Presentation is loading. Please wait.

Presentation is loading. Please wait.

Panagiotis Rizomiliotis and Stefanos Gritzalis Dept. of Information and Communication Systems Engineering University of the Aegean, Greece GHB#: A Provably.

Published byMalcolm Garry Williamson Modified over 9 years ago

Similar presentations

Presentation on theme: "Panagiotis Rizomiliotis and Stefanos Gritzalis Dept. of Information and Communication Systems Engineering University of the Aegean, Greece GHB#: A Provably."— Presentation transcript:

1 Panagiotis Rizomiliotis and Stefanos Gritzalis Dept. of Information and Communication Systems Engineering University of the Aegean, Greece GHB#: A Provably Secure HB-like Lightweight Authentication Protocol June 26-29, Singapore 1 ACNS 2012

2 Contents  Motivation - RFID  The HB family  The HB# protocol Design Security  The GHB# protocol Design Security  Implementation issues  Conclusions June 26-29, Singapore 2 ACNS 2012

3 Motivation - RFID June 26-29, Singapore ACNS 2012 3 Radio Frequency Identification A technology that enables the electronic and wireless labeling and identification of objects, humans and animals Replaces barcodes Electronic device that can store and transmit data to a reader in a contactless manner using radio waves  Microchip  Antenna

4 Applications June 26-29, Singapore ACNS 2012 4 Practically everywhere Auto Immobilizers Automated Vehicle Id Animal Tracking Conveyor Belt Forklift Dock Door Handheld Point of Sale Smart Shelves Credit Card Electronic Identity

5 Main Challenges June 26-29, Singapore ACNS 2012 5 Security  Confidentiality of stored data  Integrity/authenticity  Impersonation Privacy  Anonymity  Untraceability Normally, cryptography can solve all these problems. Restrictions: Low cost Limited hardware and energy We need new lightweight algorithms!!

6 The HB family of protocols June 26-29, Singapore ACNS 2012 6 A set of ultra-lightweight authentication protocols initiated by Hopper and Blum’s work (the HB protocol) proposed initially for human identification Then proposed for RFID tags Based on the LPN problem

7 The HB family June 26-29, Singapore ACNS 2012 7 HB (2001) HB+ (2005) HB++ (2006) HB-MP (2007) HB-MP+(2008) HB* (2007) HB# (2008) Subspace LPN based protocols (2011)

8 Three attack models (1/3) June 26-29, Singapore ACNS 2012 8 PASSIVE-model 1. Eavesdrop Tag-Reader 2. Impersonate the Tag DET – model 1. Interrogate the Tag (Reader is not present) 2. Impersonate the Tag MIM – model 1. Modify the messages between Tag-Reader (SOS – learn to authentication result) 2. Impersonate the Tag GRS-attack: Modify only the messages send by the Reader

9 Three attack models (2/3) DET-model June 26-29, Singapore ACNS 2012 9

10 Three attack models (3/3) MIM-model June 26-29, Singapore ACNS 2012 10 GRS-attack when ONLY b i can be modified

11 The HB# protocol June 26-29, Singapore ACNS 2012 11 Gilbert, H., Robshaw, M., Seurin, Y.: HB#: Increasing the Security and Efficiency of HB+. In: Proceedings of Eurocrypt, Springer LNCS, vol. 4965, pp. 361-378, (2008) 1. Random-HB#: X,Y random 2. HB#: X,Y Toeplitz Matrices

12 The HB# protocol’s security June 26-29, Singapore ACNS 2012 12 Based on MHB: an extension of the HB puzzle HB# is secure against the PASSIVE, DET, GRS-attack There is a MIM attack  Ouafi, K., Overbeck, R., Vaudenay, S.: On the Security of HB# against a Man- in- the-Middle Attack. In: Proceedings of Asiacrypt, Springer LNCS, vol. 5350, pp.108-124 (2008)

13 Vectorial Boolean Functions June 26-29, Singapore ACNS 2012 13 Vectorial Boolean Functions with m inputs and n outputs:

14 Gold Boolean Functions June 26-29, Singapore ACNS 2012 14 Gold, R.: Maximal recursive sequences with 3-valued recursive crosscorrelation functions. IEEE Transactions on Information Theory, vol. 14, pp. 154-156, 1968 Power functions on a field where Algebraic Degree = 2 Balanced APN High nonlinearity

15 The GHB# protocol June 26-29, Singapore ACNS 2012 15 Modify the HB# Φ is a Gold Boolean function!

16 Complexity and other issues June 26-29, Singapore ACNS 2012 16 Practically the same the behavior as the HB# protocol False acceptance rate False rejection rate Storage complexity. The memory cost for the tag; i.e. the storage for the two secret matrices, is (k X +k Y )m bits. Communication complexity. The protocol requires (k X +k Y + m) bits to be transferred in total.

17 Security analysis June 26-29, Singapore ACNS 2012 17 Provably PASSIVE, DET and MIM secure It is based on the MHB puzzle like the HB# (Actually, similarly to the HB# proofs our reduction uses rewinding) The resistance against the MIM attacks is due to the APN property of the Gold function

18 Intuitive approach June 26-29, Singapore ACNS 2012 18 From the presentation of Ouafi, K., Overbeck, R., Vaudenay, S.: On the Security of HB# against a Man- in-the-Middle Attack. In: Proceedings of Asiacrypt, Springer LNCS, vol. 5350, pp.108-124 (2008) HB# Estimation of the acceptance rate GHB# The acceptance rate is random! Remember Φ is APN!!!!!

19 Implementation Issues June 26-29, Singapore ACNS 2012 19 Implementation of the Gold function  Optimal normal basis  Requires 2m + 1 AND gates and 2m XOR gates. Complexity Comparison between GHB# and HB#.

20 Conclusions June 26-29, Singapore ACNS 2012 20 RFID need ultra-lightweight protocols The HB family is the most promising candidate GHB# is provably secure It has the pros and cons of HB# Further research is needed to improve implementation complexity

21 Thank you for your attention June 26-29, Singapore ACNS 2012 21 Questions??

Download ppt "Panagiotis Rizomiliotis and Stefanos Gritzalis Dept. of Information and Communication Systems Engineering University of the Aegean, Greece GHB#: A Provably."

Similar presentations

1 An Ultra-lightweight Authentication Protocol in RFID Speaker: 魏家惠.

1 An Ultra-lightweight Authentication Protocol in RFID Speaker: 魏家惠.
NFC Security What is NFC? NFC Possible Security Attacks. NFC Security Attacks Countermeasures. Conclusion. References.

NFC Security What is NFC? NFC Possible Security Attacks. NFC Security Attacks Countermeasures. Conclusion. References.
Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.

Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.
Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.

Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.
Digital Wallet Alberto Almonte (CPE) Miles Curiotto (CPE) Michael Stross (EE) The new, compact, secure and efficient way to carry all your credit and debit.

Digital Wallet Alberto Almonte (CPE) Miles Curiotto (CPE) Michael Stross (EE) The new, compact, secure and efficient way to carry all your credit and debit.
Every Bit Counts – Fast and Scalable RFID Estimation Muhammad Shahzad and Alex X. Liu Dept. of Computer Science and Engineering Michigan State University.

Every Bit Counts – Fast and Scalable RFID Estimation Muhammad Shahzad and Alex X. Liu Dept. of Computer Science and Engineering Michigan State University.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Information Security of Embedded Systems 20.1.2010: Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.

Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.

#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.
Wireless Sensor Network Security Anuj Nagar CS 590.

Wireless Sensor Network Security Anuj Nagar CS 590.
RFID Cardinality Estimation with Blocker Tags

RFID Cardinality Estimation with Blocker Tags
RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.

RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.
Real World Applications of RFID Mr. Mike Rogers Bryan Senior High School Omaha, NE.

Real World Applications of RFID Mr. Mike Rogers Bryan Senior High School Omaha, NE.
R R FID Authentication : M inimizing Tag Computation CHES2006 Rump Session, Yokohama. Japan 2006. 10. 11. Ph.D. Jin Kwak Kyushu University, JAPAN

R R FID Authentication : M inimizing Tag Computation CHES2006 Rump Session, Yokohama. Japan Ph.D. Jin Kwak Kyushu University, JAPAN
Lecture Notes #7 Radio Frequency Identification (RFID)

Lecture Notes #7 Radio Frequency Identification (RFID)
RFID Radio frequency identification,or RFID,is an Auto-ID technology that uses radio waves to identify a physical object. Tags ReaderAntenna.

RFID Radio frequency identification,or RFID,is an Auto-ID technology that uses radio waves to identify a physical object. Tags ReaderAntenna.
David Molnar, David Wagner - Authors Eric McCambridge - Presenter.

David Molnar, David Wagner - Authors Eric McCambridge - Presenter.
Chip tag A radio-frequency identification system uses tags readers send a signal to the tag and read its response RFID tags can be either passive active.

Chip tag A radio-frequency identification system uses tags readers send a signal to the tag and read its response RFID tags can be either passive active.

Similar presentations

Ads by Google