RFID system has become a technology that many companies would like to adopt as it provides convenience to our society. Increasing competitiveness in the industry has reduced the cost of the technology, but it also raises considerable privacy concerns. Among many RFID applications that have made major impacts on various industries, the RFID-based authentication system has become a solution to resolve a number of issues, for instances, theft, compromised brand, lack of inventory control, supply chain inefficiencies, and etc. Many authentication protocols based on symmetric challenge-response scheme have been developed in order to ensure preservation of privacy. However, many of the these schemes cannot fully protect privacy in the presence of malicious readers or insider attacks.

In this thesis, we first investigated possible security and privacy threats that security engineers face from an RFID system. We then presented a new protocol to authenticate smart tags without exposing their private identities and activity patterns with resource-limited devices, such as RFID smart tags or wireless sensor nodes. We further analyzed the RFID system's security strength against various attacking scenarios, such as eavesdropping, collusive attack or tag-compromise situation, based on extensive experiments to validate the feasibility and security of our proposed solution.