With the fast growth of the automatic authentication and asset tracking usage in a wide variety of applications in different fields, government, logistics, transportation and retail are among the most supportive of the radio-frequency identification (RFID) market. Security is a crucial issue and must be addressed seriously. RFID security must meet the public demand of data protection. Recently, several lightweight RFID authentication protocols conforming to the EPCglobal Class 1 Generation 2 (EPC C1-G2) standard have been proposed. In this paper, we present efficient attacks against the authenticated RFID security mechanism of Chang et al. based on Chebyshev chaotic maps, which is the first solution that adopted the chaos in the RFID authentication process. It turns out that this protocol has fundamental weaknesses that can be used by an adversary to break the system. We will show that this protocol is vulnerable to tracking attack, secret disclosure attack, impersonation attack and desynchronization attack. The proposed attack techniques are in light of two flaws related to the message generation and the shared-secret update process, which are not neatly scrutinized. Then, we propose an improved RFID authentication protocol based on the Chebyshev chaotic map hard problem, conforming to the EPC C1-G2 standard with more flexibility, security and mobility for the RFID application. Copyright © 2014 John Wiley & Sons, Ltd.