投影片 - 密碼編碼與計算理論實驗室.ppt

編碼密碼與計算理論實驗室 編碼密碼與計算理論實驗室 密碼編碼與計算理論實驗室 * Trusted-HB: A Low-Cost Version of HB+ Secure Against Man-in-the-Middle Attacks Julien Bringer and Hervé Chabanne IEEE Transactions on Information Theory September 2008 密碼編碼與計算理論實驗室 * Outline Abstract Introduction HB+ protocol The Proposal Protocol Preliminary Definitions Description Security Arguments Implementation Conclusion 密碼編碼與計算理論實驗室 * Abstract HB+ is a lightweight protocol secure against active attacks but only in a detection based model this paper propose a new approach to achieve resistance against man-in-the-middle (MITM) attacks extra requirements—in terms of extra communications and hardware—are surprisingly low 密碼編碼與計算理論實驗室 * Introduction this paper propose a approach First phase use the protocol HB+ as an identification scheme Second phase authenticate the tag in a classical message authentication code (MAC) algorithm 密碼編碼與計算理論實驗室 * The HB+ Protocol Tag (x,y) Generate b?{0,1}k Set z =(a?x)⊕(b?y)⊕ν ν?R{0,1}|Prob(ν=1)=η b a z Reader (x,y) Generate a?{0,1}k Check z = (a?x)⊕(b?y) Repeat for r rounds. Authenticate Tag if it fails t=ur rounds, where u?(η, 1/2). 密碼編碼與計算理論實驗室 * Learning Parity with Noise Given A, η, z = (A · x) ⊕ v , find a k-bit vector y such that |(A · y) ⊕ z| ≤ ηq Note: HB-family are all based on the hardness of LPN problem 密碼編碼與計算理論實驗室 * The Proposal Protocol Preliminary Definitions in order to resist to MITM attacks, a natural idea is to send a proof of integrity to the Reader classical message authentication code (MAC) algorithms, obtained from cryptographic block ciphers cryptographic one-way hash functions seem too heavy in our case use a family H of linear hash functions which map {0,1}m to {0,1}n 密碼編碼與計算理論實驗室 * Definition 1: A family H of hash functions is called ε-balanced (or ε-almost universal) if the message authentication of a message M is then computed as t = h(M)⊕e, where e is a random pad of length n following the principle of a one-time pad, the same h can be