On the Security of HB# against a Man-in-the-Middle Attack
At EuroCrypt ’08, Gilbert, Robshaw and Seurin proposed HB# to improve on HB + in terms of transmission cost and security against man-in-the-middle attacks. Although the security of HB# is formally proven against a certain class of man-in-the-middle adversaries, it is only conjectured for the general case. In this paper, we present a general man-in-the-middle attack against HB# and Random-HB#, which can also be applied to all anterior HB-like protocols, that recovers the shared secret in 225 or 220 authentication rounds for HB# and 234 or 228 for Random-HB#, depending on the parameter set. We further show that the asymptotic complexity of our attack is polynomial under some conditions on the parameter set which are met on one of those proposed in .
KeywordsHB authentication protocols RFID
- 2.Bringer, J., Chabanne, H.: Trusted-HB: a low-cost version of HB + secure against man-in-the-middle attacks. CoRR, abs/0802.0603 (2008)Google Scholar
- 3.Bringer, J., Chabanne, H., Dottax, E.: HB + + : a lightweight authentication protocol secure against some attacks. In: Second International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU 2006), Lyon, France, June 29, pp. 28–33. IEEE Computer Society, Los Alamitos (2006)CrossRefGoogle Scholar
- 4.Duc, D.N., Kim, K.: Securing HB + against GRS man-in-the-middle attack. In: Institute of Electronics, Information and Communication Engineers, Symposium on Cryptography and Information Security, Sasebo, Japan, January 23-26, p. 123 (2007)Google Scholar
- 9.Gilbert, H., Robshaw, M.J.B., Seurin, Y.: HB#: Increasing the security and efficiency of HB + , full version. Cryptology ePrint Archive, Report 2008/028 (2008)Google Scholar