Abstract
RFID tags are one of the main enablers of the internet of things. All objects have to be equipped with an electronic product code such as RFID tags. Because of minimizing the price, RFID environments are resource-scarce, then designing ultra-lightweight authentication protocols is of great importance. Many ultra-lightweight authentication protocols such as HB family protocols are proposed. One of the most important threats against HB family protocols is a type of man-in-the-middle attack called GRS. Also, in the real world, IoT requires mutual authentication that traditional HB protocols do not support it. Besides, misconceptions about reader-tag distance could create problems in several applications especially in contactless systems such as access control and electronic payment systems, which could be damaged by distance-based frauds. In the present work, we have proposed a novel distance bounding protocol based on HB family protocols with four major characteristics: (1) it can resist terrorist, mafia, and distance fraud attacks; (2) it is a lightweight mutual authentication protocol capable of being used in low-cost IoT equipment such as NFC and RFID; (3) it employs a hard problem that be post-quantum resistant, and (4) it identifies and solves the weaknesses of HB protocols including GRS attacks. The proposed protocol has also been shown to be able to address the known weaknesses and attacks in distance frauds and HB family protocols.
Similar content being viewed by others
References
He, L., Gan, Y., Li, N.-N., & Zhang, T. (2008). An improved HB ++ protocol against man-in-middle attack in RFID system. In 2008 4th international conference on wireless communications, networking and mobile computing (pp. 1–4).
Bogos, S., & Vaudenay, S. (2016). Optimization of LPN solving algorithms. In International conference on the theory and application of cryptology and information security (pp. 703–728).
Bogos, S. M. (2017). LPN in cryptography: An algorithmic study. Ecole Polytechnique Fédérale de Lausanne.
Brakerski, Z., Lyubashevsky, V., Vaikuntanathan, V., & Wichs, D. (2019). Worst-case hardness for LPN and cryptographic hashing via code smoothing. In Annual international conference on the theory and applications of cryptographic techniques (pp. 619–635).
Hopper, N. J., & Blum, M. (2000). A secure human–computer authentication scheme. Carnegie-Mellon Univ Pittsburgh Pa School Of Computer Science.
Kitsos, P. (2016). Security in RFID and sensor networks. Boca Raton: CRC Press.
Gilbert, H., Robshaw, M., & Sibert, H. (2005). Active attack against HB/sup + : a provably secure lightweight authentication protocol. Electronics Letters, 41, 1169–1170.
Avoine, G., Bultel, X., Gambs, S., Gerault, D., Lafourcade, P., Onete, C., et al. (2017). A terrorist-fraud resistant and extractor-free anonymous distance-bounding protocol. In: Proceedings of the 2017 ACM on Asia conference on computer and communications security (pp. 800–814).
Boureanu, I., Mitrokotsa, A., & Vaudenay, S. (2015). Practical and provably secure distance-bounding. Journal of Computer Security, 23, 229–257.
Karrothu, A., Scholar, R., & Norman, J. (2017). An analysis of LPN based HB protocols. In 2016 eighth international conference on advanced computing (ICoAC) (pp. 138–145).
Juels, A., & Weis, S. A. (2005). Authenticating pervasive devices with human protocols. In Annual international cryptology conference (pp. 293–308).
Bringer, J., Chabanne, H., & Dottax, E. (2006). HB^ + ^+: a lightweight authentication protocol secure against some attacks. In Second international workshop on security, privacy and trust in pervasive and ubiquitous computing (SecPerU’06) (pp. 28–33).
Hammouri, G., Sunar, B. (2008). PUF-HB: a tamper-resilient HB based authentication protocol. In International conference on applied cryptography and network security (pp. 346–365).
Munilla, J., & Peinado, A. (2007). HB-MP: a further step in the HB-family of lightweight authentication protocols. Computer Networks, 51, 2262–2267.
Leng, X., Mayes, K., & Markantonakis, K. (2008). HB-MP + protocol: An improvement on the HB-MP protocol. In 2008 IEEE international conference on RFID (pp. 118–124).
Gilbert, H., Robshaw, M., & Seurin, Y. (2008). HB#: Increasing the security and efficiency of HB + . In Proceedings of international conference the theory and applications of cryptographic techniques advances in cryptology (EUROCRYPT)
Ouafi, K., Overbeck, R., & Vaudenay, S.: On the security of HB# against a man-in-the-middle attack. In International conference on the theory and application of cryptology and information security (pp. 108–124).
Yoon, B., Sung, M. Y., Yeon, S., Oh, H. S., Kwon, Y., et al. (2009). HB-MP ++ protocol: an ultra light-weight authentication protocol for RFID system. In 2009 IEEE international conference on RFID (pp. 186–191).
Madhavan, M., Thangaraj, A., Viswanathan, K., & Sankarasubramaniam, Y. (2010). NLHB: a light-weight, provably-secure variant of the HB protocol using simple non-linear functions. In 2010 national conference on communications (NCC) (pp. 1–5).
S. A. Ali, R. M. Mohamed, and M. H. Fahim, “RCHB: Light-weight, provably-secure variants of the HB protocol using rotation and complementation,” in 2011 5th International Conference on Network and System Security, 2011, pp. 244-248.
K. A. Khoureich, “Light-hHB: A new version of hHB with improved session key exchange,” Cryptology ePrint Archive, Report 2015/713, 2015.
Lin, Z., & Song, J. S. (2013). An improvement in HB-family lightweight authentication protocols for practical use of RFID system. Journal of Advances in Computer Networks, 1, 61–65.
Kiltz, E., Pietrzak, K., Cash, D., Jain, A., & Venturi, D., (2011). Efficient authentication from hard learning problems. In Annual international conference on the theory and applications of cryptographic techniques (pp. 7–26).
Brands, S., & Chaum, D. (1993). Distance-bounding protocols. In Workshop on the theory and application of of cryptographic techniques (pp. 344–359).
Brelurut, A., Gerault, D., & Lafourcade, P. (2015). Survey of distance bounding protocols and threats. In International symposium on foundations and practice of security (pp. 29–49).
Ahmadi, A., Safavi-Naini, R. (2014). Privacy-preserving distance-bounding proof-of-knowledge. In International conference on information and communications security (pp. 74–88).
Bussard, L., & Bagga, W. (2005). Distance-bounding proof of knowledge to avoid real-time attacks. In IFIP international information security conference (pp. 223–238).
Munilla, J., Ortiz, A., & Peinado, A. (2006). Distance bounding protocols with void-challenges for RFID. In Printed handout at the workshop on RFID security—RFIDSec.
Kim, C. H. & Avoine, G.: RFID distance bounding protocol with mixed challenges to prevent relay attacks. In International conference on cryptology and network security (pp. 119–133)
Pagnin, E., Yang, A., Hu, Q., Hancke, G., & Mitrokotsa, A. (2018). HB + DB: Distance bounding meets human based authentication. Future Generation Computer Systems, 80, 627–639.
Desmedt, Y. (1988). Major security problems with the ‘unforgeable’(Feige)-Fiat-Shamir proofs of identity and how to overcome them. In Proceedings of SECURICOM (pp. 15–17).
Fischlin, M., & Onete, C. (2013). Terrorism in distance bounding: modeling terrorist-fraud resistance. In International conference on applied cryptography and network security (pp 414–431).
Levieil, É., & Fouque, P.-A. (2006). An improved LPN algorithm. In International conference on security and cryptography for networks (pp. 348–359).
Funding
None.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Informed consent
None.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Mirzadi, K., Mohasefi, J.B. An Ultra-Lightweight Mutual Authentication Protocol Based on LPN Problem with Distance Fraud Resistant. Wireless Pers Commun 117, 2225–2251 (2021). https://doi.org/10.1007/s11277-020-07969-w
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-020-07969-w