HB+DB, mitigating man-in-the-middle attacks against HB+ with distance bounding

Pagnin, Elena; Yang, Anjia; Hancke, Gerhard P.; Mitrokotsa, Aikaterini

doi:10.1145/2766498.2766516

Cited by 6 publications

(13 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…tag reader back end server Figure 1 A system model of RFID systems [7] Although, RFID technology is developing rapidly and providing comfort for users, deficiency of supplying the necessary privacy, will result in irreparable damages such as traceability, DoS and impersonation attacks [8] . Therefore, scholars have proposed protocols to provide security and privacy of users in RFID systems, which generally classify into four classes based on the deployed cryptographic functions [9] .…”

Section: Journal Of Communications and Information Networkmentioning

confidence: 99%

Cryptanalysis and improvement of two new RFID protocols based on R-RAPSE

Sajjadi

Haghbin

Mirmohseni

2017

J. Commun. Inf. Netw.

View full text Add to dashboard Cite

RFID (Radio Frequency IDentification) is a pioneer technology which has depicted a new lifestyle for humanity. Nowadays we observe an increase in the number of RFID applications and no one can ignore their numerous usage. An important issue with RFID systems is providing privacy requirements of these systems during authentication. Recently in 2014, Cai et al. proposed two improved RFID authentication protocols based on R-RAPS (RFID Authentication Protocol Security Enhanced Rules). We investigate the privacy of their protocols based on Ouafi and Phan privacy model and show that these protocols cannot provide private authentication for RFID users. Moreover, we show that these protocols are vulnerable to impersonation, DoS and traceability attacks. Moreover, we present two improved efficient and secure authentication protocols to ameliorate the performance of Cai et al.'s schemes. Our analysis illustrates that the existing weaknesses of the discussed protocols are eliminated in our proposed protocols.

show abstract

Section: Journal Of Communications and Information Networkmentioning

confidence: 99%

Cryptanalysis and improvement of two new RFID protocols based on R-RAPSE

Sajjadi

Haghbin

Mirmohseni

2017

J. Commun. Inf. Netw.

View full text Add to dashboard Cite

show abstract

“…The HB+DB protocol . Depicted in Figure 2, the HB+DB protocol [15,16] uses two public parameters: η ∈ (0, 1/2) for LPN noise and the mean ψ ∈ [0,1/2] of a Bernoulli distribution for channel noise. The prover P and the verifier V share three k-bit keys x,y,z.…”

Section: The Hb + and Hb+db Protocolsmentioning

confidence: 99%

“…The HB+DB protocol [15,16] is essentially a white-box composition of an authentication protocol (i.e., HB + ) and a proximity-checking phase. This section shows, however, that HB+DB provides neither secure authentication, nor secure distance bounding.…”

Section: Hb+db's Security Shortcomingsmentioning

confidence: 99%

“…The HB+DB scheme [15]. HB+DB addressed GRS attacks against HB + by adding a proximity-checking countermeasure to that protocol.…”

Section: Introductionmentioning

confidence: 99%

“…HB+DB addressed GRS attacks against HB + by adding a proximity-checking countermeasure to that protocol. HB+DB's effectiveness was assessed by practical experiments, and its limited worstcase security analysis was expressed in terms of LPN-noise levels [15]. In this paper, we present failings of HB+DB, linked both to practice (e.g., DBsecurity scaling poorly), and to theory (e.g., refute claims that HB+DB's security against passive attackers relies on LPN-hardness).…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Breaking and fixing the HB+DB protocol

Boureanu

Gerault

Lafourcade

et al. 2017

Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks

View full text Add to dashboard Cite

International audienceThe HB protocol and its HB + successor are lightweight authentication schemes based on the Learning Parity with Noise (LPN) problem. They both suffer from the so-called GRS-attack whereby a man-in-the-middle (MiM) adversary can recover the secret key. At WiSec 2015, Pagnin et al. proposed the HB+DB protocol: HB + with an additional distance-bounding dimension added to detect and counteract such MiM attacks. They showed experimentally that HB+DB was resistant to GRS adversaries, and also advanced HB+DB as a distance-bounding protocol, discussing its resistance to worst-case distance-bounding attackers. In this paper, we exhibit flaws both in the authentication and distance-bounding layers of HB+DB; these vulnerabilities encompass practical attacks as well as provable security shortcomings. First, we show that HB+DB may be impractical as a secure distance-bounding protocol, as its distance-fraud and mafia-fraud security-levels scale poorly compared to other distance-bounding protocols. Secondly, we describe an effective MiM attack against HB+DB: our attack refines the GRS-strategy and still leads to key-recovery by the attacker, yet this is not deterred by HB+DB's distance-bounding. Thirdly, we refute the claim that HB+DB's security against passive attackers relies on the hardness of the LPN problem. We also discuss how (erroneously) requiring such hardness, in fact, lowers HB+DB's efficiency and its resistance to authentication and distance-bounding attacks. Drawing on HB+DB's design flaws, we also propose a new distance-bounding protocol – BLOG. It retains parts of HB+DB, yet BLOG is provably secure, even – in particular – against MiM attacks. Moreover, BLOG enjoys better practical security (asymptotical in the security parameter)

show abstract

Revisiting Two-Hop Distance-Bounding Protocols: Are You Really Close Enough?

Kaloudi

Mitrokotsa

2018

Information Security Theory and Practice

Self Cite

View full text Add to dashboard Cite

The emergence of ubiquitous computing has led to multiple heterogeneous devices with increased connectivity. In this communication paradigm everything is inter-connected and proximity-based authentication is an indispensable requirement in multiple applications including contactless payments and access control to restricted services/places. Distance-bounding (DB) protocols is the main approach employed to achieve accurate proximity-based authentication. Traditional distancebounding requires that the prover and the verifier are in each other's communication range. Recently, Pagnin et al. have proposed a two-hop DB protocol that allows proximity-based authentication, when the prover and the verifier need to rely on an intermediate untrusted party (linker). In this paper, we investigate further the topic of two-hop distance-bounding. We analyse the security of the Pagnin et al. protocol for internal adversaries and we investigate the impact of the position of the linker in the distance-bounding process. We propose a new two-hop DB protocol that is more lightweight and avoids the identified problems. Finally, we extend the protocol to the multi-hop setting and we provide a detailed security analysis for internal adversaries.

show abstract

HB+DB, mitigating man-in-the-middle attacks against HB+ with distance bounding

Cited by 6 publications

References 26 publications

Cryptanalysis and improvement of two new RFID protocols based on R-RAPSE

Cryptanalysis and improvement of two new RFID protocols based on R-RAPSE

Breaking and fixing the HB+DB protocol

Revisiting Two-Hop Distance-Bounding Protocols: Are You Really Close Enough?

Contact Info

Product

Resources

About