Skip to main content
SpringerLink
Log in

Session-HB: Improving the Security of HB\(^{+}\) with a Session Key Exchange

  • Conference paper
  • First Online:
Book cover Innovation and Interdisciplinary Solutions for Underserved Areas (CNRIA 2017, InterSol 2017)

  • 496 Accesses

Abstract

The HB\(^{+}\) protocol, designed by Juels and Weis to mitigate forgery and counterfeiting risks on RFID tags, is well suited for those resource-constrained devices. The protocol comes in response to the search for a solution to improve the security of the HB protocol published in 2001 by Hopper and Blum that was not resistant to active attacks. However, Gilbert et al. showed that HB\(^{+}\) cannot resist against a simple man-in-the-middle attack. In this paper, we propose to run a lightweight session key exchange as a pre-protocol to establish the tag and reader secrets for HB\(^{+}\). The resulting protocol denoted Session-HB is provably resistant to man-in-the-middle attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Armknecht, F., Hamann, M., Mikhalev, V.: Lightweight authentication protocols on ultra-constrained RFIDs - myths and facts. In: Saxena, N., Sadeghi, A.-R. (eds.) RFIDSec 2014. LNCS, vol. 8651, pp. 1–18. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13066-8_1

    Google Scholar 

  2. Blum, A., Furst, M., Kearns, M., Lipton, R.J.: Cryptographic primitives based on hard learning problems. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 278–291. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_24

    Google Scholar 

  3. Blum, A., Kalai, A., Wasserman, H.: Noise-tolerant learning, the parity problem, and the statistical query model. J. ACM (JACM) 50(4), 506–519 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  4. Blum, M., Hopper, N.J.: A secure human-computer authentication scheme. Technical report, CMU-CS-00-139, School of Computer Science, CMU (2000)

    Google Scholar 

  5. Bringer, J., Chabanne, H.: Trusted-HB: a low-cost version of HB\(^{\text{+ }}\) secure against man-in-the-middle attacks. IEEE Trans. Inf. Theory 54(9), 4339–4342 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  6. Bringer, J., Chabanne, H., Emmanuelle, D.: HB\(^{++}\): a lightweight authentication protocol secure against some attacks. In: IEEE International Conference on Pervasive Services, Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing - SecPerU 2006, pp. 28–33. IEEE (2006)

    Google Scholar 

  7. Duc, D.N., Kim, K.: Securing HB\(^+\) against GRS man-in-the-middle attack. In: Institute of Electronics, Information and Communication Engineers, Symposium on Cryptography and Information Security (2007)

    Google Scholar 

  8. Frumkin, D., Shamir, A.: Un-trusted-HB: security vulnerabilities of trusted-HB. IACR Cryptology ePrint Archive, p. 44 (2009)

    Google Scholar 

  9. Gilbert, H., Robshaw, M., Sibert, H.: Active attack against HB\(^+\): a provably secure lightweight authentication protocol. Electron. Lett. 41(21), 1169–1170 (2005)

    Article  Google Scholar 

  10. Gilbert, H., Robshaw, M.J.B., Seurin, Y.: HB\(^{\#}\): increasing the security and efficiency of HB\(^{+}\). In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 361–378. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_21

    Chapter  Google Scholar 

  11. Gilbert, H., Robshaw, M.J.B., Seurin, Y.: Good variants of HB+ are hard to find. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 156–170. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85230-8_12

    Chapter  Google Scholar 

  12. Hopper, N.J., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_4

    Chapter  Google Scholar 

  13. Juels, A., Weis, S.A.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_18

    Chapter  Google Scholar 

  14. Ka, A.K.: hHB: a harder HB\({}^{\text{+ }}\) protocol. In: SECRYPT 2015 - Proceedings of the 12th International Conference on Security and Cryptography, pp. 163–169 (2015)

    Google Scholar 

  15. Katz, J., Shin, J.S.: Parallel and concurrent security of the HB and HB+ protocols. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 73–87. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_6

    Chapter  Google Scholar 

  16. Leng, X., Mayes, K., Markantonakis, K.: HB-MP\(^+\) protocol: an improvement on the HB-MP protocol. In: IEEE International Conference on RFID 2008, pp. 118–124. IEEE (2008)

    Google Scholar 

  17. Levieil, É., Fouque, P.-A.: An improved LPN algorithm. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 348–359. Springer, Heidelberg (2006). https://doi.org/10.1007/11832072_24

    Chapter  Google Scholar 

  18. Munilla, J., Peinado, A.: HB-MP: a further step in the HB-family of lightweight authentication protocols. Comput. Netw. 51(9), 2262–2267 (2007)

    Article  MATH  Google Scholar 

  19. Ouafi, K., Overbeck, R., Vaudenay, S.: On the security of HB# against a man-in-the-middle attack. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 108–124. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89255-7_8

    Chapter  Google Scholar 

  20. Peris-Lopez, P., Hernandez-Castro, J.C., Tapiador, J.M.E., Ribagorda, A.: Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol. In: Chung, K.-I., Sohn, K., Yung, M. (eds.) WISA 2008. LNCS, vol. 5379, pp. 56–68. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00306-6_5

    Chapter  Google Scholar 

  21. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing, STOC 2005, pp. 84–93. ACM (2005)

    Google Scholar 

  22. Rizomiliotis, P., Gritzalis, S.: GHB #: a provably secure HB-like lightweight authentication protocol. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 489–506. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31284-7_29

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Alioune Diop University of Bambey, Bambey, Senegal

    Ahmad Khoureich Ka

Authors
  1. Ahmad Khoureich Ka
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ahmad Khoureich Ka .

Editor information

Editors and Affiliations

  1. Université Cheikh Anta Diop, Dakar, Senegal

    Cheikh M. F. Kebe

  2. University of Maryland, College Park, College Park, Senegal

    Assane Gueye

  3. Université Assane Seck de Ziguinchor, Ziguinchor, Senegal

    Ababacar Ndiaye

Rights and permissions

Reprints and permissions

Copyright information

© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ka, A.K. (2018). Session-HB: Improving the Security of HB\(^{+}\) with a Session Key Exchange. In: M. F. Kebe, C., Gueye, A., Ndiaye, A. (eds) Innovation and Interdisciplinary Solutions for Underserved Areas. CNRIA InterSol 2017 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 204. Springer, Cham. https://doi.org/10.1007/978-3-319-72965-7_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72965-7_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72964-0

  • Online ISBN: 978-3-319-72965-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation