Radio Frequency IDentification (RFID) is an automatic identification sys-tem, relying on storing and remotely retrieving data about objects we want to manage using devices called ``RFID tag``. The RFID system is more useful for various purposes than optical barcode technology since the RFID system can identify lots of tags quickly through RF with neither physical nor visual contact. The RFID system can be used in lots of industries such as supply chain management, inventory, storage, $\It{etc}$. and give facilities for individuals with a ubiquitous computing environment.
However, RFID system can have security problems inherently if the tag offers no access-control and tamper-resistance mechanisms. RFID system can induce an information leakage problem of companies and privacy problems of individuals since the RFID tag emits its data to everyone including adversaries. For example, a dishonest company may try to collect information of competing company about physical distribution. By utilizing responses from a tag, an adversary may try to get knowledge of products which an individual user carries or traces a user. In addition, we must consider an attack that an adversary earns unfair profits by responding a reader``s query with forged information. These vulnerabilities make people reluctant to use RFID technology [2, 23].
Even though there are many cryptographic primitives against similar vulnerabilities, they can not be applied to the RFID system due to the limited computation power of a low-cost tag. Consequently, new security protocols with less calculation in the tag are required. To protect users from tracing, we propose an RFID mutual authentication scheme which utilizes a hash function and synchronized secret information like others [11, 9, 17, 16]. To the best of our knowledge, our scheme offers the most enhanced security feature in RFID mutual authentication scheme with respect to user privacy allowing one more hash operation in comparison with [17]...