Trusted-HB: a low-cost version of HB+ secure against Man-in-The-Middle attacks

Since the introduction at Crypto'05 by Juels and Weis of the protocol HB+, a lightweight protocol secure against active attacks but only in a detection based-model, many works have tried to enhance its security. We propose here a new approach to achieve resistance against Man-in-The-Middle attacks. Our requirements - in terms of extra communications and hardware - are surprisingly low.Comment: submitted to IEEE Transactions on Information Theor

A New Algorithm for Solving Ring-LPN with a Reducible Polynomial

The LPN (Learning Parity with Noise) problem has recently proved to be of great importance in cryptology. A special and very useful case is the RING-LPN problem, which typically provides improved efficiency in the constructed cryptographic primitive. We present a new algorithm for solving the RING-LPN problem in the case when the polynomial used is reducible. It greatly outperforms previous algorithms for solving this problem. Using the algorithm, we can break the Lapin authentication protocol for the proposed instance using a reducible polynomial, in about 2^70 bit operations

Design and Implementation of S-MARKS: A Secure Middleware for Pervasive Computing Applications

As portable devices have become a part of our everyday life, more people are unknowingly participating in a pervasive computing environment. People engage with not a single device for a specific purpose but many devices interacting with each other in the course of ordinary activity. With such prevalence of pervasive technology, the interaction between portable devices needs to be continuous and imperceptible to device users. Pervasive computing requires a small, scalable and robust network which relies heavily on the middleware to resolve communication and security issues. In this paper, we present the design and implementation of S-MARKS which incorporates device validation, resource discovery and a privacy module

Security problems of systems of extremely weak devices

In this paper we discuss some fundamental security issues of distributed systems of weak devices. We briefly describe two extreme kinds of such systems - the sensor network and theRadio Frequency IDentification (RFID) system from the point of view of security mechanisms designer. We describe some most important particularities and issues (including unsolved problems) that have to be taken into account in security design and analysis. Finally we present some fundamental concepts and paradigms of research on security of weak devices. In the paper we also give a brief survey of ultra–light HB/HB+ - family of encryption schemes and so-called predistribution protocols

Secure and Efficient HB-CM Entity Authentication Protocol

The simple, computationally efficient LPN-based HB-like entity authentication protocols have attracted a great deal of attention in the past few years due to the broad application prospect in low-cost pervasive devices. At present, the most efficient protocol is HB$^\#$, which is proven to resist the GRS attack under the conjecture that it is secure in the DET-model. In this paper, we introduce an innovative HB-CM$^-$ protocol, which significantly reduces the storage requirement while maintaining the same level of communication cost. We develop the concept of equivalence class, and present HB-CM$^-$ reductionist proof that overcomes an inherent limitation in the HB$^\#$ security proof. In fact, HB$^\#$ is only provably resistant to partial instances of GRS attack, while we prove that HB-CM$^-$ can prevent the full GRS attack except one trivial case. In addition, we propose a new noise mode for all HB-like protocols in order to thwart the latest OOV man-in-the-middle attack, which can effectively compromise all current HB-like protocols with the basic Bernoulli nose mode. The HB-CM$^-$ protocol along with the proposed noise mode constitutes our final protocol: HB-CM

Cryptographic Primitives from Physical Variables

In this dissertation we explore a new paradigm emerging from the subtleties of cryptographic implementations and relating to theoretical aspects of cryptography. This new paradigm, namely physical variables (PVs), simply describes properties of physical objects designed to be identical but are not due to manufacturing variability. In the first part of this dissertation, we focus our attention on scenarios which require the unique identification of physical objects and we show how Gaussian PVs can be used to fulfill such a requirement. Using this framework we present and analyze a new technique for fingerprinting compact discs (CDs) using the manufacturing variability found in the length of the CDs\u27 lands and pits. Although the variability measured is on the order of 20 nm, the technique does not require the use of microscopes or any advanced equipment. Instead, the electrical signal produced by the photo-detector inside the CD reader will be sufficient to measure the desired variability. We thoroughly investigate the new technique by analyzing data collected from 100 identical CDs and show how to extract a unique fingerprint for each CD. In the second part, we shift our attention to physically parameterized functions (PPFs). Although all the constructions we provide are centered around delay-based physically unclonable functions (PUFs), we stress that the use of the term PUF could be misleading as most circuits labeled with the term PUF are in reality clonable on the protocol level. We argue that using a term like PPFs to describe functions parameterized by a PV is a more accurate description. Herein, we thoroughly analyze delay-PUFs and use a mathematical framework to construct two authentication protocols labeled PUF-HB and HB+PUF. Both these protocols merge the known HB authentication family with delay-based PUFs. The new protocols enjoy the security reduction put forth by the HB portion of the protocol and at the same time maintain a level of hardware security provided by the use of PUFs. We present a proof of concept implementation for HB+PUF which takes advantage of the PUF circuit in order to produce the random bits typically needed for an HB-based authentication scheme. The overall circuit is shown to occupy a few thousand gates. Finally, we present a new authentication protocol that uses 2-level PUF circuits and enables a security reduction which, unlike the previous two protocols, stems naturally from the usage of PVs

RMAC -- A Lightweight Authentication Protocol for Highly Constrained IoT Devices

Nowadays, highly constrained IoT devices have earned an important place in our everyday lives. These devices mainly comprise RFID (Radio-Frequency IDentification) or WSN (Wireless Sensor Networks) components. Their adoption is growing in areas where data security or privacy or both must be guaranteed. Therefore, it is necessary to develop appropriate security solutions for these systems. Many papers have proposed solutions for encryption or authentication. But it turns out that sometimes the proposal has security flaw or is ill-suited for the constrained IoT devices (which has very limited processing and storage capacities). In this paper we introduce a new authentication protocol inspired by Mirror-Mac (MM) which is a generic construction of authentication protocol proposed by Mol et al. Our proposal named RMAC is well suited for highly constrained IoT devices since its implementation uses simple and lightweight algorithms.We also prove that RMAC is at least as secure as the MM protocol and thus secure against man-in-the-middle attacks

Towards Optimally Efficient Secret-Key Authentication from PRG

We propose a new approach to the construction of secret-key authentication protocols making black-box use of any pseudorandom generator (PRG). Our authentication protocols require only two messages, have perfect completeness, and achieve concurrent man-in-the-middle security. Finally, when based on a sufficiently efficient PRG, our protocol has (amortised) complexity $O(n)$ bit operations where $n$ is the security parameter. To the best of our knowledge, this construction is the first with linear complexity. We achieve this at the cost of having the prover (but not the verifier) keep a small amount of state. A variant of our construction, based on a stronger security notion for the PRG, is secure even if the adversary is able to reset the prover an unbounded number of times. A practical analysis of our protocol shows our prover computation time compares favorably against a simple AES-based protocol

Foxtail+: A Learning with Errors-based Authentication Protocol for Resource-Constrained Devices

This paper presents Foxtail+, a new shared-key protocol to securely authenticate resource constrained devices, such as Internet of things (IoT) devices. Foxtail+ is based on a previously proposed protocol to authenticate unaided humans, called the Foxtail protocol, which we modify for authenticating resource constrained devices. It uses a computationally lightweight function, called the Foxtail function, which makes it ideal for IoT nodes with low memory, computational, and/or battery resources. We introduce a new family of functions based on the Foxtail function, analyze its security in terms of the number of samples required to obtain the secret, and demonstrate how it is connected with the learning with rounding (LWR) problem. We then build the Foxtail+ protocol from this function family, secure against active adversaries. Finally, we implement and experimentally evaluate the performance of Foxtail+ against a similar alternate protocol, i.e., the modified version of the Hopper and Blum protocol called HB+, and a block cipher based protocol instantiated with AES. The experiments are run on an IoT device connected to a LoRa network which is an IoT specific Low-Power Wide-Area Network (LPWAN). We show that Foxtail+ outperforms HB+ in terms of overall communication and energy cost, and its parallel implementation is comparable to the AES-based protocol in terms of time and energy consumption. To our knowledge, we provide the first implementation of any member of the HB+ family of protocols that directly compares its performance against an AES-based protocol in terms of time and power consumption. Our experiments shed new light on some of the limitations of identification protocols based on lightweight primitives, of which Foxtail+ is a member, over block cipher based protocols