Authenticating Pervasive Devices with Human Protocols

Daniel Bailey
RSA Laboratories

ABSTRACT:
Forgery and counterfeiting are emerging as serious security risks in low-cost pervasive computing devices. These devices lack the computational, storage, power, and communication resources necessary for most cryptographic authentication schemes. Surprisingly, low-cost pervasive devices like Radio Frequency Identification (RFID) tags share similar capabilities with another weak computing device: people. These similarities motivate the adoption of techniques from human-computer security to the pervasive computing setting. This talk analyzes a particular human-to-computer authentication protocol designed by Hopper and Blum (HB), and shows it to be practical for low-cost pervasive devices. This paper also offers a new, augmented version of the HB protocol, named HB+, that is secure against active adversaries. The HB+ protocol is a novel, symmetric authentication protocol with a simple, low-cost implementation. We consider the security of the HB+ protocol against active adversaries based on the hardness of the Learning Parity with Noise (LPN) problem.