A Strengthened Version of a Hash-based RFID Server-less Security Scheme Shahab Abdolmaleky 1 , Shahla Atapoor 2 , Mohammad Hajighasemlou 3 and Hamid Sharini 4 1 Department of Computer Engineering, Science and Research Branch, IAU University Tehran, Iran s.abdolmaleky.ir@ieee.org 2 Iran Telecommunication Research Centre (ITRC) Tehran, Iran sh.atapoor@itrc.ac.ir 3 Faculty of Electrical and Computer Engineering, Tabriz University Tabriz, Iran m.hajighasemlou@tabrizu.ac.ir 4 Tehran University of Medical Science (TUMS) Tehran, Iran hamid.sharini@razi.tums.ac.ir Abstract Radio Frequency IDentification (RFID) is a user-friendly and easy to use technology which has been deployed in different applications to identify and authentication objects and people. Due to employing RFID systems in some sensitive applications, the security of end-users has become more prominent and has got more attention by researchers. Recently, in order to provide security and privacy requirements of end-users, lots of RFID authentication have been proposed. In 2014, Deng et al. cryptanalyzed a server-less RFID authentication protocol and presented an improved protocol. They analyzed the security and privacy of the improved protocol and claimed that their protocol is safe against various attacks. However, in this paper we show that Deng et al.’s protocol is not safe yet and it suffers from secret parameters reveal, tag impersonation and reader impersonation attacks. In addition, we propose some modifications in Deng et al.’s protocol which overcomes all the reported weaknesses. Finally, the improved protocol compared with some similar protocols in the terms of security and privacy. Keywords: RFID Authentication Protocol, Hash functions, Server-less Protocol, Security and Privacy Attacks, Healthcare systems. 1. Introduction Radio Frequency Identification (RFID) technology is a progressive wireless kind of communication system which is developed in different aspects of authentication such as consumer electronics, defense, homeland security, transportation, healthcare organization and etc [1], [2], [3]. For example in healthcare, by using resources more effectively, not only hospital staff can spend less time running around trying to find medical supplies and more time with patients, but also reduce the counterfeiting of pharmaceuticals and other high-end products and monitor medical supplies in hospitals [4], as well as in payment systems [5], or we can mention the RFID’s application in transportation which the destination [3], origin, owner, type and amount of products in a container which is carried with a trailer are clarified just by passing the trailer around the RFID reader, or we can detect the stolen cars by using RFID for vehicle registration. An RFID system consist of three main parts, Tags, Readers, and a Back-end server [6] (Shown in Fig. 1). The tags and the readers are connected in a wireless manner via electromagnetic signal, while the connection between the readers and the back end server are consisted of two types, wired or wireless [7]. The tag and the reader introduce themselves by transcribing data and they operate according to the protocol after authentication [8]. So the major problem in using the RFID technology is establishing the security. Due to restriction of low-cost RFID tags caused by storage and computation, designing an RFID authentication protocols based on simplified cryptography mechanism is the goal of recent researchers [8], [9], [10]. As the simplicity of the design makes the protocol suitable to low-cost RFID tags, different types of encryption have been introduced in protocol which can be categorized in four classes: The first class discusses protocols which apply conventional cryptographic functions [11]. The second class are protocols that apply random number generator and one-way hash function [12]. The third class refers to protocols that apply random number generator and Cyclic Redundancy Code checksum [13]. The last one refers to those protocols which are using simple bitwise operations such as XOR, AND, OR, etc ACSIJ Advances in Computer Science: an International Journal, Vol. 4, Issue 3, No.15 , May 2015 ISSN : 2322-5157 www.ACSIJ.org 18 Copyright (c) 2015 Advances in Computer Science: an International Journal. All Rights Reserved.