Radio frequency identification (RFID) is a promising and widespread wireless communication technology for entity identification or authentication. By the emerging Internet of Things phenomenon, the use of RFID is densely augmenting in various daily life applications. However, RFID systems suffer from security and privacy issues. Recently, many researchers propose RFID authentication protocols based on elliptic curve cryptography (ECC) to efficiently mitigate the aforementioned concerns. In this work, we extensively examine the state-of-the-art RFID authentication protocols based on ECC in terms of security and performance. Some of these works claim that their protocols provide all general security and privacy properties. We revisit Vaudenay's formal privacy model and show that they do not provide forward and/or backward privacy under this model contrary to their claim. Then, we propose a secure, privacy-preserving and efficient ECC based RFID authentication protocol. We also present a security and performance analysis of our proposed protocol and compare it to the existing relevant schemes in detail. Furthermore, we implement our proposal in a real RFID system to demonstrate its practicability. To the best of our knowledge, our proposed scheme is the most efficient ECC based RFID authentication protocol realized in a real-world environment that satisfies all common security and privacy features including backward and forward privacy.