Abstract: The security of Hash-based operation authentication protocol, which is usually used by the low-cost RFID system, is researched. Based on the analysis of security shortcomings and flows of this protocol, a thesis of low-cost RFID authentication protocol to meet the security requirements is formulized and a light-weight RFID bi-directional authentication protocol is proposed. The security of the proposed protocol is proved by using the formal analysis method of BAN logic. The results show that the proposed protocol can meet the security requirements of confidentiality, integrity, and traceability in RFID applications. Besides, the protocol can resist attacks of tracking, label counterfeit, and replay, improve the security flaws existing in the current Hash-based operation authentication protocol, and better meets the security requirements of the low-cost RFID system.