Open image in new window: Increasing the Security and Efficiency of Open image in new window

  • Henri Gilbert
  • Matthew J. B. Robshaw
  • Yannick Seurin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4965)


The innovative Open image in new window protocol of Juels and Weis [10] extends device authentication to low-cost RFID tags. However, despite the very simple on-tag computation there remain some practical problems with Open image in new window and despite an elegant proof of security against some limited active attacks, there is a simple man-in-the-middle attack due to Gilbert et al. [8]. In this paper we consider improvements to Open image in new window in terms of both security and practicality. We introduce a new protocol that we denote random-Open image in new window. This proposal avoids many practical drawbacks of Open image in new window, remains provably resistant to attacks in the model of Juels and Weis, and at the same time is provably resistant to a broader class of active attacks that includes the attack of [8]. We then describe an enhanced variant called Open image in new window which offers practical advantages over Open image in new window.


Open image in new window RFID tags authentication LPN Toeplitz matrix 


  1. 1.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: present: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Bringer, J., Chabanne, H., Dottax, E.: HB + + : A Lightweight Authentication Protocol Secure Against Some Attacks. In: Proceedings of SecPerU 2006, pp. 28–33. IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  3. 3.
    Canetti, R., Halevi, S., Steiner, M.: Hardness Amplification of Weakly Verifiable Puzzles. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 17–33. Springer, Heidelberg (2005)Google Scholar
  4. 4.
    Duc, D.N., Kim, K.: Securing HB +  Against GRS Man-in-the-Middle Attack. In: Institute of Electronics, Information and Communication Engineers, Symposium on Cryptography and Information Security (January 23–26, 2007)Google Scholar
  5. 5.
    Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong Authentication for RFID Systems Using the AES Algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)Google Scholar
  6. 6.
    Fossorier, M.P.C., Mihaljevic, M.J., Imai, H., Cui, Y., Matsuura, K.: A Novel Algorithm for Solving the LPN Problem and its Application to Security Evaluation of the HB Protocol for RFID Authentication,
  7. 7.
    Gilbert, H., Robshaw, M.J.B., Seurin, Y.: Good Variants of HB +  are Hard to Find. In: Proceedings of Financial Crypto 2008 (to appear)Google Scholar
  8. 8.
    Gilbert, H., Robshaw, M.J.B., Sibert, H.: An Active Attack Against HB + : A Provably Secure Lightweight Authentication Protocol. IEE Electronics Letters 41(21), 1169–1170 (2005)CrossRefGoogle Scholar
  9. 9.
    Girault, M., Poupard, G., Stern, J.: On the Fly Authentication and Signature Schemes Based on Groups of Unknown Order. Journal of Cryptology 19(4), 463–488 (2006)MATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Juels, A., Weis, S.A.: Authenticating Pervasive Devices With Human Protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 198–293. Springer, Heidelberg (2005)Google Scholar
  11. 11.
    Juels, A. Weis, S.A. Authenticating Pervasive Devices With Human Protocols. Version of [10] with appendices,
  12. 12.
    Katz, J., Shin, J.: Parallel and Concurrent Security of the HB and HB +  Protocols. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 73–87. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Katz, J., Smith, A.: Analysing the HB and HB +  Protocols in the Large Error Case,
  14. 14.
    Krawczyk, H.: LFSR-based Hashing and Authentication. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 129–139. Springer, Heidelberg (1994)Google Scholar
  15. 15.
    Krawczyk, H.: New Hash Functions for Message Authentication. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 301–310. Springer, Heidelberg (1995)Google Scholar
  16. 16.
    Levieil, E., Fouque, P.-A.: An Improved LPN Algorithm. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 348–359. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Mansour, Y., Nisan, N., Tiwari, P.: The Computational Complexity of Universal Hashing. In: Proceedings of STOC 1990, pp. 235–243 (1990)Google Scholar
  18. 18.
    McLoone, M., Robshaw, M.J.B.: Public Key Cryptography and RFID. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 372–384. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Munilla, J., Peinado, A.: HB-MP: A Further Step in the HB-family of Lightweight Authentication Protocols. Computer Networks 51, 2262–2267 (2007)MATHCrossRefGoogle Scholar
  20. 20.
    Piramuthu, S.: HB and Related Lightweight Authentication Protocols for Secure RFID Tag/Reader Authentication. CollECTeR Europe Conference (June 2006)Google Scholar
  21. 21.
    Poschmann, A., Leander, G., Schramm, K., Paar, C.: New Lightweight DES Variants Suited for RFID Applications. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 196–210. Springer, Heidelberg (2007)Google Scholar
  22. 22.
    Shamir, A.: SQUASH - A New MAC With Provable Security Properties for Highly Constrained Devices Such as RFID Tags. In: Proceedings of FSE 2008 (to appear)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Henri Gilbert
    • 1
  • Matthew J. B. Robshaw
    • 1
  • Yannick Seurin
    • 1
  1. 1.Orange Labs France

Personalised recommendations