HB+DB: Distance bounding meets human based authentication.

Authentication for resource-constrained devices is seen as one of the major challenges in current wireless communication networks. The protocol by Juels and Weis provides device authentication based on the learning parity with noise (LPN) problem and is appropriate for resource-constrained devices, but it has been shown to be vulnerable to a simple man-in-the-middle attack. Subsequent work has focused on modifying the cryptographic properties of the original protocol to mitigate this problem. We propose that this attack could be mitigated using physical layer measures from distance-bounding protocols and simple modifications to devices’ radio receivers. We take the as a reference protocol and combine it with distance-bounding techniques. This hybrid solution, the protocol is shown to provide resistance against the man-in-the-middle attacks on as a result of the additional physical-layer mechanisms. We analyze the security of the proposed protocol against active man-in-the-middle attacks and present experiments showing how it is practically possible to limit the success of a practical man-in-the-middle attack. We also briefly discuss the possibility that could provide some resistance to basic threats scenarios meant to be mitigated by distance-bounding protocols. We make a practical implementation to verify that our proposed method is feasible. Finally, we discuss a proof-of-concept channel for our scheme implemented on a platform equivalent in resources to a contactless smart card/NFC device.