users and also it can provide users privacy. In that year, Habibi et al. investigated the se- curity and privacy of HRAP protocol and showed that HRAP protocol has some weaknesses. Then, Habibi et al. proposed an improved version of HRAP protocol (HRAP + ) that eliminates all weaknesses of HRAP protocol. In this study, we cryptanalyze the HRAP + protocol and we show that there are some flaws in HRAP + protocol still. It is shown that, an attacker can perform tag impersonation, server impersonation, and replay attacks with success prob- ability greater than ଵ ସ . Then, in order to omit all mentioned weaknesses, we propose an improved version of HRAP + protocol. Security analysis shows that the improved proto- col can improve the performance of HRAP + protocol. In ad- dition, we compare the security of the proposed protocol with some hash-based protocols that proposed recently. Keywords: RFID authentication protocols, HRAP + protocol, Security, Impersonation Attack. 1. Introduction RFID systems are increasingly becoming part of our daily life. In many of our daily routines, without realizing it, we use RFID technology that use radio waves for automatic identification applications [1]. RFID technology also is used in different objects for different applications. Mainly, RFID systems consist of three main parts including Tag, Reader and Back-end-server or Database (Shown in Fig. 1). The data included in RFID tags that often are identification numbers, can be collected by the wireless reader. Also the reader can perform some logic processors and change the content of RFID tags. The third part of RFID systems that contains all secret information of tags, is back-end server or database. The reader located between the tags and the back- end server and exchanges data between them. In each run of RFID system, the database performs some certification and authentication processes and provides access to the data [2]. In some applications, communication channels between the readers and the database is insecure [3]. But in some cases, communication channels between the readers and the data- base is secure [4]. Due to nature of wireless communication between tags and readers, these channels can be eavesdropped by an ad- versary. As a results, although these systems provide many useful services, they can dangerous for security and the pri- vacy of end-users. In the last few years, in order to protect RFID users against different security and privacy attacks Fig. 1. A System model of RFID systems ACSIJ Advances in Computer Science: an International Journal, Vol. 3, Issue 6, No.12 , November 2014 ISSN : 2322-5157 www.ACSIJ.org 51 Copyright (c) 2014 Advances in Computer Science: an International Journal. All Rights Reserved.