Skip to Main Content
In this paper, we propose an enhanced version of the HB-MP authentication protocol, called the HB-MP+ protocol. The HB-MP protocol is a lightweight authentication protocol that is suitable for use in passive radio frequency identification (RFID) systems. The HB-MP+ protocol overcomes the man-in-the-middle attack to which the basic HB-MP protocol is vulnerable while maintaining its suitability to low-cost passive RFID systems. We show an effective man-in-the-middle attack against the HB-MP protocol where the attacker utilizes the predictable rotation of the secret key. We enhance the HB-MP protocol by randomizing the rotation of the secret key, which eliminates the vulnerability. We also propose the use of round keys that may be produced by rotation or, more generally, by a one-way function. We analyse the security and performance improvements of our HB-MP+ protocol and find it to be suitable for passive RFID systems.