HB+DB, Mitigating Man-in-the-Middle Attacks Against HB+ with Distance Bounding

---

Authors: E. Pagnin, E. Yang, G. Hancke, A. Mitrokotsa
In: 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2015
Full Text:

---

Abstract

Authentication for resource-constrained devices is seen as one of the major challenges in current wireless communication networks.
The HB+ protocol performs device authentication based on the learning parity with noise (LPN) problem and simple computational steps, that renders it suitable for resource-constrained devices such as radio frequency identification (RFID) tags. However, it has been shown that the HB+ protocol as well as many of its variants are vulnerable to a simple man-in-the-middle attack.
We demonstrate that this attack could be mitigated using physical layer measures from distance-bounding and simple modifications to devices’ radio receivers. Our hybrid solution (HB+DB) is shown to provide both effective distance-bounding using a lightweight HB+ -based response function, and resistance against the man-in-the-middle attack to HB+. We provide experimental evaluation of our results as well as a brief discussion on practical requirements for secure implementation.

Keywords: Distance bounding, HB-protocol, HB+, physical layer security.