Low-cost Radio Frequency Identification (RFID) tags are devices with very limited computational capability, in which only 250-4K logic gates can be devoted to security related tasks. Classical cryptographic primitives such as block ciphers or hash functions are well beyond the computational capabilities of low-cost RFID tags, as ratified by the EPCglobal Class-1 Gen-2 RFID specification. Moreover, the Gen-2 RFID specification does not pay due attention to security. For this reason, an efficient Ultra Light Authentication Protocol (ULAP) is proposed in this paper. This new scheme offers an adequate security level against passive attacks, and is compliant with Gen-2 RFID specification.