Wireless Personal Communications

, Volume 106, Issue 2, pp 321–343 | Cite as

Revisiting the Security of Qian et al.’s Revised Tree-\(\hbox {LSHB}^+\) Protocol

  • Xinyu LiEmail author
  • Jing Xu
  • Zhenfeng Zhang


Due to the limited computation and memory capabilities of the identification tags, RFID systems are susceptible to various attacks. In 2014, a lightweight mutual authentication RFID protocol that supports key update was proposed by Qian et al., and it was claimed to be secure against several known attacks. In this paper, however, we show that their protocol cannot resist key recovery attack, where an adversary, after interacting with the tag several times, can recover the authentication keys of the system in polynomial time with non-negligible probability. Additionally, we also prove that their protocol cannot provide strong backward security or strong forward security: an adversary who has compromised some continuous authentication keys, can successfully recover all the future authentication keys and some of the previous authentication keys, which completely breaks the security of the authentication protocol. We then propose a new protocol which provides key recovery resilience, both strong backward security and strong forward security, and also resistance against various known types of attacks.


RFID Security HB family Tree-based Mutual authentication 



This work was supported by the National Key Research and Development Program of China (2017YFB0802500) and National Natural Science Foundation of China (61572485, U1536205).


  1. 1.
    Hopper, N. J., & Blum, M. (2001). Secure human identification protocols. In Cryptology-ASIACRYPT 2001, Lecture Notes in Computer Science (Vol. 2248, pp. 52–66).Google Scholar
  2. 2.
    Juels, A., & Weis, S. (2005). Authenticating pervasive devices with human protocols. In Cryptology-ASIACRYPT 2005, Lecture Notes in Computer Science (Vol. 3621, pp. 293–308).Google Scholar
  3. 3.
    Gilbert, H., Robshaw, M., & Silbert, H. (2005). An active attack against \({\rm HB}^+\)-a provable secure lightweighted authentication protocol. Cryptology ePrint archive, report 2005/237. Accessed 14 Feb 2019.
  4. 4.
    Bringer, J., Chabanne, H., Dottax, E., & Chabanne, H. (2006). \({\rm HB}^{++}\): A lightweight authentication protocol secure against some attacks. In Proceedings of the second international workshop on security, privacy and trust in pervasive and ubiquitous computing (SecPerU06) (pp. 28–33).Google Scholar
  5. 5.
    Duc, D. N., & Kim, K. (2007). Securing \({\rm HB}^+\) against GRS man-in-the-middle attack. In Institute of Electronics. Information and Communication Engineers, Symposium on Cryptography and Information Security, Jan 23–26 2007.Google Scholar
  6. 6.
    Munilla, J., & Peinado, A. (2007). HP-MP: A further step in the HB-family of lightweight authentication protocols. Computer Networks, 51(9), 2262–2267.zbMATHCrossRefGoogle Scholar
  7. 7.
    Leng, X., Mayes, K., & Markantonakis, K. (2008). HB-\({\rm MP}^{+}\) protocol: An improvement on the HB-MP protocol. In IEEE international conference on RFID, Apr 16–17 2008 (pp. 118–124).Google Scholar
  8. 8.
    Gilbert, H., Robshaw, M. J., & Seurin, Y. (2008). Good variants of \({\rm HB}^{+}\) are hard to find. In Financial Cryptography and Data Security 2008, Lecture Notes in Computer Science (Vol. 5143, pp. 156–170).Google Scholar
  9. 9.
    Gilbert, H., Robshaw, M., & Seurin, Y. (2008). \({\rm HB}^{\#}\): Increasing the security and efficiency of \({\rm HB^+}\). In Cryptology-EUROCRYPT 2008, Lecture Notes in Computer Science (vol. 4965, pp. 361–387).Google Scholar
  10. 10.
    Ouafi, K., Overbock, R., & Vaudenay, S. (2008). On the security of \({\rm HB}^{\#}\) against a man-in-the-middle attack. In Cryptology-ASIACRYPT 2008, Lecture Notes in Computer Science (Vol. 5350, pp. 3108–124).Google Scholar
  11. 11.
    Bosley, C., Haralambiev, K., & Nicolosi, A. (2011). HBN: An HB-like protocol secure against man-in-the-middle attacks. Cryptology ePrint Archive, report 2011/350. Accessed 14 Feb 2019.
  12. 12.
    Rizomiliotis, P., & Gritzalis, S. (2012). \(\text{GHB}^{\#}\): A provably Secure HB-Like lightweight authentication protocol. In ACNS 2012, Lecture Notes in Computer Science (vol. 7341, pp. 489–506).Google Scholar
  13. 13.
    Aseeri, A., & Bamasag, O. (2016). Achieving protection against man-in-the-middle attack in HB family protocols implemented in RFID tags. International Journal of Pervasive Computing and Communications, 12(3), 375–390.CrossRefGoogle Scholar
  14. 14.
    Li, Z., Gong, G., & Qin, Z. (2013). Secure and efficient LCMQ entity authentication protocol. IEEE Transactions on Information Theory, 59(6), 4042–4054.MathSciNetzbMATHCrossRefGoogle Scholar
  15. 15.
    Molnar, D., & Wagner, D. (2004). Privacy and security in library RFID: Issues, practices, and architectures. In ACM CCS 2004 (pp. 210–219).Google Scholar
  16. 16.
    Halevi, T., Saxena, N., & Halevi, S. (2011). Tree-based HB protocols for privacy-preserving authentication of RFID tags. Journal of Computer Security, 19(2), 343–363.CrossRefGoogle Scholar
  17. 17.
    Deng, G., Li, H., Zhang, Y., & Wang, J. (2013). Tree-LS\({\rm HB}^{+}\): An LPN-based lightweight mutual authentication RFID protocol. Wireless Personal Communications, 72(1), 159–174.CrossRefGoogle Scholar
  18. 18.
    Qian, X., Liu, X., Yang, S., & Zuo, C. (2014). Security and privacy analysis of Tree-LS\({\rm HB}^+\) protocol. Wireless Personal Communications, 77(4), 3125–3141.CrossRefGoogle Scholar
  19. 19.
    Lei, M., Li, H., Liu, W., & Jin, D. (2017). Security analysis of the Qian et al. protocol: A revised Tree-LS\({\rm HB}^+\) protocol. Wireless Personal Communications, 96(1), 1083–1098.CrossRefGoogle Scholar
  20. 20.
    Berlekamp, E. R., McEliece, R. J., & Tilborg, V. (1978). On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory, 24(3), 384–386.MathSciNetzbMATHCrossRefGoogle Scholar
  21. 21.
    Blum, A., Kalai, A., & Wasserman, H. (2003). Noise-tolerant learning, the parity problem, and the statistical query model. Journal of the ACM, 50(4), 506–519.MathSciNetzbMATHCrossRefGoogle Scholar
  22. 22.
    Zhang, B., Jiao, L., & Wang, M. (2016). Faster algorithms for solving LPN. In Cryptology-EUROCRYPT 2016, Lecture Notes in Computer Science (vol. 9665, pp. 168–195).Google Scholar
  23. 23.
    Krawczyk, H. (1994). LFSR-based hashing and authentication. In Cryptology-CRYPTO 1994, Lecture Notes in Computer Science (vol. 839, pp. 129–139).Google Scholar
  24. 24.
    Krawczyk, H. (1995). New hash functions for message authentication. In Cryptology-CRYPTO 1995, Lecture Notes in Computer Science (vol. 921, pp. 301–310).Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Trusted Computing and Information Assurance Laboratory, SKLCS, Institute of SoftwareChinese Academy of SciencesBeijingPeople’s Republic of China

Personalised recommendations