Currently, security and privacy issues of RFID systems cause for growing concern, and have become a hot research topic. Physical mechanisms and cryptographic mechanisms are the two main methods to solve these issues. Among cryptographic mechanisms, hash-based mechanism is a vital kind of solution. Analysis on the existing hash-based mechanisms shows there are a variety of security risks, or they are not very suitable for passive RFID systems. In this paper, based on the analysis of the existing hash-based mechanisms, an improved mutual authentication protocol based on hash function is proposed. Through security and efficiency analysis, we can see that our protocol requires lower resources on readers and tags, and it is suitable for passive RFID systems.