RAFI: Robust Authentication Framework for IoT-Based RFID Infrastructure

The Internet of Things (IoT) is a future trend that uses the Internet to connect a variety of physical things with the cyber world. IoT technology is rapidly evolving, and it will soon have a significant impact on our daily lives. While the growing number of linked IoT devices makes our daily lives easier, it also puts our personal data at risk. In IoT applications, Radio Frequency Identification (RFID) helps in the automatic identification of linked devices, and the dataflow of the system forms a symmetry in communication between the tags and the readers. However, the security and privacy of RFID-tag-connected devices are the key concerns. The communication link is thought to be wireless or insecure, making the RFID system open to several known threats. In order to address these security issues, we propose a robust authentication framework for IoT-based RFID infrastructure. We use formal security analysis in the random oracle model, as well as information analysis to support the claim of secure communication. Regarding the desirable performance characteristics, we describe and analyze the proposed framework’s performance and compare it to similar systems. According to our findings, the proposed framework satisfies all security requirements while also improving the communication.


Introduction
An RFID infrastructure has a symmetric nature. The RFID system is a wireless technology that is used to identify remote objects that have RFID tags embedded in them. RFID technology is utilized in a variety of applications, including transportation, supply chain management, livestock management, e-passport, e-payment, and patient healthcare [1][2][3]. Backend readers, servers, and tags are all a part of a conventional RFID system whose architecture is symmetric, since the dataflow is in one direction from the tag, reader to server, and then, the inverse Table 5. The lack of physical contact between the reader and the tags is a crucial element of RFID systems, and the following are some of the benefits of using them: RFID tags are small and inexpensive, and radio frequency communication can recognize large numbers of RFID tags at the same time [4,5]. RFID systems, on the other hand, are exposed to a variety of security attacks and privacy exposure concerns due to their use of wireless communication and signal broadcasting techniques. It is difficult to apply a comprehensive cryptographic algorithm to an RFID system due to the strictly limited calculation resources, tiny storage capacity, and weak power supply of low-cost tags, and these issues are impeding the rapid development of this technology [6]. RFID security is fundamentally concerned with authentication and privacy issues. A secure protocol running RFID tags and readers can provide authentication. If a tag contains unique secret information and the RFID reader and RFID tag can convince the RFID reader that they both have that information, the tagged product is considered to be authentic and the person has access to it. Tag anonymity is one of the most important features that any RFID-based authentication technique aspires to attain, and tag untraceability, which ensures the privacy of the tag or the mobility of a user wearing an RFID tag, is a more satisfactory property of tag anonymity. To achieve this attribute, a tag must encode its original identity using a cryptographic primitive such as a one-way secure collision-resistant hash function in existing state-of-the-art authentication protocols. RFID is the simplest form of pervasive sensor network and is widely used for object identification [7]. RFID systems are made up of a tag with a transceiver that sends and receives radio signals from connected devices [8,9]. The RFID reader is another device that acts as an access point and can receive and deliver messages to transceivers. The reader is also in charge of ensuring that tag information is available at the application level [10]. IoT-based RFID tags can be of the passive or active type. The differences between these tags are summarized in Table 1.

Related Work
In recent years, numerous exciting anonymous IoT-based RFID authentication and key agreement frameworks have been proposed, which can be classified into Public Key Cryptosystem-(PKC) and Non-Public Key Cryptosystem-(NPKC) based authenticated schemes. These approaches are unsuitable for tiny powered tags due to the modular exponential operations. Hash-based RFID systems, on the other hand, would be the best choice among NPKCs because of their low computational overhead [7,[11][12][13]. Yang et al. [11] introduced an authentication mechanism based on a one-way secure collision-resistant hash function and exclusive-OR, claiming that it addressed all of the security vulnerabilities that occur in RFID systems. Unfortunately, the protocol is vulnerable to many attacks, including "man-in-the-middle", forgeries, and loss of untraceability [14]. Cho et al. [13] developed a secure hash-based authentication framework, claiming that it addresses all of the security, privacy, and forgery difficulties that exist in RFID communication systems. However, Safkhani et al. [15] recently demonstrated that the protocol does not meet the authors' security promises. In their paper, they cryptanalyzed Cho et al.'s [13] protocol and concluded that it is vulnerable to "de-synchronization or DoS attacks, tag impersonation attacks, and reader impersonation attacks". Furthermore, they showed in their paper that all proposed lightweight authentication techniques based on one-way hash functions and exclusive-OR are impracticable [11][12][13]16,17]. Ayaz et al. [18] suggested another mutual authentication approach for secure RFID communication systems utilizing only symmetric key cryptography operations. In this framework, an authentication is accomplished on the basis of user biometrics' verification in their protocol. Liu et al. [19] proposed an authentication protocol for an RFID system by using hash and XoR operations. The correctness of the protocol was proven by using "Burrows-Abadi-Needham (BAN)" logic analysis. Mansoor et al. [20] proposed a securing IoT-based authentication protocol for RFID systems by using a symmetric cryptography approach. Unfortunately, we studied their protocol and found the security weaknesses of their protocol. Furthermore, Mansoor et al. [20] showed that the protocol proposed by Gope et al. [21] is vulnerable to collision attacks, DoS attacks, and stolen verifier attacks. In 2022, Gao and Lu pretested a new ultra-lightweight RFID authentication protocol in passive RFID systems [22]. The proposed protocol, they claimed, prevents numerous known attacks, beats several existing ultra-lightweight protocols in terms of computational cost, storage requirements, and communication costs, and is efficient in terms of the computational cost, storage requirements, and communication costs. Wang et al. suggested a protocol [23] for which they had formal and informal discussions about security and privacy. Xiaomei et al. discussed [24] the RFID logic of an event-based authentication framework for secure communication. Shariq et al. proposed an RFID-based anonymous and secure framework for deployment in IVs [25]. Wei et al. proposed an improved security authentication protocol for lightweight RFID based on ECC [26]. Arslan and Bingöl presented the security and privacy analysis of recently proposed ECC-based RFID authentication schemes [27].

Adversary Model
Our adversary model is based on the threat model of [28], which is well-known and widely recognized. By altering, monitoring, deciding on, and introducing information into the communications channel, the attacker can not only see the communications channel, but also capture session keys, confidential documents, and private keys stored in the contributor memory through explicit attacks. Many assaults, such as replay attacks, manin-the-middle attacks, impersonation attacks, etc., are now possible in the RFID system due to the utilization of public communication networks and wireless communication networks. As a result, the privacy and security issues are major concerns in RFID frameworks. Thus, an authentication and key management mechanism is required to validate the legitimacy of specified entities.

Security Requirements for an IoT-Based RFID Communication System
As far as we know and based on the available literature, many authentication protocols for RFID communication systems have been presented during the last few years. In RFID systems, authentication and key agreement are the best approaches to make them suitable for a wide range of applications. During the transmission of messages between RFID tags and RFID readers, many types of security attacks may occur. We outline various security needs in light of these issues, such as forward security, mutual authentication, anonymity, scalability, confidentiality, untraceability," man-in-the-middle attack, insider attack, replay attack, impersonation attack", etc., to provide secure communication for the RFID system. Such requirements are utilized as the criteria for assessing the RFID system in order to provide a secure and efficient authentication protocol. The following security criteria should be met by any authentication scheme that attempts to secure a practical RFID-based system:

•
Mutual authentication: This is the most important aspect of any authentication mechanism. Furthermore, mutual authentication must be achieved in the presence of all three RFID system participants. The authentication process takes place between the backend database server and the RFID tag. Messages are sent between the tag, reader, and server over an unsecured communication channel. • Tag anonymity: To minimize forgery and ensure security, this is the most important and necessary security requirement. Furthermore, if an opponent is unable to trace an RFID tag during message delivery over a public channel, the RFID authentication system maintains its anonymity. Anonymity can be divided into two categories: strong anonymity and weak anonymity. Furthermore, in IoT communication, the participants involved do not disclose their real identity in order to defend their security and privacy. • Message authentication: In Internet operations, this maintains the integrity of message communication.
• Untraceability: In the RFID communication system, untraceability means that no one can trace the behavior patterns of the participants involved and their forwarded messages. • Session key agreement: Following the successful implementation of the proposed protocol, a session key agreement will be established between users with their mobile devices and the network control center for future communication. • Confidentiality: Encrypting shared secrets on the public channel ensures the security of RFID communications between the tag and reader. • Perfect forward secrecy: Perfect forward secrecy is a technique that should be used in the authentication protocol design to give secrecy to previously communicated messages, where an opponent who discovers the entities private and public keys will be unable to derive a past session key. • Scalability: The approach is not scalable if the server conducts an extensive search to verify a tag. Worse, an opponent may conduct a timing attack [29] against the protocol, which can identify a tag based on how long it took the server to authenticate it. To maintain scalability, an authentication strategy should avoid any exhaustive search operations. • Availability: In an RFID system, the authentication and key agreement procedure runs all the time between the RFID tag and RFID backend database server. In most authentication methods, the shared secret information between the RFID tag and RFID backend database server must be updated to achieve the attribute of accessibility. However, security risks such as Denial-Of-Service (DoS) or de-synchronization attacks may disrupt this process. The RFID system's efficiency may be harmed as a result of these concerns. Thus, when designing an authentication protocol, this issue should be considered. • Impersonation attack: An adversary could try to mimic legitimate protocol participants (such as the cloud database server, RFID reader, or RFID tag) by replaying a message captured from the channels. Any impersonation should be avoided at all costs. • Replay attack: An outsider attempts to confuse other certified participants by restating intercepted data in this attack. This attack targets a user whose information is intercepted by an uncertified third party. • Man-in-the-middle attack: An adversary listens in on transmitted data and then attempts to delete or manipulate the contents of the data sent to receivers in this attack. • Insider attack: Any insider can play the role of adversary in the RFID communication system. • De-synchronization attack: An adversary may generate desynchronization problems if a protocol authentication is based on shared values. The server may be unable to verify the tag in the future if the shared data are updated by the server, but the tag is not. De-synchronization attempts should be avoided.

Motivation and Contribution
Many authentication and key agreement frameworks for RFID systems have been presented during the last few decades, as far as we know and based on the existing literature [13,16,17,[19][20][21]. However, a suitable authenticated key agreement protocol for RFID systems that is secure and efficient for RFID systems is missing. RFID systems require an authenticated key agreement scheme because of their varying computing capabilities and privacy requirements. Thus, we propose an authenticated key agreement protocol for RFID communication systems. Table 2 shows the comparative study of the advantages and disadvantages of other protocols with respect to our suggested protocol. The following are some notable characteristics of the proposed framework: - We propose a robust authentication protocol that supports key agreement between RFID tags and the database server for IoT-based RFID infrastructure. -We give a thorough explanation of the informal security study, proving that the suggested protocol can resist a variety of well-known security attacks.
-The proposed protocol security is formally demonstrated using a random oracle model. - The proposed the RAFI has desirable security features that make the proposed protocol robust and efficient, according to the proof of security. - The results of the performance evaluation and comparison show that the proposed RAFI has desirable performance features.

Organization of the Paper
The remainder of the proposed framework is organized as follows: Section 2 covers the fundamentals of the mathematics. The proposed framework is discussed in Section 3. In Section 4, the proposed framework security is evaluated. Section 5 includes a performance study of the proposed framework. Finally, the findings are summarized in the Section 5.4.

Mathematical Preliminaries
The notations and terminology used in the RAFI are defined in this section.

Notations
As shown in Table 3, the following notations are utilized. Table 3. Notations.

Symbol Description
Cryptographic one-way hash function Session key agreement between entities i and j The identity of the ith tag i · ·· ⇒ j : {M} i sends message M to j via a secure channel i · ·· → j : {M} i sends message M to j via a public channel

Cryptography Materials
Here, various cryptographic primitives that are used to design the proposed security protocol are discussed. In this regard, we make use of lightweight cryptographic primitives to ensure security and computational efficiency.

Cryptographic Hash Function
The hash operation takes a variable-length message (M) as the input and outputs a fixed string result H(M), which is known as the message digest. In practice, reversing this process is nearly impossible. As a result, this function is referred to as a collision-resistant one-way hash function. Following that, our system integrity will be protected using the Secure Hash Algorithm (SHA-256). The one-way collision-resistant h : {0, 1} * → {0, 1} n hash function [30][31][32] takes an input x ∈ {0, 1} * and returns an output h(x) ∈ {0, 1} n of definite length n of a message. The advantage of any A for calculating the collision is as follows: Advantage Adv H ASH

The Proposed Protocol
The steps in the proposed framework are as follows: " registration phase of RFID with database server" and "login and authentication phase". The architecture of the proposed protocol given the Figure 1.

Registration Phase
The following are the instructions for registering the RFID tag with the database server. The detailed of this phase also mentioned in Table 4. Table 4. Registration phase of RFID tag.

Tag T i Database Server S
Inputs ID T i Sends M R i1 = {ID T i } · · · · · · · · · · · · · · ··⇒ Generates sequence number SN i for ⇐· · · · · · · · · · · · · · ·· Stores {S 1 , S 2 , SN i } in the database Step AK1: To register with database server S, tag T i inputs ID T i and, then, Step AK2: Upon receiving M i1 , it generates sequence number SN i for T i and computes } towards the tag via a secure medium.
Step AK3: Upon receiving M R2 i2 , the RFID tag stores parameters {S 1 , S 2 , SN i } in the database for further communication via a secure medium.

Login and Authentication Phase
T i successfully registers with S, and when she/he wants to use the service, she/he makes an access request to S. The following is a description of the procedure in steps. Further, The detailed of this phase also mentioned in Table 5.

Security Analysis
The security analysis of the proposed protocol is conducted by a formal method and an informal method as follows.

Informal Security Analysis
The following is an informal security analysis of the proposed protocol.

Key Freshness
In the proposed protocol, the session key contains the timestamp and a freshly generated random number. Furthermore, in the authentication procedure, the timestamp and random number are distinct for each session. The uniqueness of these parameters confirms the session's unique key. Thus, the unique key for each session confirms the key freshness property of the proposed protocol.

Untraceability
If a cryptographic scheme has two features, it is untraceable. A is unable to distinguish between users' initial identities; A is unable to determine whether two distinct sessions starting at different times belong to the same user. Thus, it is intended that both properties be maintained.

Session Key Agreement
In the proposed scheme, the database server calculates SK S = h(ID S ID T i r * r 2 SN i S 1 S 2 T 5 ) and the RFID tag computes SK T = h(ID S ID T i r r 2 SN i S 1 S 2 T 5 ). Thus, SK S = SK T . Thus, the proposed protocol maintains the said cryptographic property.

Session Key Verification
The RFID tag verifies its session key in our proposed system as H * 2 ? = H 2 , where H * 2 = H 2 2 ⊕ (r ⊕ S 2 ) and H 2 2 = H 2 ⊕ (r * ⊕ S 2 ), embedded with many secret credentials. Therefore, the proposed technique allows for the verification of session keys.

Scalability
In the proposed protocol for the RFID system, the RFID server S does not perform an exhaustive process to authenticate each RFID tag. The RFID server S, on the other hand, validates the RFID tag and reacts immediately to it. This increases the scalability of the proposed protocol.

Forward Secrecy
Given that the proposed protocol only uses symmetric key cryptography, i.e., the secure collision-resistant hash function, and we do not update the shared parameters per session, it is not possible to give this property, similar to any other protocol in this context. It should be emphasized that if the protocol employs a public key primitive, this attribute can be simply provided.

Traceability and Anonymity
In the proposed protocol, the exchanged messages are M 1 and M 2 . In these messages, excluding T i and T j , which are the timestamps and cannot be connected to any identity to trace or compromise its anonymity, the rest of the information is encrypted values or the output of the one-way hash function and from one session to another session is randomized by fresh nonce values. Hence, the exchanged messages do not reveal any information to trace the tag or server or compromise their anonymity.

Replay Attack
Random numbers and timestamps are common countermeasures in replay attacks. However, in the proposed protocol, both of them are present. The timestamp condition checks T i − T j ≤ T, where T is the valid period, and a, b ∈ Z * q , where a, b are fresh random numbers and q is a large prime number.

Privileged Insider Attack
In the proposed protocol, interacting participants and a third party do not maintain any verifier repository. The authentication procedure is performed by participants using their unique secret keys. Thus, the proposed protocol resiststhe stolen verifier and insider threats.

Man-in-the-Middle Attack
The protocol is secure against the man-in-the-middle attack. The adversary is not successful in obtaining the key and pseudonym value. Furthermore, hash functions ensure message integrity, and timestamps control the session time; therefore, any message modification or unexpected delay by a "man-in-the-middle attack" will be detected with a high probability.
In the proposed protocol, we verify conditions on both sides, H * 1 ? = H 1 and H * 2 ? = H 2 . As a result, the proposed protocol is protected from the "man-in-the-middle attack".

Impersonation Attack
To impersonate the RFID tag, the attacker should either perform a replay attack or generate a valid M 1 . However, the replay attack is not feasible in this proposed protocol, and the attacker also has no chance to compute a valid M 1 , because it does not have access to SK i . The same logic can be applied to an impersonating server. Hence, the proposed framework is safe from impersonation attacks.

De-Synchronization Attack
There is no secret sharing between the RFID tags and the RFIF backend server in the proposed protocol. Furthermore, no value needs to be updated in each authentication session. Thus, our suggested protocol is resistant to the de-synchronization attack.

Parallel Session Attack
When an A reprocesses past messages in an insecure channel to compose a new request, this is known as a parallel session attack. To retrieve the key, A impersonates the user tag T i . The secret credentials, which are used to compute the content, must be known by A before user T i may compute a valid login request or execute the session key. It is apparent from the preceding study that A is unable to obtain the session key. Hence, the proposed framework protects against the parallel session attack.

Formal Security Analysis
In this section, the random oracle model is deployed to demonstrate that the beacons exchanged in the proposed protocol are robust against any form of eavesdropping, and hence, the communicating entities can trust each other as they communicate over insecure channels.

Handshake Model
The handshake stage is used to exchange information and perform device synchronization amongst the participants. This is also the point at which the server takes control of the process and maintains it until the user is authenticated. At this level, the input is in the form of a classical medium, but the output is in the form of a quantum medium. The handshake stage is used to exchange information and perform device synchronization amongst the participants. This is also the point at which the server takes control of the process and maintains it until the user is authenticated. At this level, the input is in the form of a classical medium, but the output is in the form of a quantum medium. The handshake authentication model for the proposed RFID protocol shown in the Table 6. Table 6. Challenge: handshake authentication for the RAFI.

Formal Security Model
The formal model for the propose framework, which is based on the random oracle model, is discussed in this section [33,34]. We made some changes to the original to make it work with the proposed framework. We employed three participants to demonstrate our proof, T, R, and S as the RFID tag, the RFID reader, and the database server. ID T i is the identity of T. Similarly, ID S is the identity of S. N is the identities' dictionary. More information about this model may be found in [35].

Formal Security Proof
In this part, we show the proposed framework's formal security using a model [28] based on the random oracle model [33,34]. In this model, an adversary A can interact with framework entities, say Ω, which is a server.

Theorem 1.
Suppose that A is a polynomial-time attacker attempting to compromise the protocol semantic security and close to the Q H hash query, Q e execute query, Q s send query, Adv SE E K (A) is the advantage of A, and |D| is the set of uniformly distributed cardinality. Thus, the advantage of A in the proposed protocol is given by Proof. For the proof of this theorem, we introduce the game of series, initially with GM 0 the real attack, and stop with GM 5 , where A has no advantage. The details of these are explained as below in GM 0 to GM 5 . Further, the simulation queries based on this random oracle model are ginen in Table 7.
GM 0 : The execution of Game GM 0 is the same as the real attack in the oracle model.
We have GM 1 : Different queries are conducted in GM 1 , and the results of the queries are kept in the oracle lists, making it impossible for an attacker to distinguish between the two oracle games. As a result, we have GM 2 : The execution of GM 2 is like GM 1 , except that GM 2 stops when a collision is present in the hash function and information messages. Therefore, the birth day paradox, the probability of collision in the transcript is at most [36], and the success probability of secure hash function collision is at most GM 3 : The simulation of GM 3 is identical to that of GM 2 , with the exception that GM 3 will be terminated if A guesses the verifier operations without knowing the random oracle. Until the server grid fails in a legitimate authentication request, GM 3 and the preceding game are different. As a result, we have GM 4 : GM 4 is the same as GM 3 , except that only the test inquiry of GM 4 stops when adversary A discloses a TestID to obtain the real identity ID i or sends a query to obtain the password information. Therefore, we conclude that GM 5 : The execution of GM 5 is the same as GM 4 , except that only TestSK of GM 5 will stop when adversary A publishes a secure hash inquiry with h(ID S ID T i r r 2 SN i S 1 S 2 T 5 ), because A by utilizing the secure hash inquiry obtains the SK with success probability Q 2 H /2 L+1 . Therefore, we have Thus, A does not contain a favorable advantage in perceiving the actual SK from an arbitrary random one without making a hash query with the true input, Pr[Succ 6 ] = 1/2. Adding every one of these probabilities, we can conclude that the theorem is proven. Table 7. Simulation of oracles.
If (m, hv n ) exists in the index list of L hn , the value hv n will be returned. Otherwise, the generated random value will be added to the index list L hn .  For send(G, {M 3 , T 7 } query, the T oracle simulates the following steps: For an Execute (T i , R t , S j ) query, all Send queries are consecutively completed. Massage (M 1 , M 2 , M 3 , M 4 ) is the output.
For a Reveal (I K ) query, if the chance I K has been settled and provided a safe session key, output SK T or SK S ; otherwise, ⊥ is the response. For a Corrupt (I K ) query, all the information of I K is returned. For a Test (I K ) query, if I K is not f resh, return ⊥; otherwise, a coin γ is tossed. If γ = 0, the output is a random value with length l. If γ = 1, the conclusion is the appropriate session key.

Performance Analysis
The performance analysis of the proposed framework compared to related frameworks [13,16,17,[19][20][21] is given in three subsections: comparison of the security and functionality features and the computational and communication cost comparisons. The conclusion of the performance analysis demonstrates that the proposed framework has better efficiency and security in RFID communication systems.

Comparison of the Security and Functionality Features
The features that an authentication protocol is supposed to have are known as security requirements. These properties or needs must be guaranteed by every authentication protocol. The suggested protocol was compared to current protocols based on these requirements. The features/requirements examined for the comparison analysis are listed below.
In Table 8, we summarize the security properties of the proposed framework and those schemes that are available in literature [13,16,17,[19][20][21]. The related schemes can be seen with different security shortcomings against various security attacks.

Comparison of the Computational Cost
We calculated the computational cost of the RAFI and compared it to other frameworks [13,16,17,[19][20][21], which is illustrated in Table 9. The computation time of the execution of hash operation (T h ) was 0.0023 ms, while the computation time of the execution of the encryption and decryption (T E/D ) was 0.0046 ms. The experiment was conducted on an Ubuntu system with a 2.20 GHz Intel dual-core Pentium CPU with a 2048 MB processor and RAM [20,37].
The protocol presented in [16] incurred 2T h , 2T h , and 3T h for each RFID tag, RFID reader, and database server, respectively, and the total computational cost in their protocol was 4T h ≈ 0.0161. In the same way, the protocols' computational cost was provided in [17] to be 4T h , 2T h , and 6T h for each RFID tag, RFID reader, and database server, respectively, for each participant, totaling 12T h ≈ 0.0276. The computational cost presented in [13] was 3T h , 2T h , and 5T h for each participant, totaling 10T h ≈ 0.023. The computational cost in [21] was 5T h for the RFID tag, 2T h for the reader, and 7T h for the database serve; therefore, the total computational cost in their framework was 14T h ≈ 0.0322. The computational cost in [19] for the RFID tag was 2T h , for the RFID reader was 2T h , and for the database server was 4T h ; therefore, the total computational cost in their framework was 8T h ≈ 0.0184. The protocol presented in [20] required 2T h , 2T h , and 4T h + 2T E/D for each RFID tag, RFID reader, and database server, respectively, and its total computational cost was 8T h + 2T E/D ≈ 0.0276. Furthermore, we computed the computational cost of the proposed framework, which required 2T h + T E/D for the RFID tag and for the database side 2T h + T E/D ; thus, the total computational cost of the operations of the proposed framework was 4T h + 2T E/D ≈ 0.0184. The results based on the comparison given in Table 9 are also visualized in Figure 2.

Communication Cost Comparison
In Table 10, we compute the communication cost of our proposed protocol and other existing protocols [13,16,17,[19][20][21]. After that, in Figure 3, we compare the communication costs of the proposed framework to those of different frameworks in the same environment. This demonstrates that the suggested framework has less communication cost than alternative frameworks [13,16,17,[19][20][21]. Furthermore, we computed the communication cost of every framework as under a random number, timestamp, and identity taking 64 bits. Here, we used 160 bits for the hash function message digest (SHA-1) and 256 bits for symmetric key encryption/decryption (AES-256). Table 10. Communication cost comparison with relevant frameworks.

Conclusions
In this paper, we proposed a unique hash-based lightweight authentication framework for IoT-based RFID communication environments, after a thorough examination of the various types of RFID authentication and key agreement protocols and their benefits and drawbacks. For secure authentication between valid participants, the protocol uses a hash function and the XoR operations mechanism. We were able to minimize the computational cost of the authentication process by using this technique. When we compared it to other current protocols, our proposed protocol provided improved security while consuming less communication, computational, and storage resources. In the future, the suggested framework could be used in IoT applications such as medical privacy protection, the Internet of Vehicles (IoV), smart city environments, and healthcare systems.