HB+DB: Distance bounding meets human based authentication

Authentication for resource-constrained devices is seen as one of themajor challenges in current wireless communication networks. The HB protocol by Juels and Weis provides device authentication based on the learning parity with noise (LPN) problem and is appropriate for resource-constrained devices, but it has been shown to be vulnerable to a simple man-in-the-middle attack. Subsequent work has focused on modifying the cryptographic properties of the original protocol tomitigate this problem.We propose that this attack could bemitigated using physical layermeasures fromdistance-bounding protocols and simple modifications to devices’ radio receivers. We take the HB as a reference protocol and combine it with distance-bounding techniques. This hybrid solution, the HBDB protocol is shown to provide resistance against the man-in-the-middle attacks on HBas a result of the additional physical-layer mechanisms. We analyze the security of the proposed HBDB protocol against active man-in-the-middle attacks and present experiments showing how it is practically possible to limit the success of a practical man-inthe-middle attack. We also briefly discuss the possibility that HBDB could provide some resistance to basic threats scenarios meant to be mitigated by distance-bounding protocols. We make a practical implementation to verify that our proposed method is feasible. Finally, we discuss a proof-of-concept channel for our scheme implemented on a platform equivalent in resources to a contactless smart card/NFC device. © 2016 Elsevier B.V. All rights reserved.