research-article

Revisiting lightweight authentication protocols based on hard learning problems

Authors:

Panagiotis Rizomiliotis,

Stefanos GritzalisAuthors Info & Claims

WiSec '13: Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks

Pages 125 - 130

https://doi.org/10.1145/2462096.2462118

Published: 17 April 2013 Publication History

Abstract

At the 2011 Eurocrypt, Kiltz et al., in their best paper price awarded paper, proposed an ultra-lightweight authentication protocol, called AUTH. This new protocol is supported by a delegated security proof, against passive and active attacks, based on the conjectured hardness of the Learning Parity with Noise (LPN) problem. However, AUTH has two shortcomings. The security proof does not include man-in-the-middle (MIM) attacks and the communication complexity is high. The weakness against MIM attacks was recently verified as a very efficient key recovery MIM attack was introduced with only linear complexity with respect to the length of the secret key. Regarding the communication overhead, Kiltz et al. proposed a modified version of AUTH where the communication complexity is reduced at the expense of higher storage complexity. This modified protocol was shown to be at least as secure as AUTH.

In this paper, we revisit the security of AUTH and we show, somehow surprisingly, that its communication efficient version is secure against the powerful MIM attacks. This issue was left as an open problem by Kiltz et al. We provide a security proof that is based on the hardness of the LPN problem to support our security analysis.

References

[1]

D. Angluin and P. Laird. Learning from Noisy Examples. Machine Learning, vol. 2(4), 1987, pp. 343--370.

Digital Library

[2]

G. Avoine. RFID Security and Privacy Lounge. The list of papers is available at http://www.avoine.net/rfid/download/bib/bibliographyrfid.pdf.

[3]

E. R. Berlekamp, R. J. McEliece, V. Tilborg. On the Inherent Intractability of Certain Coding Problem. IEEE Transactions on Information Theory,vol. 24, 1978, pp. 384--386.

Digital Library

[4]

A. Blum, A. Kalai, and H. Wasserman. Noise-Tolerant Learning, the Parity Problem, and the Statistical Query Model. Journal of the ACM, vol. 4, 2003, pp. 506--519.

Digital Library

[5]

J. Bringer, H. Chabanne, EH. Dottax. HB++: a Lightweight Authentication Protocol Secure against Some Attacks. In Proc. of the IEEE Int. Conference on Pervasive Sevices, Workshop - SecPerU, 2006.

Digital Library

[6]

J. Bringer, H. Chabanne. Trusted-HB: A Low-Cost Version of HB Secure Against Man-in-the-Middle AttackHB++. IEEE Transactions on Information Theory, vol. 54, 2008, pp. 4339--4342.

Digital Library

[7]

C. Bosley, K. Haralambiev, A. Nicolosi. HBN: An HB-like protocol secure against man-in-the-middle attacks. Cryptology ePrint Archive, Report 2011/350 (2011), http://eprint.iacr.org.

[8]

D.N. Duc and K. Kim. Securing HB+ against GRS Man-in-the-Middle Attack. In Proc. of the Symp. on Cryptography and Information Security, 2007.

[9]

M.P.C. Fossorier, M.J. Mihaljevic, H. Imai, Y. Cui, and K. Matsuura. A Novel Algorithm for Solving the LPN Problem and its Apllication to Security Evalucation of the HB Protocol for RFID Authentication. Cryptology ePrint Archive, Report 2006/197, http://eprint.iacr.org, 2006.

[10]

H. Gilbert, M. Robshaw, and Y. Silbert. An Active Attack against HB+-a Provable Secure Lightweighted Authentication Protocol. Cryptology ePrint Archive, Report 2005/237, http://eprint.iacr.org, 2005.

[11]

H. Gilbert, M. Robshaw, and Y. Silbert. HB#: Increasing the Security and Efficiency of HB+. In Proc. of Eurocrypt, Springer LNCS, vol. 4965, 2008, pp. 361--378.

Digital Library

[12]

H. Gilbert, M. Robshaw, and Y.Seurin. How to Encrypt with the LPN Problem. In Proc. of ICALP '08, LNCS 5126, 2008, pp. 679--690.

Digital Library

[13]

J. Hastad. Some Optimal Inapproximability Results. J. ACM, vol. 48 (4), 2001, pp. 798--859.

Digital Library

[14]

N.J. Hopper, and M., Blum. Secure Human Identification Protocols. In Proc. of Asiacrypt, Springer LNCS, vol. 2248, 2001, pp. 52--66.

Digital Library

[15]

A, Juels, and S.A. Weis. Authenticating Pervasive Devices with Human Protocols. In Proc. of Crypto, Springer LNCS, vol. 3126, 2005, pp. 293--308.

Digital Library

[16]

A. Jain, S. Krenn, K. Pietrzak and Aris Tentes. Commitments and Efficient Zero-Knowledge Proofs from Hard Learning Problems. In Proc. of Asiacrypt, Springer LNCS, vol. 7658, 2012, pp. 663--680.

Digital Library

[17]

J. Katz, and A. Smith. Analyzing the HB and HB+ Protocols in the Large Error Case. Cryptology ePrint Archive, Report 2006/326, http://eprint.iacr.org/, 2006.

[18]

J. Katz, and J. Shin. Parallel and Concurrent Security of the HB and HB+ Protocols. Journal of Cryptology, vol. 23, 2010, pp. 402--421.

Digital Library

[19]

E. Kiltz, K. Pietrzak, D. Cash, A. Jain, and D. Venturi. Efficient Authentication from Hard Learning Problems. In Proc. of Eurocrypt, Springer LNCS, vol. 6632, 2011, pp. 7--26.

Digital Library

[20]

M. Kearns. Efficient noise-tolerant learning from statistical queries. In Proc. of the 25th ACM Symposium on Theory of Computing, 1993, pp. 392--401.

Digital Library

[21]

X. Leng, K. Mayes, and K. Markantonakis. HP-MP+: An Improvement on the HB-MP Protocol. In Proc. of the IEEE Int. Conference on RFID 2008, IEEE Press, 2008, pp. 118--124.

[22]

J. Munilla, and A. Peinado. HP-MP: A Further Step in the HB-family of Lightweight authentication protocols. Computer Networks, Elsevier, vol. 51, 2007, pp. 2262--2267.

Digital Library

[23]

E. Levieil, and P.A. Fouque. An improved LPN Algorithm. In Proc. of SCN, Springer LNCS 4116, 2006, pp. 348--359.

Digital Library

[24]

K. Ouafi, R. Overbeck, V. Vaudenay. On the Security of HB# against a Man-in-the-Middle Attack. In Proc. of Asiacrypt, Springer LNCS, vol. 5350, 2008, pp. 108--124.

Digital Library

[25]

K. Pietrzak. Subspace LWE. 2010. Manuscript available at http://homepages.cwi.nl/pietrzak/publications/SLWE.pdf.

[26]

S. Piramuthu. HB and Related Lightweight Authentication Protocols for Secure RFID Tag/Reader Authentication. In Proc. of CollECTeR Europe Conference, Basel, Switzerland, 2006.

[27]

O. Regev. On Lattices, Learning with Errors, Random Linear Codes, and Cryptography. In Proc. of STOC, ACM, 2005, pp. 84--93.

Digital Library

[28]

P. Rizomiliotis. HB-MAC: Improving the Random - HB# Authentication Protocol. In Proc. of the 6th International Conference on Trust, Privacy and Security in Digital Business (TrustBus), Springer, LNCS 5695, 2009, pp. 159--168.

Digital Library

[29]

P. Rizomiliotis and S. Gritzalis. On the security of AUTH, a provably secure authentication protocol based on the subspace LPN problem. Accepted for publication in the Int. J. of Inform. Security, 2012.

Cited By

Zhang M(2019)On the Relation Between Security Models for HB-like Symmetric Key Authentication ProtocolsAdvances in Information and Communication10.1007/978-3-030-12385-7_63(935-950)Online publication date: 2-Feb-2019
https://doi.org/10.1007/978-3-030-12385-7_63
Endo KKunihiro N(2014)On the Security Proof of an Authentication Protocol from Eurocrypt 2011Advances in Information and Computer Security10.1007/978-3-319-09843-2_15(187-203)Online publication date: 2014
https://doi.org/10.1007/978-3-319-09843-2_15

Index Terms

Revisiting lightweight authentication protocols based on hard learning problems
1. Information systems
  1. World Wide Web
    1. Web applications
      1. Internet communications tools

Recommendations

Strongly secure identity-based authenticated key agreement protocols without bilinear pairings

In this paper, we present two strongly secure pairing-free identity-based (ID-based) two-party authenticated key agreement (AKA) protocols achieving implicit authentication, which are proven secure in the extended Canetti-Krawczyk (eCK) model. The ...
A New ID-Based Deniable Authentication Protocol

Deniable authenticated protocol is a new cryptographic authentication protocol that enables a designated receiver to identify the source of a given message without being able to prove the identity of the sender to a third party. Therefore, it can be ...
Provably Secure Identity-Based Undeniable Signatures with Selective and Universal Convertibility
Information Security and Cryptology

In this paper, we present <em>the first</em>concrete example of identity-based undeniable signature <em>with</em>selective and universal convertibility, where the signer can release a selective proof to make a single undeniable signature publicly ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '13: Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks

April 2013

230 pages

ISBN:9781450319980

DOI:10.1145/2462096

General Chair:
Levente Buttyán
Budapest University of Technology and Economics, Hungary
,
Program Chairs:
Ahmad-Reza Sadeghi
Technische Universitaet Darmstadt, Fraunhofer SIT, Intel-CRISC, Germany
,
Marco Gruteser
Rutgers University, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

In-Cooperation

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 April 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WISEC'13

Sponsor:

SIGSAC

WISEC'13: Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks

April 17 - 19, 2013

Budapest, Hungary

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
226
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhang M(2019)On the Relation Between Security Models for HB-like Symmetric Key Authentication ProtocolsAdvances in Information and Communication10.1007/978-3-030-12385-7_63(935-950)Online publication date: 2-Feb-2019
https://doi.org/10.1007/978-3-030-12385-7_63
Endo KKunihiro N(2014)On the Security Proof of an Authentication Protocol from Eurocrypt 2011Advances in Information and Computer Security10.1007/978-3-319-09843-2_15(187-203)Online publication date: 2014
https://doi.org/10.1007/978-3-319-09843-2_15

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten