We propose a secure RFID tag search protocol that ensures the security and privacy of the tags being searched. To our knowledge, not much work has been done in this area of RFID systems. Further, most of the current methods do not comply with the EPC standard as they use expensive hash operations or encryption schemes that cannot be implemented on resource-constrained, low-cost passive tags. Our work aims to fill this gap by proposing a protocol based on quadratic residues which requires the tags to perform only simple XOR, MOD and 128 bit PRNG operations, thus achieving compliance with EPC standards. Our protocol also addresses the vulnerabilities in the protocol proposed by Sundaresan et al. (2012) [1] which is not forward secure, and the weak message construction leading to incorrect tag authentication. We present a detailed security analysis to show that the proposed method achieves the required security properties and the simulation results show that the proposed method is scalable.