Un-Trusted-HB: Security Vulnerabilities of Trusted-HB

With increased use of passive RFID tags, the need for secure lightweight identification protocols arose. HB+ is one such protocol, which was proven secure in the detection-based model, but shown breakable by man-in-the-middle attacks. Trusted-HB is a variant of HB+, specifically designed to resist man-in-the-middle attacks. In this paper, we discuss several weaknesses of Trusted-HB, show that the formal security proof provided by its designers is incorrect, and demonstrate how to break it in realistic scenarios.

[1]  Jonathan Katz,et al.  Analyzing the HB and HB+ Protocols in the "Large Error" Case , 2006, IACR Cryptol. ePrint Arch..

[2]  Julien Bringer,et al.  Trusted-HB: A Low-Cost Version of HB $^+$ Secure Against Man-in-the-Middle Attacks , 2008, IEEE Transactions on Information Theory.

[3]  Serge Vaudenay,et al.  On the Security of HB# against a Man-in-the-Middle Attack , 2008, ASIACRYPT.

[4]  Yannick Seurin,et al.  Good Variants of HB+ Are Hard to Find , 2008, Financial Cryptography.

[5]  Manuel Blum,et al.  Secure Human Identification Protocols , 2001, ASIACRYPT.

[6]  Johan Håstad,et al.  Some optimal inapproximability results , 2001, JACM.

[7]  Noam Nisan,et al.  The computational complexity of universal hashing , 1990, Proceedings Fifth Annual Structure in Complexity Theory Conference.

[8]  Éric Levieil,et al.  An Improved LPN Algorithm , 2006, SCN.

[9]  Y. Peres Iterating Von Neumann's Procedure for Extracting Random Bits , 1992 .

[10]  Adi Shamir,et al.  Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations , 2000, EUROCRYPT.

[11]  Zbigniew Golebiewski,et al.  Practical Attacks on HB and HB+ Protocols , 2008, IACR Cryptol. ePrint Arch..

[12]  Matthew J. B. Robshaw,et al.  An Active Attack Against HB +-A Provably Secure Lightweight Authentication Protocol , 2022 .

[13]  Jonathan Katz,et al.  Parallel and Concurrent Security of the HB and HB+ Protocols , 2006, EUROCRYPT.

[14]  Xuefei Leng,et al.  HB-MP+ Protocol: An Improvement on the HB-MP Protocol , 2008, 2008 IEEE International Conference on RFID.

[15]  Jonathan Katz Efficient Cryptographic Protocols Based on the Hardness of Learning Parity with Noise , 2007, IMACC.

[16]  Hideki Imai,et al.  An Algorithm for Solving the LPN Problem and Its Application to Security Evaluation of the HB Protocols for RFID Authentication , 2006, INDOCRYPT.

[17]  Kwangjo Kim,et al.  Securing HB+ against GRS Man-in-the-Middle Attack , 2007 .

[18]  Julien Bringer,et al.  HB^+^+: a Lightweight Authentication Protocol Secure against Some Attacks , 2006, Second International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU'06).

[19]  Adi Shamir SQUASH - A New MAC with Provable Security Properties for Highly Constrained Devices Such as RFID Tags , 2008, FSE.

[20]  Vadim Lyubashevsky,et al.  The Parity Problem in the Presence of Noise, Decoding Random Linear Codes, and the Subset Sum Problem , 2005, APPROX-RANDOM.

[21]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[22]  Selwyn Piramuthu,et al.  HB and Related Lightweight Authentication Protocols for Secure RFID Tag/Reader Authentication , 2006 .

[23]  Hugo Krawczyk,et al.  LFSR-based Hashing and Authentication , 1994, CRYPTO.

[24]  Jorge Munilla,et al.  HB-MP: A further step in the HB-family of lightweight authentication protocols , 2007, Comput. Networks.

[25]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[26]  Yannick Seurin,et al.  HB#: Increasing the Security and Efficiency of HB+ , 2008, EUROCRYPT.

[27]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[28]  Antoine Joux,et al.  Fast Correlation Attacks: An Algorithmic Point of View , 2002, EUROCRYPT.

[29]  Berk Sunar,et al.  Unclonable Lightweight Authentication Scheme , 2008, ICICS.

[30]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.