RFID technology has become popular in many applications, but it also raised security and privacy concerns. Many people worry about the disadvantages which brought by RFID technology, such as leaking their location privacy and confidentiality of private information. However, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In 2009, Chien and Laih proposed an RFID authentication protocol based on error correction codes (ECC) to secure the RFID systems with untraceability, which is one of the most critical privacy issues in RFID. But we found that this protocol is still vulnerable to tracing attacks, and two variant attacks are presented to break Chien’s protocol. In this thesis, we propose an ECC-based mutual uthentication protocol for RFID. Our protocol requires only lightweight operations that can be mounted on the low-cost tags. With an ECC-based filtering mechanism applied, the computational load on the RFID reader can be reduced. Therefore, our protocol is appropriate for the real-world applications. Further analysis shows that the protocol is secure against the common security threats of RFID systems.