Abstract.In this paper, we analyze the security of two recently proposed distance bounding protocols called the "Hitomi" and the "NUS" protocols. Our results show that the claimed security of both protocols has been overestimated. Namely, we show that the Hitomi protocol is susceptible to a full secret key disclosure attack which not only results in violating the privacy of the protocol but also can be exploited for further attacks such as impersonation, mafia fraud and terrorist fraud attacks. Our results also demonstrates that the probability of success in a distance fraud attack against the NUS protocol can be increased up to ( 3 4 ) n and even slightly more, if the adversary is furnished with some computational capabilities.
Abstract. As a variant of the HB authentication protocol for RFID systems, which relies on the complexity of decoding linear codes against passive attacks, Madhavan et al. presented Non-Linear HB(NLHB) protocol. In contrast to HB, NLHB relies on the complexity of decoding a class of non-linear codes to render the passive attacks proposed against HB ineffective. Based on the fact that there has been no passive solution for the problem of decoding a random non-linear code, the authors have claimed that NLHB's security margin is very close to its key size. In this paper, we show that passive attacks against HB protocol can still be applicable to NLHB and this protocol does not provide the desired security margin. In our attack, we first linearize the non-linear part of NLHB to obtain a HB equivalent for NLHB, and then exploit the passive attack techniques proposed for the HB to evaluate the security margin of NLHB. The results show that although NLHB's security margin is relatively higher than HB against similar passive attack techniques, it has been overestimated and, in contrary to what is claimed, NLHB is vulnerable to passive attacks against HB, especially when the noise vector in the protocol has a low weight.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.