Practical Attacks on HB and HB+ Protocols
نویسندگان
چکیده
HB and HB+ are a shared secret-key authentication protocols designed for low-cost devices such as RFID tags. HB+ was proposed by Juels and Weis at Crypto 2005. The security of the protocols relies on the learning parity with noise (LPN) problem, which was proven to be NP-hard. The best known attack on LPN by Levieil and Fouque [13] requires subexponential number of samples and sub-exponential number of operations, which makes that attack impractical for the RFID scenario (one cannot assume to collect exponentially-many observations of the protocol execution). We present a passive attack on HB protocol in detection-based model which requires only linear (in the length of a secret key) number of samples. Number of performed operations is exponential, but attack is e cient for some real-life values of the parameters, i. e. noise 1 8 and key length 152-bits. Passive attack on HB can be transformed into active one on HB+.
منابع مشابه
Variants of Hb Protocols for Rfid Security
Radio Frequency Identification (RFID) has received recently a great attention from large organizations and researchers due to the dropping tag costs and vigorous RFID standardization. They are becoming more common in daily use to identify, locate and track people, assets, and animals. Number of protocols has been proposed in the literature for the security of RFID against passive attacks. One o...
متن کاملMore on the Security of Linear RFID Authentication Protocols
The limited computational resources available in RFID tags implied an intensive search for lightweight authentication protocols in the last years. The most promising suggestions were those of the HBfamiliy (HB, HB, TrustedHB, ...) initially introduced by Juels and Weis, which are provably secure (via reduction to the Learning Parity with Noise (LPN) problem) against passive and some kinds of ac...
متن کاملThe Strong HB Problem and its Applications
The HB problem first introduced by Blum and Hopper has been the basis for extremely lightweight authentication protocols for RFID tags [18, 19]. In this paper we introduce a variant of this problem which we call the strong HB problem. We analyze the strong HB problem and give some arguments that support its hardness. We then use the strong HB assumption in two applications of independent intere...
متن کاملHB#: Increasing the Security and Efficiency of HB+
The innovative HB protocol of Juels and Weis [10] extends device authentication to low-cost RFID tags. However, despite the very simple on-tag computation there remain some practical problems with HB and despite an elegant proof of security against some limited active attacks, there is a simple man-in-the-middle attack due to Gilbert et al. [8]. In this paper we consider improvements to HB in t...
متن کاملUn-Trusted-HB: Security Vulnerabilities of Trusted-HB
With increased use of passive RFID tags, the need for secure lightweight identification protocols arose. HB+ is one such protocol, which was proven secure in the detection-based model, but shown breakable by man-in-the-middle attacks. Trusted-HB is a variant of HB+, specifically designed to resist man-in-the-middle attacks. In this paper, we discuss several weaknesses of Trusted-HB, show that t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2008 شماره
صفحات -
تاریخ انتشار 2008