1 / 21

GHB#: A Provably Secure HB-like Lightweight Authentication Protocol

GHB#: A Provably Secure HB-like Lightweight Authentication Protocol. Panagiotis Rizomiliotis and Stefanos Gritzalis Dept. of Information and Communication Systems Engineering University of the Aegean, Greece. Contents. Motivation - RFID The HB family The HB# protocol Design Security

holly-pope
Download Presentation

GHB#: A Provably Secure HB-like Lightweight Authentication Protocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. GHB#: A Provably Secure HB-like Lightweight Authentication Protocol PanagiotisRizomiliotis and StefanosGritzalis Dept. of Information and Communication Systems Engineering University of the Aegean, Greece ACNS 2012

  2. Contents • Motivation - RFID • The HB family • The HB# protocol • Design • Security • The GHB# protocol • Design • Security • Implementation issues • Conclusions ACNS 2012

  3. Motivation - RFID • Radio Frequency Identification • A technology that enables the electronic and wireless labeling and identification of objects, humans and animals • Replaces barcodes • Electronic device that can store and transmit data to a reader in a contactless manner using radio waves • Microchip • Antenna ACNS 2012

  4. Conveyor Belt Handheld Point of Sale Forklift Applications • Practically everywhere Credit Card Auto Immobilizers Automated Vehicle Id Animal Tracking Dock Door Electronic Identity Smart Shelves ACNS 2012

  5. Main Challenges • Security • Confidentiality of stored data • Integrity/authenticity • Impersonation • Privacy • Anonymity • Untraceability Normally, cryptography can solve all these problems. Restrictions: • Low cost • Limited hardware and energy We need new lightweight algorithms!! ACNS 2012

  6. The HB family of protocols • A set of ultra-lightweight authentication protocols initiated by Hopper and Blum’s work (the HB protocol) proposed initially for human identification • Then proposed for RFID tags • Based on the LPN problem ACNS 2012

  7. The HB family • HB (2001) • HB+ (2005) • HB++ (2006) • HB-MP (2007) • HB-MP+(2008) • HB* (2007) • HB# (2008) • Subspace LPN based protocols (2011) ACNS 2012

  8. Three attack models (1/3) • PASSIVE-model • Eavesdrop Tag-Reader • Impersonate the Tag • DET – model • Interrogate the Tag (Reader is not present) • Impersonate the Tag • MIM – model • Modify the messages between Tag-Reader (SOS – learn to authentication result) • Impersonate the Tag • GRS-attack: Modify only the messages send by the Reader ACNS 2012

  9. Three attack models (2/3)DET-model ACNS 2012

  10. Three attack models (3/3)MIM-model • GRS-attack when ONLY bi can be modified ACNS 2012

  11. The HB# protocol • Gilbert, H., Robshaw, M., Seurin, Y.: HB#: Increasing the Security and Efficiency of HB+. In: Proceedings of Eurocrypt, Springer LNCS, vol. 4965, pp. 361-378, (2008) • Random-HB#: X,Y random • HB#: X,Y Toeplitz Matrices ACNS 2012

  12. The HB# protocol’s security • Based on MHB: an extension of the HB puzzle • HB# is secure against the PASSIVE, DET, GRS-attack • There is a MIM attack • Ouafi, K., Overbeck, R., Vaudenay, S.: On the Security of HB# against a Man-in-the-Middle Attack. In: Proceedings of Asiacrypt, Springer LNCS, vol. 5350, pp.108-124 (2008) ACNS 2012

  13. Vectorial Boolean Functions Vectorial Boolean Functions with m inputs and n outputs: ACNS 2012

  14. Gold Boolean Functions • Gold, R.: Maximal recursive sequences with 3-valued recursive crosscorrelation functions. IEEE Transactions on Information Theory, vol. 14, pp. 154-156, 1968 • Power functions on a field where • Algebraic Degree = 2 • Balanced • APN • High nonlinearity ACNS 2012

  15. The GHB# protocol • Modify the HB# Φ is a Gold Boolean function! ACNS 2012

  16. Complexity and other issues • Practically the same the behavior as the HB# protocol • False acceptance rate • False rejection rate • Storage complexity. The memory cost for the tag; i.e. the storage for the two secret matrices, is (kX +kY)m bits. • Communication complexity. The protocol requires (kX +kY + m) bits to be transferred in total. ACNS 2012

  17. Security analysis • Provably PASSIVE, DET and MIM secure • It is based on the MHB puzzle like the HB# • (Actually, similarly to the HB# proofs our reduction uses rewinding) • The resistance against the MIM attacks is due to the APN property of the Gold function ACNS 2012

  18. Intuitive approach • From the presentation of Ouafi, K., Overbeck, R., Vaudenay, S.: On the Security of HB# against a Man-in-the-Middle Attack. In: Proceedings of Asiacrypt, Springer LNCS, vol. 5350, pp.108-124 (2008) • HB# Estimation of the acceptance rate • GHB# • The acceptance rate is random! Remember Φ is APN!!!!! ACNS 2012

  19. Implementation Issues • Implementation of the Gold function • Optimal normal basis • Requires 2m + 1 AND gates and 2m XOR gates. • Complexity Comparison between GHB# and HB#. ACNS 2012

  20. Conclusions • RFID need ultra-lightweight protocols • The HB family is the most promising candidate • GHB# is provably secure • It has the pros and cons of HB# • Further research is needed to improve implementation complexity ACNS 2012

  21. Thank you for your attention Questions?? ACNS 2012

More Related