RFID is automatic object identifying technology via radio frequency. And its application areas are un-describable for its convenience and pervasiveness. However, because the communication channel between the verifier and the tag is wireless, serious privacy problems such as the data leakage and the data traceability can be occur. Without resolving these privacy problems, RFID system cannot be adapted fully in any area. Many kinds of security protocols have been proposed to resolve these problems. However, previous proposals did not satisfy security requirements and still leaved vulnerabilities. In this paper, we describe the security vulnerabilities of previous works for RFID systems. Finally, we propose a security protocol which based on one-time pad scheme using random nonce and shared secret values. The proposed protocol satisfies security requirements such as the data secrecy, data anonymity and the data authenticity between the verifier and the tag. We have proved security requirements satisfaction formally by using GNY logic.