Exploiting Vulnerabilities of HB-MP

  • José Carrijo UnB
  • Rafael Tonicelli UnB


HB-MP is a prominent member of the HB-family: a family of authentication protocols specially designed for RFID tags. We present two different cryptanalytic methods on HB-MP: (1) a passive attack based solely on the eavesdropping of legitimate authentication procedures; (2) an active attack, where the adversary has control over the RFID tag and is allowed to change the content of chosen memory areas of the device.


M. Blum, A. Kalai, H. Wasserman. Noise-Tolerant Learning, the Parity Problem, and the Statistical Query Model. Journal of the ACM 50, 4 (July 2003), pp. 506–519, 2003.

J. Carrijo, R. Tonicelli, H. Imai and A. C. A. Nascimento. A Novel Probabilistic Passive Attack on the Protocols HB and HB+. IEICE Trans. on Fundamentals of Electronics, Communications and Computer Science, Vol.E92-A, Number 2, pages 658–662, 2009.

H. Gilbert, M. Robshaw, H. Seurin. Good Variants of HB+ are Hard to Find. 2008 Financial Cryptography Conference, Lecture Notes in Computer Science vol. 5143, Springer-Verlag, pages 156–170, 2008.

H. Gilbert, M. Robshaw, H. Silvert. An active attack against HB+ - a provable secure lightweight protocol. Cryptology ePrint Archive, Report 2005/237, 2005, available at http://eprint.iacr.org/2005/237.pdf.

Z. Golebiewski, K. Majcher, F. Zagorski, and M. Zawada. Practical Attacks on HB and HB+ Protocols. Cryptology ePrint Archive, Report 2008/241, 2008, available at http://eprint.iacr.org/2008/241.pdf.

N. J. Hopper and M. Blum. Secure Human Identification Protocols. Advances in Cryptology – ASIACRYPT 2001, Lecture Notes in Computer Science vol. 2248, Springer-Verlag, pages 52–66, 2001.

A. Juels and S. A. Weis. Authenticating pervasive devices with Human Protocols. Advances in Cryptology – CRYPTO 2005, Lecture Notes in Computer Science vol. 3621, Springer-Verlag, pages 293–308, 2005.

X. Leng, K. Mayes, K. Markantonakis. HB-MP+ Protocol: An Improvement on the HB-MP Protocol. 2008 IEEE International Conference on RFID, pages 118–124, 2008.

J. Munilla and A. Peinado. A further step in the HB-family of lightweight authentication protocols. Computer Networks, vol. 51, Elsevier, pages 2262–2267, 2007.
CARRIJO, José; TONICELLI, Rafael. Exploiting Vulnerabilities of HB-MP. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 9. , 2009, Campinas. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2009 . p. 3-16. DOI: https://doi.org/10.5753/sbseg.2009.20619.