Practical attacks on HB and HB+ protocols

Authors:
Zbigniew Gołebiewski;Krzysztof Majcher;Filip Zagórski;Marcin Zawada
Affiliations:
Institute of Mathematics and Computer Science, Wroclaw University of Technology;Institute of Mathematics and Computer Science, Wroclaw University of Technology;Institute of Mathematics and Computer Science, Wroclaw University of Technology;Institute of Mathematics and Computer Science, Wroclaw University of Technology
Venue:
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Year:
2011

Citing 12
Cited 2

Secure Human Identification Protocols

ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Noise-tolerant learning, the parity problem, and the statistical query model

Journal of the ACM (JACM)
HB-MP: A further step in the HB-family of lightweight authentication protocols

Computer Networks: The International Journal of Computer and Telecommunications Networking
Good Variants of HB + Are Hard to Find

Financial Cryptography and Data Security
Attacks on CKK Family of RFID Authentication Protocols

ADHOC-NOW '08 Proceedings of the 7th international conference on Ad-hoc, Mobile and Wireless Networks
On the Security of HB# against a Man-in-the-Middle Attack

ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Privacy Protection for RFID with Hidden Subset Identifiers

Pervasive '08 Proceedings of the 6th International Conference on Pervasive Computing
HB#: increasing the security and efficiency of HB+

EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Extending match-on-card to local biometric identification

BioID_MultiComm'09 Proceedings of the 2009 joint COST 2101 and 2102 international conference on Biometric ID management and multimodal communication
The parity problem in the presence of noise, decoding random linear codes, and the subset sum problem

APPROX'05/RANDOM'05 Proceedings of the 8th international workshop on Approximation, Randomization and Combinatorial Optimization Problems, and Proceedings of the 9th international conference on Randamization and Computation: algorithms and techniques
Authenticating pervasive devices with human protocols

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
An improved LPN algorithm

SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks

Security problems of systems of extremely weak devices

Annales UMCS, Informatica - Security Systems
Hidden bits approach for authentication in RFID systems

RFIDSec'12 Proceedings of the 8th international conference on Radio Frequency Identification: security and privacy issues

Quantified Score

Hi-index	0.00

Visualization

Abstract

HB and HB+ are a shared secret-key authentication protocols designed for low-cost devices such as RFID tags. HB+ was proposed by Juels and Weis at Crypto 2005. The security of the protocols relies on the "learning parity with noise,,(LPN) problem, which was proven to be NP-hard. The best known attack on LPN by Levieil and Fouque [13] requires sub-exponential number of samples and sub-exponential number of operations, which makes that attack impractical for the RFID scenario (one cannot assume to collect exponentially-many observations of the protocol execution). We present a passive attack on HB protocol in detection-based model which requires only linear (in the length of a secret key) number of samples. Number of performed operations is exponential, but attack is efficient for some real-life values of the parameters, i. e. noise 1/8 and key length 152-bits. Passive attack on HB can be transformed into active one on HB+.