Abstract
Due to the limited computation and memory capabilities of the identification tags, RFID systems are susceptible to various attacks. In 2014, a lightweight mutual authentication RFID protocol that supports key update was proposed by Qian et al., and it was claimed to be secure against several known attacks. In this paper, however, we show that their protocol cannot resist key recovery attack, where an adversary, after interacting with the tag several times, can recover the authentication keys of the system in polynomial time with non-negligible probability. Additionally, we also prove that their protocol cannot provide strong backward security or strong forward security: an adversary who has compromised some continuous authentication keys, can successfully recover all the future authentication keys and some of the previous authentication keys, which completely breaks the security of the authentication protocol. We then propose a new protocol which provides key recovery resilience, both strong backward security and strong forward security, and also resistance against various known types of attacks.
Similar content being viewed by others
Change history
13 December 2019
The authors' second affiliation was missing in the original article.
13 December 2019
The authors' second affiliation was missing in the original article.
Notes
To guarantee the security strength of the key update, we assume \(K_1^i \ne O\) for any i, otherwise the authentication key would be zero after updating i times. Thus there are at least two non-zero elements in \(\overrightarrow{\lambda }\).
Apparently, this theorem can only make sense when \(i \ge j+2\).
The above \(K_{1_{(k_x \times k_x)}}\) in Eq. (11) for the update of \(\overrightarrow{key_{x}}\) is a sub-matrix of \(K_{2_{(k_y \times k_y)}}\) since \(k_x < k_y\) according to Table 1, then the leakage of \(K_2\) implies the leakage of \(K_1\), which leads to the leakage of all the subsequent \(\overrightarrow{key_{x}}\) given the continuous leaked keys {\(\overrightarrow{key_{x}},\overrightarrow{key_{y}}\)}.
References
Hopper, N. J., & Blum, M. (2001). Secure human identification protocols. In Cryptology-ASIACRYPT 2001, Lecture Notes in Computer Science (Vol. 2248, pp. 52–66).
Juels, A., & Weis, S. (2005). Authenticating pervasive devices with human protocols. In Cryptology-ASIACRYPT 2005, Lecture Notes in Computer Science (Vol. 3621, pp. 293–308).
Gilbert, H., Robshaw, M., & Silbert, H. (2005). An active attack against \({\rm HB}^+\)-a provable secure lightweighted authentication protocol. Cryptology ePrint archive, report 2005/237. http://eprint.iacr.org. Accessed 14 Feb 2019.
Bringer, J., Chabanne, H., Dottax, E., & Chabanne, H. (2006). \({\rm HB}^{++}\): A lightweight authentication protocol secure against some attacks. In Proceedings of the second international workshop on security, privacy and trust in pervasive and ubiquitous computing (SecPerU06) (pp. 28–33).
Duc, D. N., & Kim, K. (2007). Securing \({\rm HB}^+\) against GRS man-in-the-middle attack. In Institute of Electronics. Information and Communication Engineers, Symposium on Cryptography and Information Security, Jan 23–26 2007.
Munilla, J., & Peinado, A. (2007). HP-MP: A further step in the HB-family of lightweight authentication protocols. Computer Networks, 51(9), 2262–2267.
Leng, X., Mayes, K., & Markantonakis, K. (2008). HB-\({\rm MP}^{+}\) protocol: An improvement on the HB-MP protocol. In IEEE international conference on RFID, Apr 16–17 2008 (pp. 118–124).
Gilbert, H., Robshaw, M. J., & Seurin, Y. (2008). Good variants of \({\rm HB}^{+}\) are hard to find. In Financial Cryptography and Data Security 2008, Lecture Notes in Computer Science (Vol. 5143, pp. 156–170).
Gilbert, H., Robshaw, M., & Seurin, Y. (2008). \({\rm HB}^{\#}\): Increasing the security and efficiency of \({\rm HB^+}\). In Cryptology-EUROCRYPT 2008, Lecture Notes in Computer Science (vol. 4965, pp. 361–387).
Ouafi, K., Overbock, R., & Vaudenay, S. (2008). On the security of \({\rm HB}^{\#}\) against a man-in-the-middle attack. In Cryptology-ASIACRYPT 2008, Lecture Notes in Computer Science (Vol. 5350, pp. 3108–124).
Bosley, C., Haralambiev, K., & Nicolosi, A. (2011). HBN: An HB-like protocol secure against man-in-the-middle attacks. Cryptology ePrint Archive, report 2011/350. http://eprint.iacr.org. Accessed 14 Feb 2019.
Rizomiliotis, P., & Gritzalis, S. (2012). \(\text{GHB}^{\#}\): A provably Secure HB-Like lightweight authentication protocol. In ACNS 2012, Lecture Notes in Computer Science (vol. 7341, pp. 489–506).
Aseeri, A., & Bamasag, O. (2016). Achieving protection against man-in-the-middle attack in HB family protocols implemented in RFID tags. International Journal of Pervasive Computing and Communications, 12(3), 375–390.
Li, Z., Gong, G., & Qin, Z. (2013). Secure and efficient LCMQ entity authentication protocol. IEEE Transactions on Information Theory, 59(6), 4042–4054.
Molnar, D., & Wagner, D. (2004). Privacy and security in library RFID: Issues, practices, and architectures. In ACM CCS 2004 (pp. 210–219).
Halevi, T., Saxena, N., & Halevi, S. (2011). Tree-based HB protocols for privacy-preserving authentication of RFID tags. Journal of Computer Security, 19(2), 343–363.
Deng, G., Li, H., Zhang, Y., & Wang, J. (2013). Tree-LS\({\rm HB}^{+}\): An LPN-based lightweight mutual authentication RFID protocol. Wireless Personal Communications, 72(1), 159–174.
Qian, X., Liu, X., Yang, S., & Zuo, C. (2014). Security and privacy analysis of Tree-LS\({\rm HB}^+\) protocol. Wireless Personal Communications, 77(4), 3125–3141.
Lei, M., Li, H., Liu, W., & Jin, D. (2017). Security analysis of the Qian et al. protocol: A revised Tree-LS\({\rm HB}^+\) protocol. Wireless Personal Communications, 96(1), 1083–1098.
Berlekamp, E. R., McEliece, R. J., & Tilborg, V. (1978). On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory, 24(3), 384–386.
Blum, A., Kalai, A., & Wasserman, H. (2003). Noise-tolerant learning, the parity problem, and the statistical query model. Journal of the ACM, 50(4), 506–519.
Zhang, B., Jiao, L., & Wang, M. (2016). Faster algorithms for solving LPN. In Cryptology-EUROCRYPT 2016, Lecture Notes in Computer Science (vol. 9665, pp. 168–195).
Krawczyk, H. (1994). LFSR-based hashing and authentication. In Cryptology-CRYPTO 1994, Lecture Notes in Computer Science (vol. 839, pp. 129–139).
Krawczyk, H. (1995). New hash functions for message authentication. In Cryptology-CRYPTO 1995, Lecture Notes in Computer Science (vol. 921, pp. 301–310).
Acknowledgements
This work was supported by the National Key Research and Development Program of China (2017YFB0802500) and National Natural Science Foundation of China (61572485, U1536205).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Li, X., Xu, J. & Zhang, Z. Revisiting the Security of Qian et al.’s Revised Tree-\(\hbox {LSHB}^+\) Protocol. Wireless Pers Commun 106, 321–343 (2019). https://doi.org/10.1007/s11277-019-06164-w
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-019-06164-w