Abstract
The HB\(^{+}\) protocol, designed by Juels and Weis to mitigate forgery and counterfeiting risks on RFID tags, is well suited for those resource-constrained devices. The protocol comes in response to the search for a solution to improve the security of the HB protocol published in 2001 by Hopper and Blum that was not resistant to active attacks. However, Gilbert et al. showed that HB\(^{+}\) cannot resist against a simple man-in-the-middle attack. In this paper, we propose to run a lightweight session key exchange as a pre-protocol to establish the tag and reader secrets for HB\(^{+}\). The resulting protocol denoted Session-HB is provably resistant to man-in-the-middle attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Armknecht, F., Hamann, M., Mikhalev, V.: Lightweight authentication protocols on ultra-constrained RFIDs - myths and facts. In: Saxena, N., Sadeghi, A.-R. (eds.) RFIDSec 2014. LNCS, vol. 8651, pp. 1–18. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13066-8_1
Blum, A., Furst, M., Kearns, M., Lipton, R.J.: Cryptographic primitives based on hard learning problems. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 278–291. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_24
Blum, A., Kalai, A., Wasserman, H.: Noise-tolerant learning, the parity problem, and the statistical query model. J. ACM (JACM) 50(4), 506–519 (2003)
Blum, M., Hopper, N.J.: A secure human-computer authentication scheme. Technical report, CMU-CS-00-139, School of Computer Science, CMU (2000)
Bringer, J., Chabanne, H.: Trusted-HB: a low-cost version of HB\(^{\text{+ }}\) secure against man-in-the-middle attacks. IEEE Trans. Inf. Theory 54(9), 4339–4342 (2008)
Bringer, J., Chabanne, H., Emmanuelle, D.: HB\(^{++}\): a lightweight authentication protocol secure against some attacks. In: IEEE International Conference on Pervasive Services, Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing - SecPerU 2006, pp. 28–33. IEEE (2006)
Duc, D.N., Kim, K.: Securing HB\(^+\) against GRS man-in-the-middle attack. In: Institute of Electronics, Information and Communication Engineers, Symposium on Cryptography and Information Security (2007)
Frumkin, D., Shamir, A.: Un-trusted-HB: security vulnerabilities of trusted-HB. IACR Cryptology ePrint Archive, p. 44 (2009)
Gilbert, H., Robshaw, M., Sibert, H.: Active attack against HB\(^+\): a provably secure lightweight authentication protocol. Electron. Lett. 41(21), 1169–1170 (2005)
Gilbert, H., Robshaw, M.J.B., Seurin, Y.: HB\(^{\#}\): increasing the security and efficiency of HB\(^{+}\). In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 361–378. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_21
Gilbert, H., Robshaw, M.J.B., Seurin, Y.: Good variants of HB+ are hard to find. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 156–170. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85230-8_12
Hopper, N.J., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_4
Juels, A., Weis, S.A.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_18
Ka, A.K.: hHB: a harder HB\({}^{\text{+ }}\) protocol. In: SECRYPT 2015 - Proceedings of the 12th International Conference on Security and Cryptography, pp. 163–169 (2015)
Katz, J., Shin, J.S.: Parallel and concurrent security of the HB and HB+ protocols. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 73–87. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_6
Leng, X., Mayes, K., Markantonakis, K.: HB-MP\(^+\) protocol: an improvement on the HB-MP protocol. In: IEEE International Conference on RFID 2008, pp. 118–124. IEEE (2008)
Levieil, É., Fouque, P.-A.: An improved LPN algorithm. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 348–359. Springer, Heidelberg (2006). https://doi.org/10.1007/11832072_24
Munilla, J., Peinado, A.: HB-MP: a further step in the HB-family of lightweight authentication protocols. Comput. Netw. 51(9), 2262–2267 (2007)
Ouafi, K., Overbeck, R., Vaudenay, S.: On the security of HB# against a man-in-the-middle attack. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 108–124. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89255-7_8
Peris-Lopez, P., Hernandez-Castro, J.C., Tapiador, J.M.E., Ribagorda, A.: Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol. In: Chung, K.-I., Sohn, K., Yung, M. (eds.) WISA 2008. LNCS, vol. 5379, pp. 56–68. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00306-6_5
Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing, STOC 2005, pp. 84–93. ACM (2005)
Rizomiliotis, P., Gritzalis, S.: GHB #: a provably secure HB-like lightweight authentication protocol. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 489–506. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31284-7_29
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Ka, A.K. (2018). Session-HB: Improving the Security of HB\(^{+}\) with a Session Key Exchange. In: M. F. Kebe, C., Gueye, A., Ndiaye, A. (eds) Innovation and Interdisciplinary Solutions for Underserved Areas. CNRIA InterSol 2017 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 204. Springer, Cham. https://doi.org/10.1007/978-3-319-72965-7_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-72965-7_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72964-0
Online ISBN: 978-3-319-72965-7
eBook Packages: Computer ScienceComputer Science (R0)