UMAC: Fast and Secure Message Authentication
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Energy Scalable Universal Hashing
IEEE Transactions on Computers
HB^+^+: a Lightweight Authentication Protocol Secure against Some Attacks
SECPERU '06 Proceedings of the Second International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing
HB-MP: A further step in the HB-family of lightweight authentication protocols
Computer Networks: The International Journal of Computer and Telecommunications Networking
Cryptanalysis of Two Lightweight RFID Authentication Schemes
PERCOMW '07 Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications Workshops
PRESENT: An Ultra-Lightweight Block Cipher
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
HB#: increasing the security and efficiency of HB+
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Authenticating pervasive devices with human protocols
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Parallel and concurrent security of the HB and HB+ protocols
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Public key cryptography and RFID tags
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
How to Encrypt with the LPN Problem
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
On the Security of HB# against a Man-in-the-Middle Attack
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Anonymizer-Enabled Security and Privacy for RFID
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Two Attacks against the Ff RFID Protocol
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
Lightweight privacy preserving authentication for RFID using a stream cipher
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Efficient authentication from hard learning problems
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Practical attacks on HB and HB+ protocols
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Security problems of systems of extremely weak devices
Annales UMCS, Informatica - Security Systems
GHB#: a provably secure HB-like lightweight authentication protocol
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
A secure and private RFID authentication protocol under SLPN problem
NSS'12 Proceedings of the 6th international conference on Network and System Security
Hidden bits approach for authentication in RFID systems
RFIDSec'12 Proceedings of the 8th international conference on Radio Frequency Identification: security and privacy issues
Hi-index | 0.00 |
The strikingly simple HB+protocol of Juels and Weis [11] has been proposed for the authentication of low-cost RFID tags. As well as being computationally efficient, the protocol is accompanied by an elegant proof of security. After its publication, Gilbert et al.[8] demonstrated a simple man-in-the-middle attack that allowed an attacker to recover the secret authentication keys. (The attack does not contradict the proof of security since the attacker lies outside the adversarial model.) Since then a range of schemes closely related to HB+have been proposed and these are intended to build on the security of HB+while offering resistance to the attack of [8]. In this paper we show that many of these variants can still be attacked using the techniques of [8] and the original HB+protocol remains the most attractive member of the HB+family.