University of Surrey

Test tubes in the lab Research in the ATI Dance Research

Breaking and Fixing the HB+DB protocol

Boureanu, Ioana, Gerault, D, Lafourcade, P and Onete, C (2017) Breaking and Fixing the HB+DB protocol In: 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, July 18 - 20 , 2017, Boston, USA.

HB+DB-oo.pdf - Accepted version Manuscript

Download (421kB) | Preview
[img] Text
blog-short.pdf - Version of Record
Restricted to Repository staff only

Download (642kB)


HB+ is a lightweight authentication scheme, which is secure against passive attacks if the Learning Parity with Noise Prob- lem (LPN) is hard. However, HB+ is vulnerable to a key- recovery, man-in-the-middle (MiM) attack dubbed GRS. The HB+DB protocol added a distance-bounding dimension to HB+, and was experimentally proven to resist the GRS attack. We exhibit several security flaws in HB+DB. First, we refine the GRS strategy to induce a different key-recovery MiM attack, not deterred by HB+DB's distance bounding. Second, we prove HB+DB impractical as a secure distance-bounding (DB) protocol, as its DB security-levels scale poorly compared to other DB protocols. Third, we refute that HB+DB's security against passive attackers relies on the hardness of LPN; more-over, (erroneously) requiring such hardness lowers HB+DB's efficiency and security. We also propose a new distance-bounding protocol called BLOG. It retains parts of HB+DB, yet BLOG is provably secure and enjoys better (asymptotical) security.

Item Type: Conference or Workshop Item (Conference Paper)
Divisions : Faculty of Engineering and Physical Sciences > Computer Science
Authors :
Gerault, D
Lafourcade, P
Onete, C
Date : 18 July 2017
DOI : 10.1145/3098243.3098263
Copyright Disclaimer : © ACM 2017. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record will be published in ACM WiSec 2017 Proceedings
Related URLs :
Depositing User : Melanie Hughes
Date Deposited : 21 Jun 2017 11:36
Last Modified : 16 Aug 2019 14:11

Actions (login required)

View Item View Item


Downloads per month over past year

Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800