RFID has become an important infrastructure technology. However, it does not solve information security problem. An adversary can eavesdrop on the messages exchanged between tag and backend database and track tag’s holder. Many scholars have proposed some lightweight protocols in order to protect user’s privacy and avoid various attacks. In this paper, we analyze some authentication protocols. Especially, we analyze a forward secure RFID privacy protection scheme proposed by Ohkubo et al. Afterwards, we propose an improved protection scheme with two-way authentication. It is lightweight and suitable for low-cost RFID system. Moreover, it not only provides indistinguishability and forward security but also provides two-way authentication.