Abstract : HB and HB+ are a shared secret-key authentication protocols designed for low-cost devices such as RFID tags. HB+ was proposed by Juels and Weis at Crypto 2005. The security of the protocols relies on the “learning parity with noise” (LPN) problem, which was proven to be NP-hard.The best known attack on LPN by Levieil and Fouque [13] requires sub-exponential number of samples and sub-exponential number of operations, which makes that attack impractical for the RFID scenario (one cannot assume to collect exponentially-many observations of the protocol execution).We present a passive attack on HB protocol in detection-based model which requires only linear (in the length of a secret key) number of samples. Number of performed operations is exponential, but attack is efficient for some real-life values of the parameters, i. e. noise $\frac{1}{8}$ and key length 152-bits. Passive attack on HB can be transformed into active one on HB+.
Claudio A. Ardagna; Jianying Zhou. 5th Workshop on Information Security Theory and Practices (WISTP), Jun 2011, Heraklion, Crete, Greece. Springer, Lecture Notes in Computer Science, LNCS-6633, pp.244-253, 2011, Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication. 〈10.1007/978-3-642-21040-2_17〉
https://hal.inria.fr/hal-01573292
Contributeur : Hal Ifip
<>
Soumis le : mercredi 9 août 2017 - 10:24:16
Dernière modification le : mercredi 9 août 2017 - 10:25:13
Zbigniew Gołębiewski, Krzysztof Majcher, Filip Zagórski, Marcin Zawada. Practical Attacks on HB and HB+ Protocols. Claudio A. Ardagna; Jianying Zhou. 5th Workshop on Information Security Theory and Practices (WISTP), Jun 2011, Heraklion, Crete, Greece. Springer, Lecture Notes in Computer Science, LNCS-6633, pp.244-253, 2011, Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication. 〈10.1007/978-3-642-21040-2_17〉. 〈hal-01573292〉
