Abstract
Low-cost radio-frequency identification tags are confronted with various security and privacy issues due to their limits in computational and storage capabilities. Many lightweight authentication protocols have been proposed so far to resist all possible attacks and threats. A revised Tree-LSHB+ protocol was recently proposed by Qian et al. [Wirel Pers Commun 77(4):3125–3141. doi:10.1007/s11277-014-1699-x, 2014] after a security analysis on the original Tree-LSHB+ protocol proposed by Deng et al. [Wirel Pers Commun 72(1):159–174. doi:10.1007/s11277-013-1006-2, 2013]. And it claimed to be secure against secret information disclosure attack. In this paper, we present an active attack against it in a general man-in-the-middle attack where an adversary is capable of eavesdropping, intercepting, manipulating, and blocking the messages transmitted between a legitimate reader and a legitimate tag. The attack is proved to be efficient to disclose all the authentication keys shared between a reader and a tag. Additionally, we introduce another possible active attack which can even retrieve all the secrets in the tree-traversal stage.
Similar content being viewed by others
References
Qian, X., Liu, X., Yang, S., & Zuo, C. (2014). Security and privacy analysis of Tree-LSHB+ protocol. Wireless Personal Communications, 77(4), 3125–3141. doi:10.1007/s11277-014-1699-x.
Deng, G., Li, H., Zhang, Y., & Wang, J. (2013). Tree-LSHB+: An LPN-based lightweight mutual authentication RFID protocol. Wireless Personal Communications, 72(1), 159–174. doi:10.1007/s11277-013-1006-2.
Hopper, N. J., & Blum, M. (2000). A secure human–computer authentication scheme. Technical report CMU-CS-00-139, Computer Science Department, Carnegie Mellon University, Paper 148.
Juels, A., & Weis, S. A. (2005). Authenticating pervasive devices with human. Protocols Crypto 2005 LNCS, 3621, 293–308.
Gilbert, H., Robshaw, M., & Silbert, H. (2005). An Active attack against HB+—A provably secure lightweight authentication protocol. Cryptology ePrint archive, report 2005/237. http://eprint.iacr.org/2005/237.
BRINGER, J., Chabanne, H., & Dottax, E. (2006). HB++: A lightweight authentication protocol secure against some attacks. Proceedings of the second international workshop on security, privacy and trust in pervasive and ubiquitous computing (SecPerU’06).
Munilla, J., & Peinado, A. (2007). HB-MP: A further step in the HB-family of lightweight authentication protocols. Computer Networks, 51(9), 2262–2267. doi:10.1016/j.comnet.2007.01.011.
Leng, X., Mayes, K., & Markantonakis, K. (2008). HB-MP+ protocol: An improvement on the HB-MP protocol. IEEE international conference on RFID, 118–124.
Piramuthu, S. (2007). Protocols for RFID tag/reader authentication. Decision Support Systems, 43(3), 897–914. doi:10.1016/j.dss.2007.01.003.
Yoon, B., Sung, M. Y., Yeon, S., Oh, H. S., Kwon, Y., Kim, C., et al. (2009). HB-MP++ protocol: An ultra light-weight authentication protocol for RFID system. IEEE International Conference on RFID, 2009, 186–191.
Lin, Z., & Song, J. S. (2013). An improvement in HB-family lightweight authentication protocols for practical use of RFID system. Journal of Advances in Computer Networks. doi:10.7763/jacn.2013.v1.13.
Gilbert, H., Robshaw, M. J. B., & Seurin, Y. (2008). HB#: Increasing the security and efficiency of HB+. EUROCRYPT, 2008, 361–387.
Ouafi, K., Overbeck, R., & Vaudenay, S. (2008). On the security of HB# against a man-in-the-middle attack. ASIACRYPT 2008 LNCS, 5350, 108–124.
Bringer, J., & Chabanne, H. (2008). Trusted-HB: A low-cost version of HB+ secure against man-in-the-middle attacks. CoRR, http://arxiv.org/abs/0802.0603v1.
Madhavan, M., Thangaraj, A., Viswanathan, K., & Sankarasubramaniam, Y. (2010). NLHB: A light-weight, provably-secure variant of the HB protocol using simple non-linear functions. Proceedings of IEEE international symposium on information theory (pp. 2498–2502).
Abyaneh, M. R. S. (2010). On the security of non-linear HB (NLHB) protocol against passive attack. Proceedings of IEEE/IFIP international conference on embedded and ubiquitous computing (pp. 523–528).
Ali, S. A., & Hardan, M. (2013). Variants of HB protocols for RFID security. Journal of Engineering Sciences, 41(3), 1151–1174.
Bosley, C., Haralambiev, K., & Nicolosi, A. (2011). HBN: An HB-like protocol secure against man-in-the-middle attacks. Cryptology ePrint archive, report 2011/350.
Hou, F., Yang, C., Liu, J., Zhang, Y., Tian, J., & Zhang, Y. (2012). HB-MAP protocol: A new secure bidirectional light-wight authentication protocol of HB. Ninth IEEE International Conference on e-Business Engineering, 2012, 151–155. doi:10.1109/icebe.2012.33.
Rizomiliotis, P., & Gritzalis, S. (2012). GHB#: A Provably Secure HB-Like Lightweight Authentication Protocol. 10th international conference, ACNS 2012, Singapore, June 26–29, 2012. Proceedings (Vol. 7341, pp 489–506). doi:10.1007/978-3-642-31284-7_29.
Li, Z., Gong, G., & Qin, Z. (2013). Secure and efficient LCMQ entity authentication protocol.pdf>. IEEE Transactions on Information Theory, 59(6), 4042–4054.
Halevi, T., Saxena, N., & Halevi, S. (2011). Tree-based HB protocols for privacy-preserving authentication of RFID tags. Journal of Computer Security, 19(2), 343–363.
Berlekamp, E. R., McEliece, R. J., & Tilborg, H. C. A. V. (1978). On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory, 24, 384–386.
Blum, A., Kalai, A., & Wasserman, H. (2003). Noise-tolerant learning, the parity problem, and the statistical query model. ACM, 50, 506–519.
Fossorier, M. P. C., Mihaljević, M. J., Imai, H., Cui, Y., & Matsuura, K. (2006). A novel algorithm for solving the LPN problem and its application to security evaluation of the HB protocol for RFID authentication. Cryptology ePrint Archive, Report 2006/197.
Kirchner, P. (2011). Improved generalized birthday attack. Cryptology ePrint Archive, Report 2011/377. http://eprint.iacr.org/2011/377.
Teixidó, I., Sebé, F., Conde, J., & Solsona, F. (2014). MPI-based implementation of an enhanced algorithm to solve the LPN problem in a memory-constrained environment. Parallel Computing, 40(5–6), 100–112. doi:10.1016/j.parco.2014.04.002.
Acknowledgements
This work was supported by NFSC (grant No.61628202).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lei, M., Li, H., Liu, W. et al. Security Analysis of the Qian et al. Protocol: A Revised Tree-LSHB+ Protocol. Wireless Pers Commun 96, 1083–1098 (2017). https://doi.org/10.1007/s11277-017-4225-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-017-4225-0