HMAC-Based RFID Authentication Protocol with Minimal Retrieval at Server
In this paper, the authors propose a HMAC-based RFID mutual authentication protocol to improve performance at the back-end server. In existing hash-based protocols, the tag ID is a secret value for privacy, so the back-end server computes a lot of hash operations or modular operations to retrieve the tag ID. In their protocol, the Tag ID is used as a secret key of HMAC and sends the tag ID XOR-ed by a random number, where XOR-ed tag ID is stored at the back-end server and the tag. The XOR-ed tag ID is changed every session like OTP. The tag sends XOR-ed ID to the back-end server for authentication.