Secure ubiquitous authentication protocols for RFID systems

Radio frequency identification (RFID) tags emerge as the successor of barcodes and are used in many applications such as in automation of automobiles, animal tracking, highway toll collection and supply-chain management [1]. An RFID tag has some advantages over an optical barcode that makes it more suitable in automation. A barcode indicates the type of the object on which it is printed but the RFID tag gives a unique serial number that distinguishes the object uniquely from many millions of similar types of products. Another advantage of an RFID tag is that it does not require line-of-sight contact with the readers as in optical barcodes. RFID is a technology to identify objects or people automatically [2]. An RFID system consists of three components: tag, reader and back-end database [3]. It is a small and extremely low-priced device consists of a microchip with very limited functionality and data storage and an antenna for wireless communication with readers. An RFID tag can be passive or active depending on the powering technique. In general, passive tags are inexpensive. They have no on-board power; they get power from the signal of the interrogating reader. Active tags contain batteries to power their transmission. RFID readers with antennas are devices used to read or write data from or to the RFID tags. The readers send query to a tag to obtain information from the tag. The database stores the information about the tags and the readers [4].

The RFID tag in the form of electronic product code (EPC) tag is the most popular standard and is specified by an organization called EPCglobal Inc. [5]. An EPC tag traditionally contains some information such as a product type identifier, a manufacturer identifier and a unique serial number those are exposed to the reader. This unique serial number works as a unique identifier (ID). Due to this unique serial number in an RFID tag, it is possible to track the tag uniquely. Due to this, the information in an RFID system is vulnerable to unauthorized readers. An RFID system is vulnerable to various attacks such as eavesdropping, traffic analysis, spoofing and denial of service. These attacks may reveal sensitive information of tags and hence break a person's privacy. Another type of privacy violation is traceability which establishes a relation between a person and a tag. If a link can be established between a person and the tag, the tracing of the tag makes the tracing of the person possible [1]. To protect the privacy in an RFID system, a tag needs to authenticate a reader. However, it is infeasible to use conventional cryptography in a passive RFID tag due to its extremely limited processing and memory limitations. A typical RFID system is shown in Figure 1.

The objective of the article is to propose new efficient and effective protocols to address these issues for RFID systems in ubiquitous computing environment. The protocols are based on the challenge-response method using a one-way hash function, a static identifier and two random numbers in the RFID systems. The purpose of the hash function is to give a one-way hash result so that an adversary cannot extract the input from the output. The value of the hash function is also used as a hash address for the tags in the database. The purpose of the random numbers is to make the response anonymous. This protocol protects the privacy and security of RFID systems of the issues outlined above.

The rest of the article is organized as follows. In Section 2, the privacy and security model in RFID system is discussed. Also the performance criteria of the RFID systems are discussed in this section. Section 3 contains the related studies. In Section 4, contributions and protocols are presented. Section 5 outlined the privacy, security and efficiency analysis for evaluation of our protocols. Section 6 describes the simulation result and evaluation. Section 7 concludes the article citing major contributions.

There are many approaches for the privacy and security of the RFID systems. Sharma et al. [6] mentioned about the resource constrained in an RFID tag as a main challenge to provide privacy and security. The first approach towards the privacy and security of an RFID tag is to kill [7] the tag at the point of sale. Due to various reasons for which killing a tag is not expected because consumer may wish to reuse the tag. Weis et el. [8] proposed a hash-based access control (HAC) approach to protect a tag using a one-way hash function. To do it, the tag stores the hash of a random key as a metaID. Since the metaID is same for a tag all the times, it always transmits the same metaID, which can easily be tracked by an adversary [9]. Another problem in this system is that the information is transmitted in plain text which can easily be eavesdropped. Weis et al. [8] also suggested another approach that is extended from HAC called randomized access control [8]. It uses a random number to prevent location privacy. In each session, the tag produces a response with newly generated random number and its ID using a hash function. It cannot protect the system from replay attack and is not suitable in a real-life system where a large number of tags are used as it requires many expensive hash operations at the back-end database.

To protect location privacy several protocols use hash function of varied identifier or varied secret [9–13]. Chien and Chen [9] proposed a challenge-response-based authentication protocol to prevent replay attack. This protocol uses a database in the server which maintains new and old tag keys to protect DoS attack. To prevent traceability, authentication and access keys are updated. However, this scheme is still vulnerable to backward and forward traceability because if an active attacker compromise a tag this can identify the tag's past interactions from previous transactions and the fixed ID of the tag and can deduce the future transaction. Ohkubo et al. [10] proposed an RFID privacy scheme using a hash chain (HC) mechanism. This method uses two hash functions to protect the privacy and security. It is also not suitable in practical use because the back-end database requires a large number of HCs. Henrici et al. [11] proposed a scheme referred to the hash-based ID variation scheme (HIDV). It uses a one-way hash function to protect location privacy by changing the ID after each session. However, if any authentication session is unsuccessful it replies with the same hashed ID again for which it opens up the vulnerability for impersonation attack such as spoofing. Lee et al. [12] proposed a low-cost authentication protocol (LCAP) which simplifies and enhances HIDV scheme in both efficiency and security. It has the similar problem as in HIDV that a tag always replies with the same hashed ID before the next successful authentication which allows tag tracking. Dimitriou [13] proposed an RFID authentication scheme that preserves user privacy and also protects against tag cloning. This protocol uses the hash of its identifier as a response to a reader query to maintain scalability at the server, and the back-end server sends a message using the updated identifier to the tag after getting the tag response. This scheme also has a problem of tracking as between valid sessions the tag identifier remains the same.

Varying identifier may cause problem in ubiquitous computing environment. To solve the problem, static identifiers are used in many authentication protocols. Molnar et al. [14] proposed a private authentication scheme for library RFID systems. It uses a pseudorandom number and a shared secret key by the tag and the reader for efficient authentication. This scheme does not ensure forward security since the tag's identifier and the secret key are static and the random number forwarded is in plain text which can be captured by an adversary. Rhee et al. [15] proposed challenge response-based RFID authentication protocol (CRAP) which is designed to use in ubiquitous computing. However, this scheme requires (N/2+1) hash function computations in the database which is impractical for large number of tags in ubiquitous computing. Choi et al. [16] proposed a one-way hash-based LCAP (OHLCAP), which is suitable for ubiquitous environment. Ha et al. [17] claim that OHLCAP suffers from traceability and impersonation attack. The authors also proposed a solution of using hash function to protect from traceability attack. Tsudik [18] described an RFID identification protocol that provides a basic level of tag identification using time-stamps. Tsudik [18] also proposed two further schemes that provide tag authentication. The schemes use monotonically increasing time-stamps for tracking-resistant tag authentication, and employ a keyed hash function f.

Karthikeyan and Nesterenko [19] proposed RFID security protocol without computationally expensive cryptographic mechanisms and used simple matrix multiplication. However, this protocol is vulnerable to DoS attack and intruder can try a brute-force matrix and key guessing attack. Moreover, this scheme is not secure from replay and tracking attack. Song and Mitchell (SM) [20] proposed an RFID authentication protocol and ownership transfer protocol [21] to prevent all the attacks discussed so far. Although these protocols are efficient in terms of storage and computation requirements, but they are vulnerable to both tag impersonation attack and reader impersonation attack. Cai et al. [22] proposed a revised authentication protocol of SM [20] to eliminate the problems in it without violation of any other security properties. The storage and computation requirements are also comparable with the existing protocol.

In the next two sections, two prominent protocols LCAP [12] and OHLCAP [16] will be discussed in more detail as they are more related to the proposed work.

3.1 LCAP approach

LCAP scheme uses one-way hash function to protect the privacy and security of the tag. The notations and symbols used in LCAP operation are as follows [12]:

h: {0, 1} ^∗ → {0, 1} ^l is a one-way hash function

ID: ID denotes identity of a tag and is a random value in {0, 1} ^l .

Data fields of a tag and a reader are initialized to the following values:

Tag: The data field of a tag is initialized to its own ID.

Reader: A reader picks uniformly a random number r in {0, 1} ^l .

The data fields of a back-end database are initialized to HaID, ID, TD and DATA.

HaID: HaID value is the hash value of ID used for identifying or addressing the tag.

TD: TD-entry is used to trace previous data information of a tag when loss of message occurs in the current session.

DATA: DATA stores the information about an accessible tag.

The back-end database maintains two rows; Prev for the previous session and Curr for the current session. Each row contains HaID, ID, TD, and DATA fields. In Prev, the back-end database records HaID and ID in the previous session. In Curr, it updates HaID and ID of Prev. TD-field of Curr has HaID value of Prev and TD-field of Prev contains HaID-value of Curr. The protocol is shown in Figure 2.

LCAP works as follows:

1. 1.

   A reader selects a random number r and sends a Query and r to the tag.

    
2. 2.

   The tag computes HaID = h(ID) and h(ID||r) using r and its ID and sends h _L (ID||r) and HaID to the reader, where h _L (ID||r) is the left half of h(ID||r).

    
3. 3.

   The reader sends h _L (ID||r), r, and HaID to the back-end database.

    
4. 4.

   The back-end database then compares if the value of HaID in Prev is same as the value of HaID received from the reader. If successful, then the back-end database computes h _R (ID||r) using r received from the reader and ID in Prev, where h _R (ID||r) is the right half of h(ID||r). For the next session, the back-end database computes and stores HaID = h(ID ⊕ r) and ID = ID ⊕ r in Curr. TD-field of Prev is filled with current HaID = h(ID ⊕ r). Finally, the back-end database sends h _R (ID||r) to the reader.

    
5. 5.

   The reader forwards h _R (ID||r) to the tag.

    
6. 6.

   The tag checks h _R (ID||r). If it matches, the tag updates its ID to ID ⊕ r.

    

In LCAP scheme, ID is changed in each authentication. So, it does not work in ubiquitous environment. Also mentioned earlier, it cannot overcome the traceability problem.

3.2 OHLCAP approach

OHLCAP uses a static identifier and secrets and is suitable for ubiquitous environment. It also uses a one-way hash function for privacy and security of the tag. OHLCAP requires an ID and a hash function h as in LCAP. Some additional fields are also required. GI is used as a group index. K is a common secret used in all tags and S is a tag secret. The protocol computes three messages: A¹ = K ⊕ c, A ² = ID + (GI _i ⊕ r ⊕ c) mod (2 ^l -1), and B = h(ID||(S ⊕ GI _i )||(r ⊕ c)). B _L and B _R are the left and right half of B, respectively. c is used as a counter and initialized to an arbitrary value. It is increased every time a reader sends a query to the tag. The protocol is shown in Figure 3.

OHLCAP works as follows [16]:

Step 1: A reader selects a random value r and sends a query with r to a tag.

Step 2: The tag checks a random value r whether it is all zero value or not.

1. 1.

   If r value is all zero, the tag sends "stop" message to the reader and stop the protocol.

    
2. 2.
   Otherwise, the tag performs the following

   • The tag computes A ¹ = K ⊕ c, A ² = ID + (GI _i ⊕ r ⊕ c) mod (2 ^l -1),

     B = h(ID||(S ⊕ GI _i )||(r ⊕ c)) and sends A ¹ , A ² and B _R to the reader, where B _R is a right half of B,

   • Then, the tag increases the counter c which should not exceed 2 ^l - 1.

    

If the counter c exceeds 2 ^l - 1, it is initialized by initial c.

Step 3. After receiving from the tag,

1. 1.

   The reader forwards A ¹ , A ² , B _R and r to the back-end database.

    
2. 2.

   The back-end database computes c ^/ = A ¹ ⊕ K and $I{D}_j^{/}=A^2-\left(G{I}_j\oplus r+c^{\prime }\right)mod\left(2^l-1\right)$ using all group indices GI _j , j ∈ {1,...,n}

    
3. 3.
   The back-end database checks if one of computed $I{D}_{j\left(\in \left\{1.....n\right\}\right)}^{/}$ is matching to one of the stored ID s in the back-end database. If this process succeeds, the back-end database check if the GI _j used to compute the $I{D}_j^{/}$ is equal to the group index GI _i that contains the matching $I{D}_j^{/}$.

   • If this is successful, the database computes B=h(ID||(S ⊕ GI _i )||(r ⊕ c)) using the matched ID.

   • Otherwise, the back-end database stops this process.

    
4. 4.

   Then, the back-end database authenticates the tag by matching the received value B _R .

    
5. 5.

   The back-end database sends B _L to the reader, where B _L is a left half of B. The reader forwards B _L to the tag.

    

Step 4. The tag authenticates the reader by comparing the received value B _L .

OHLCAP is an efficient approach in ubiquitous environment that uses one-way hash function for privacy and security. However, Ha et al. [17] find its security weakness and proposes an enhanced OHLCAP (EOHLCAP) scheme. The authors showed that this protocol is vulnerable to traceability attack and impersonation attack because of its special property, namely, c _c = c _p + 1 for two successive sessions. The adversary eavesdrops the messages transmitted between the tag and the reader and obtains the successive A ¹ _p and A ¹ _c where A ¹ _p = K ⊕ c _p , A ¹ _c = K ⊕ c _c . Afterwards, it computes A = A ¹ _p ⊕ A ¹ _c = c _p ⊕ c _c = c _p ⊕ (c _p + 1) and removes the secret key K in this equation. In this way, the adversary can trace the tag's holder. Similarly, the adversary can implement impersonation attack by selecting special random number r _c = r _p + 1. If r _c ⊕ c _c = r _p ⊕ c _p then the value of B _p is equal to B _c since B = h(ID||(S ⊕ GI _i )||(r ⊕ c)). To overcome the security weakness, Ha et al. [17] add a pseudorandom number generator to generate a random number and removes the counter in the tag to prevent traceability attack.

OHLCAP is not protected against traceability and impersonation attacks. It requires much storage in the tag side and database side. EOHLCAP eliminates the privacy problem in OHLCAP with reduced amount of storages in the tag side and the database side but it takes many hash operations to locate the tag in the database [17]. LCAP requires less storage in the tag and reduces search time in the database but it is not suitable for ubiquitous computing environment as the ID is updated after each authentication process. To overcome these problems, three Secure Ubiquitous Authentication Protocols SUAP1, SUAP2 and SUAP3 for RFID systems are proposed in this section. SUAP1 is a simple RFID authentication protocol that will work in a system where the number of tags is small. The preliminary version of SUAP1 is presented in [23]. The final version of SUAP1 is improved over the preliminary version with privacy and security enhancement. SUAP2 and SUAP3 are the extension of SUAP1 and work in a large group-based system where RFID tags are divided into several groups. These protocols are low-cost and secured based on challenge-response method using a one-way hash function, hash-address as a search index. The proposed protocols combine the features of the hash address and hash function of the LCAP protocol and the ubiquitous property of OHLCAP protocol and overcome the existing privacy and security problems in these two schemes. The advantage of hash address is to reduce the search time in the database. The notations used in the SUAP1, SUAP2 and SUAP3 protocols are as follows:

4.1 SUAP1

SUAP1 protocol uses a static identifier and a secret number, hash functions and two random numbers. The objective of this protocol is to preserve the ubiquitous property of the protocol and is suitable for a small number of tags. In this case a common secret is stored in all the tags. Two random numbers make the hash response unpredictable so that it is impossible to perform impersonation and tracing attack by a malicious reader. The system set-up of SUAP1 protocol is as follows:

System Set-up

Tag: Each tag contains the following fields:

ID: Tag Identifier

x: Common secret number

Reader: Reader does not contain any field.

Back-end database: Back-end database contains the following fields:

ID: Tag identifier

x: Common secret number

Had: Hash address h(ID)

When a tag enters into the range of a reader, the reader can initiate the authentication protocol. The protocol is shown in Figure 4. The steps in the authentication protocol are as follows:

1. 1.

   The reader generates a random number r ₁ and sends it to the tag.

    
2. 2.

   Receiving the number r ₁ the tag generates another random number r ₂ .

   If r₁ or r₂ is 0 stop protocol

   Otherwise, the tag performs the following computations

   $y\leftarrow h\left(ID\right)+\left(r_1\oplus r_2\right)$

   t = r₂ ⊕ x. t is a temporary variable here.

   Computes h(ID||r₁||r₂)

   The tag then sends the value of y, t and h _L to the reader.

   Where h _L is the left half of h(ID||r₁||r₂)

    
3. 3.

   The reader then sends the value of y, t and r ₁ to the back-end database.

    
4. 4.
   The back-end database will calculate the following.

   $r_2=t\oplus x$

   $h\left(ID\right)\leftarrow y-\left(r_1\oplus r_2\right)$

   h(ID) is the address of the record containing the ID where Had = h(ID)

   Access the address Had

   Retrieves the ID from the record

   Then the back-end database computes h(ID||r₁||r₂)

   If h _L matches, the tag is authenticated

   Sends h _R to the reader, where h _R is the right half of h(ID||r₁||r₂)

    
5. 5.

   The reader forwards the h _R to the tag

    
6. 6.

   If the received h _R matches, the reader is authenticated.

    

The protocol is simple and works for an organization having small number of tags (i.e. several thousands). Two random numbers make the response anonymous. The problem in this simple protocol is that it maintains a common secret for all the tags in the database. It can be a problem to manage this secret in a large organization having different departments. Having only a single secret x for all the tags it cannot ensure privacy and security for a large organization having millions of tags in many departments.

4.2 SUAP2

To overcome the problem in SUAP1 of having only one secret for all the tags, SUAP2 maintains groups for the different departments and different types of products. In addition to the ID and secrets in the SUAP1, one extra variable GID is needed in the tag side and the database side. It represents a group identifier. This is also a secret number. The database divides the tags into n groups and the protocol is shown in Figure 5. The only difference between the SUAP1 and SUAP2 is that SUAP2 maintains the groups of the tags and there is a common secret for each group. In this case one secret value x is used for all the tags in a group. It will reduce the tag search time in the database. This is suitable for the case where the tags of the same group are not distributed in various places. It ensures better security but requires less computation and search times in the database. The system set-up of SUAP2 protocol is as follows:

System Set-up

Tag: Each tag contains the following fields:

ID: Tag Identifier

x: Secret number for a group

GID: Group identifier

Reader: Reader does not contain any fields.

Back-end database: Back-end database contains the following fields:

ID: Tag identifier

x: Secret number for a group

Had: Hash address h(ID)

GID: Group identifier

The steps in the authentication protocol are as follows:

1. 1.

   The reader generates a random number r ₁ and sends it to the tag.

    
2. 2.

   Receiving the number r ₁ the tag generates another random number r ₂ .

   if r₁ or r₂ is 0 stop protocol

   Otherwise, the tag performs the following computations

   $y\leftarrow h\left(ID\right)+\left(r_1\oplus r_2\oplus GID\right)$

   $t=r_2\oplus x$

   $Computesh\left(ID\right|\left|r_1\right|\left|r_2\right|\left|GID\right)$

   The tag then sends the value of y, t and h _L to the reader.

   Where h _L is the left half of h(ID||r₁||r₂||GID)

    
3. 3.

   The reader then sends the value of y, t and r ₁ to the back-end database.

    
4. 4.
   The back-end database calculates the following for all GID s

   $r_2=t\oplus x$

   $h\left(ID\right)\leftarrow y-\left(r_1\oplus r_2\oplus GID\right)$

   h(ID) is the address of the record containing the ID where Had = h(ID)

   Lookup the address Had

   Retrieves the ID from the record

   Then the back-end database computes h(ID||r₁||r₂||GID)

   If h _L matches, the tag is authenticated

   Sends h _R to the reader, where h _R is the right half of h(ID||r₁||r₂||GID)

    
5. 5.

   The reader forwards the h _R to the tag

    
6. 6.

   If the received h _R matches, the reader is authenticated.

    

4.3 SUAP3

The SUAP3 enhances the SUAP2 in efficiency by removing the secret x from the tag and the database. It keeps the group variable GID in the tag and the database as in SUAP2. It represents a group identifier and also a secret number. The database divides the tags into n groups and the protocol is shown in Figure 6. The only difference between the SUAP2 and SUAP3 is that SUAP3 does not use the secret x for the tag and the database. The group-based structure is used for the searching tags in the database. The privacy will not be hampered due to the elimination of the secret x as the GID works as an l bits secret which is also difficult to guess by the adversary. It reduces the number of searches significantly. Since the hash function is one-way it still gives the same security protection to the ID. The system set-up of SUAP3 protocol is as follows:

System Set-up

Tag: Each tag contains the following fields:

ID: Tag Identifier

GID: Group identifier

Reader: Reader does not contain any fields.

Back-end database: Back-end database contains the following fields:

ID: Tag identifier

Had: Hash address h(ID)

GID: Group identifier

The steps in the authentication protocol are as follows:

1. 1.

   The reader generates a random number r ₁ and sends it to the tag.

    
2. 2

   .Receiving the number r ₁ the tag generates another random number r ₂ .

   if r₁ or r₂ is 0 stop protocol

   Otherwise, the tag performs the following computations

   $t\leftarrow GID\oplus r_2$

   y ←h(ID) ⊕ (GID+(r₁ ⊕ r₂))and computes h(ID||r₁||r₂||GID)

   The tag then sends the value of y, t and h _L to the reader.

   Where h _L is the left half of h(ID||r₁||r₂||GID)

    
3. 3.

   The reader then sends the value of y, r ₁ and t to the back-end database.

    
4. 4.
   The back-end database calculates the following for all GID s

   $r_2\leftarrow GID\oplus t$

   $Ha{d}_i\leftarrow y\oplus \left(GID+\left(r_1\oplus r_2\right)\right)$

   Had _i is the address of the record containing the ID where Had _i = h(ID)

   Lookup the address Had _i in the database

   If Had _i = Had for any ID retrieves the ID from the record

   Then the back-end database computes h(ID||r₁||r₂||GID)

   If h _L matches, the tag is authenticated

   Sends h _R to the reader, where h _R is the right half of h(ID||r₁||r₂||GID)

    
5. 5.

   The reader forwards the h _R to the tag

    
6. 6.

   If the received h _R matches, the reader is authenticated.

    

The protocols are analysed in two ways: first is the privacy and security analysis and the second one is the efficiency analysis.

To validate the proposed protocols, simulation experiments have been conducted. The privacy and security protections are ensured with the hash functions and random numbers. A hash function is a one-way function for which the possibility of information leakage is negligible from the hash response. In the simulation experiment l takes different values, i.e. 16, 32, 64 and 96. However, many combinations of the hash inputs can give the same response that can be used by the adversary to impersonate the RFID systems through replay attack. This is the main reason to conduct the simulation. The objective of the simulation program is to verify the protection for impersonation, replay attack and location privacy. It checks the response y if it recurs more than once for one tag during the attacks by an adversary in a given number of attempts. If the same response is generated for any given random number pair it can be used by the adversary for impersonation and replay attack and the location privacy of the tag may be broken.

The output of a hash function is the same for the same random number pair. Some different random number pairs may also give the same response. The objective is to ensure unique response for different inputs of random number pair so that an adversary is unable to use any response at later stage to access the tag or the reader. We select one tag and generate a response for two random numbers as in SUAP1, SUAP2, SUAP3 and EOHLCAP. Then the program attempts 10¹¹ times to check that how many times the same response is generated. This is the role of an adversary. In each attempt a new response is generated with a new pair of random number. The average number of times a similar response generated in SUAP1, SUAP2, SUAP3 and EOHLCAP are given in Table 2. The expected number of matches are also reported in a column to compare the obtained result. The value of the expected number of matches is calculated using the analysis of repeating hash response presented for replay attack in Section 5.1 and it is calculated as 10¹¹/2 ^l . All the selected protocols show almost similar results. The number of matches represents the success of the adversary to attack the tag. The experiment was conducted for 16, 32, 64 and 96 bits of secret value, random number, ID and hash response. The success of the adversary was found for 16 and 32 bits since many occurrences of the same response are found. There was no recurrence of the same response for 64 and 96 bits for the specified number of attempts, i.e. 10¹¹ times. We did not perform simulation experiments for LCAP, OHLCAP and YA_TRAP* protocols since these are not protected against all the privacy threats [16–18]. CRAP is also not included since it requires many hash operations [16].

The simulation program has been developed using Turbo C++ compiler and the experiment was conducted in a desktop computer with 2.93GHz Intel (R) Core 2 Duo Processor, 3.46 GB memory and Windows XP professional Operating System.

The privacy and security properties of the proposed protocols are compared with five other schemes. The five schemes were chosen because all of these protocols involved tag authentication. LCAP involves secret update but other four protocols CRAP, OHLCAP, EOHLCAP and YA_TRAP* do not support secret update. Proposed protocols are more similar to CRAP, OHLCAP, EOHLCAP and YA_TRAP* than LCAP since all these protocols support authentication in ubiquitous computing environment and do not update the identifier and secret value. Table 3 shows that the proposed protocols provided protections from all the identified privacy and security threats.

Three efficient and secure authentication protocols SUAP1, SUAP2 and SUAP3 are proposed to protect privacy and security for the low-cost RFID system in ubiquitous computing environment. The privacy and security problems of LCAP and OHLCAP are overcome in these protocols. SUAP1 is suitable for the organization having small number of tags. SUAP2 and SUAP3 are suitable for medium and large organizations having many departments. All the proposed schemes require only two one-way hash function operations and avoid large number of hash computations in the database and hence are very efficient. The tag search time in the database is reduced by using the hash value as the address of the corresponding tag. EOHLCAP also overcomes the problem in OHLCAP and protects the RFID system from most of the attacks but it requires many complex hash operations. The proposed protocols ensure privacy and security protections from all the identified threats. The storage requirements in SUAP1 and SUAP3 are also less than OHLCAP and EOHLCAP protocols. The comparison shows that the proposed protocols are both secure and efficient than other schemes and have practical advantages over them because these are simple and provide a larger range of privacy and security protections for low storage and computations.