Ghb a provably secure hb like lightweight authentication protocol
This presentation is the property of its rightful owner.
Sponsored Links
1 / 21

GHB#: A Provably Secure HB-like Lightweight Authentication Protocol PowerPoint PPT Presentation


  • 57 Views
  • Uploaded on
  • Presentation posted in: General

GHB#: A Provably Secure HB-like Lightweight Authentication Protocol. Panagiotis Rizomiliotis and Stefanos Gritzalis Dept. of Information and Communication Systems Engineering University of the Aegean, Greece. Contents. Motivation - RFID The HB family The HB# protocol Design Security

Download Presentation

GHB#: A Provably Secure HB-like Lightweight Authentication Protocol

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Ghb a provably secure hb like lightweight authentication protocol

GHB#: A Provably Secure HB-like Lightweight Authentication Protocol

PanagiotisRizomiliotis and StefanosGritzalis

Dept. of Information and Communication Systems Engineering

University of the Aegean, Greece

ACNS 2012


Contents

Contents

  • Motivation - RFID

  • The HB family

  • The HB# protocol

    • Design

    • Security

  • The GHB# protocol

    • Design

    • Security

  • Implementation issues

  • Conclusions

ACNS 2012


Motivation rfid

Motivation - RFID

  • Radio Frequency Identification

  • A technology that enables the electronic and wireless labeling and identification of objects, humans and animals

  • Replaces barcodes

  • Electronic device that can store and transmit data to a reader in a contactless manner using radio waves

    • Microchip

    • Antenna

ACNS 2012


Applications

Conveyor Belt

Handheld

Point of Sale

Forklift

Applications

  • Practically everywhere

Credit Card

Auto Immobilizers

Automated Vehicle Id

Animal Tracking

Dock Door

Electronic Identity

Smart Shelves

ACNS 2012


Main challenges

Main Challenges

  • Security

    • Confidentiality of stored data

    • Integrity/authenticity

    • Impersonation

  • Privacy

    • Anonymity

    • Untraceability

      Normally, cryptography can solve all these problems.

      Restrictions:

    • Low cost

    • Limited hardware and energy

      We need new lightweight algorithms!!

ACNS 2012


The hb family of protocols

The HB family of protocols

  • A set of ultra-lightweight authentication protocols initiated by Hopper and Blum’s work (the HB protocol) proposed initially for human identification

  • Then proposed for RFID tags

  • Based on the LPN problem

ACNS 2012


The hb family

The HB family

  • HB (2001)

  • HB+ (2005)

  • HB++ (2006)

  • HB-MP (2007)

  • HB-MP+(2008)

  • HB* (2007)

  • HB# (2008)

  • Subspace LPN based protocols (2011)

ACNS 2012


Three attack models 1 3

Three attack models (1/3)

  • PASSIVE-model

    • Eavesdrop Tag-Reader

    • Impersonate the Tag

  • DET – model

    • Interrogate the Tag (Reader is not present)

    • Impersonate the Tag

  • MIM – model

    • Modify the messages between Tag-Reader (SOS – learn to authentication result)

    • Impersonate the Tag

    • GRS-attack: Modify only the messages send by the Reader

ACNS 2012


Three attack models 2 3 det model

Three attack models (2/3)DET-model

ACNS 2012


Three attack models 3 3 mim model

Three attack models (3/3)MIM-model

  • GRS-attack when ONLY bi can be modified

ACNS 2012


The hb protocol

The HB# protocol

  • Gilbert, H., Robshaw, M., Seurin, Y.: HB#: Increasing the Security and Efficiency of HB+. In: Proceedings of Eurocrypt, Springer LNCS, vol. 4965, pp. 361-378, (2008)

  • Random-HB#: X,Y random

  • HB#: X,Y Toeplitz Matrices

ACNS 2012


The hb protocol s security

The HB# protocol’s security

  • Based on MHB: an extension of the HB puzzle

  • HB# is secure against the PASSIVE, DET, GRS-attack

  • There is a MIM attack

    • Ouafi, K., Overbeck, R., Vaudenay, S.: On the Security of HB# against a Man-in-the-Middle Attack. In: Proceedings of Asiacrypt, Springer LNCS, vol. 5350, pp.108-124 (2008)

ACNS 2012


Vectorial boolean functions

Vectorial Boolean Functions

Vectorial Boolean Functions with m inputs and n outputs:

ACNS 2012


Gold boolean functions

Gold Boolean Functions

  • Gold, R.: Maximal recursive sequences with 3-valued recursive crosscorrelation functions. IEEE Transactions on Information Theory, vol. 14, pp. 154-156, 1968

  • Power functions on a field

    where

  • Algebraic Degree = 2

  • Balanced

  • APN

  • High nonlinearity

ACNS 2012


The ghb protocol

The GHB# protocol

  • Modify the HB#

Φ is a Gold Boolean function!

ACNS 2012


Complexity and other issues

Complexity and other issues

  • Practically the same the behavior as the HB# protocol

  • False acceptance rate

  • False rejection rate

  • Storage complexity. The memory cost for the tag; i.e. the storage for the two secret matrices, is (kX +kY)m bits.

  • Communication complexity. The protocol requires (kX +kY + m) bits to be transferred in total.

ACNS 2012


Security analysis

Security analysis

  • Provably PASSIVE, DET and MIM secure

  • It is based on the MHB puzzle like the HB#

    • (Actually, similarly to the HB# proofs our reduction uses rewinding)

  • The resistance against the MIM attacks is due to the APN property of the Gold function

ACNS 2012


Intuitive approach

Intuitive approach

  • From the presentation of

    Ouafi, K., Overbeck, R., Vaudenay, S.: On the Security of HB# against a Man-in-the-Middle Attack. In: Proceedings of Asiacrypt, Springer LNCS, vol. 5350, pp.108-124 (2008)

  • HB#

  • Estimation of the acceptance rate

    • GHB#

      • The acceptance rate is random!

    Remember Φ is APN!!!!!

    ACNS 2012


    Implementation issues

    Implementation Issues

    • Implementation of the Gold function

      • Optimal normal basis

      • Requires 2m + 1 AND gates and 2m XOR gates.

    • Complexity Comparison between GHB# and HB#.

    ACNS 2012


    Conclusions

    Conclusions

    • RFID need ultra-lightweight protocols

    • The HB family is the most promising candidate

    • GHB# is provably secure

    • It has the pros and cons of HB#

    • Further research is needed to improve implementation complexity

    ACNS 2012


    Thank you for your attention

    Thank you for your attention

    Questions??

    ACNS 2012


  • Login