Hb+ db, mitigating man-in-the-middle attacks against hb+ with distance bounding
E. Pagnin, E. Yang, G. Hancke, A. Mitrokotsa In Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec. Full Text
Abstract
Authentication for resource-constrained devices is seen as
one of the major challenges in current wireless communication networks.
The HB+ protocol performs device authentication based on the learning parity with noise (LPN) problem
and simple computational steps, that renders it suitable for resource-constrained devices such as
radio frequency identification (RFID) tags.
However, it has been shown that the HB+ protocol as well as many of its variants are vulnerable
to a simple man-in-the-middle attack.
We demonstrate that this attack could be mitigated using physical layer measures
from distance-bounding and simple modifications to devices’ radio receivers.
Our hybrid solution (HB+DB) is shown to
provide both effective distance-bounding using a lightweight
HB+ -based response function, and resistance against the
man-in-the-middle attack to HB+. We provide experimental evaluation of our results as well as a brief discussion on
practical requirements for secure implementation.
Keywords: Distance bounding, HB-protocol, HB+, physical layer security.