University of Surrey

Test tubes in the lab Research in the ATI Dance Research

Breaking and Fixing the HB+DB protocol

Boureanu, Ioana, Gerault, D, Lafourcade, P and Onete, C (2017) Breaking and Fixing the HB+DB protocol In: 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, July 18 - 20 , 2017, Boston, USA.

[img]
Preview
Text
HB+DB-oo.pdf - Accepted version Manuscript

Download (421kB) | Preview
[img] Text
blog-short.pdf - Version of Record
Restricted to Repository staff only

Download (642kB)

Abstract

HB+ is a lightweight authentication scheme, which is secure against passive attacks if the Learning Parity with Noise Prob- lem (LPN) is hard. However, HB+ is vulnerable to a key- recovery, man-in-the-middle (MiM) attack dubbed GRS. The HB+DB protocol added a distance-bounding dimension to HB+, and was experimentally proven to resist the GRS attack. We exhibit several security flaws in HB+DB. First, we refine the GRS strategy to induce a different key-recovery MiM attack, not deterred by HB+DB's distance bounding. Second, we prove HB+DB impractical as a secure distance-bounding (DB) protocol, as its DB security-levels scale poorly compared to other DB protocols. Third, we refute that HB+DB's security against passive attackers relies on the hardness of LPN; more-over, (erroneously) requiring such hardness lowers HB+DB's efficiency and security. We also propose a new distance-bounding protocol called BLOG. It retains parts of HB+DB, yet BLOG is provably secure and enjoys better (asymptotical) security.

Item Type: Conference or Workshop Item (Conference Paper)
Divisions : Faculty of Engineering and Physical Sciences > Computing Science
Authors :
NameEmailORCID
Boureanu, Ioanai.boureanu@surrey.ac.ukUNSPECIFIED
Gerault, DUNSPECIFIEDUNSPECIFIED
Lafourcade, PUNSPECIFIEDUNSPECIFIED
Onete, CUNSPECIFIEDUNSPECIFIED
Date : July 2017
Identification Number : 10.1145/3098243.3098263
Copyright Disclaimer : © ACM 2017. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record will be published in ACM WiSec 2017 Proceedings http://dx.doi.org/10.1145/10.1145/3098243.3098263
Related URLs :
Depositing User : Melanie Hughes
Date Deposited : 21 Jun 2017 11:36
Last Modified : 26 Jul 2017 10:56
URI: http://epubs.surrey.ac.uk/id/eprint/841449

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year


Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800