Short: HB+DB, Mitigating Man-in-the-Middle Attacks Against HB+ with Distance Bounding

Authentication for resource-constrained devices is seen as one of the major challenges in current wireless communication networks. The HB protocol performs device authentication based on the learning parity with noise (LPN) problem and simple computational steps, that renders it suitable for resource-constrained devices such as radio frequency identification (RFID) tags. However, it has been shown that the HB protocol as well as many of its variants are vulnerable to a simple man-in-the-middle attack. We demonstrate that this attack could be mitigated using physical layer measures from distance-bounding and simple modifications to devices’ radio receivers. Our hybrid solution (HBDB) is shown to provide both effective distance-bounding using a lightweight HB-based response function, and resistance against the man-in-the-middle attack to HB. We provide experimental evaluation of our results as well as a brief discussion on practical requirements for secure implementation.