The radio frequency identification (RFID) system is vulnerable to various attacks, since data transmission between the reader and tags is based on wireless communication. Typical attacks are the forged-reader attack, forged-server attack, man-in-the-middle attack, tracking attack, replay attack, forward secrecy attack and denial of service attack, etc. Some methods like Karthikeyan-Nesterenko's scheme, Chien-Chen's scheme, and Chien's scheme have been proposed to resist the attacks. The methods still have some flaws, though. In this paper, we proposed a mutual authentication protocol between the reader and tags conforming EPC Class 1 Generation 2 (EPC C1G2) standard to resist the attacks just mentioned. The challenge is that EPC C1G2 tags have limited memory and can perform only ultra lightweight operations like the random number generation, pseudo random number generator (PRNG) and exclusive-or (XOR) operator. We will conduct thorough security analysis for the developed protocol and comprehensively compare it with other related methods to demonstrate it is indeed better than others.