Abstract
The rapid growth of the Internet of Things and the widespread adoption of RFID tags have intensified the need for authentication protocols that also ensure data integrity. Most existing RFID authentication protocols provide mutual authentication and resistance to common network attacks, but they generally do not address the integrity of the data stored on and transmitted by the RFID tag. In many practical scenarios, tag authentication must be complemented by verification of the integrity of the transmitted data, which creates the need for a specialized protocol capable of solving both tasks simultaneously under severe hardware constraints. This paper proposes a mutual authentication protocol for communication between an RFID tag and a system server. On the tag side, the protocol requires only a cryptographic hash function with hardware complexity not exceeding 2000 GE, a simple pseudo-random number update function, and a concatenation operation. Mutual authentication is achieved using one-time parameters that are updated independently after each session, with their initial values distributed between the RFID tag and the system during the initialization phase. A single authentication session on the RFID tag side requires only three hash computations and one execution of the pseudo-random number update function, while the number of message exchanges between the RFID tag and the system is reduced to two. The paper shows that the proposed protocol is resistant to reader impersonation, tag impersonation, replay, active man-in-the-middle, and desynchronization attacks, while also providing forward secrecy and RFID tag data integrity control. The obtained results indicate that the proposed protocol is suitable for systems in which RFID tag data are not confidential but require integrity assurance, particularly in logistics, supply chain management, and related IoT applications.