Lightweight PUF-Based Authentication Protocol for IoT Devices
Yıldıran Yılmaz2018
visibility
…
description
1 page
link
1 file
AI-generated Abstract
This paper proposes a novel authentication protocol that utilizes Physically Unclonable Functions (PUFs) to enhance security in IoT devices characterized by constraints in processing power and memory. By employing a neural network model for verifying challenges and responses without storing challenge-response pairs (CRPs) in a database, the protocol aims to mitigate the risks of data theft and cloning attacks. The effectiveness of the proposed protocol is compared with DTLS implementations, highlighting improvements in cost, time efficiency, and resistance to attacks.
Related papers
PUF Based Authenticated Key Exchange Protocol for IoT Without Verifiers and Explicit CRPs
IEEE Access
A Physical Unclonable Function (PUF) provides a physical device a unique output for a given input, which can be regarded as the device's digital fingerprint. Thus, PUFs can provide unique identities for billions of connected devices in Internet of Things (IoT) architectures. Plenty of PUF based authenticated key exchange (AKE) protocols have been proposed. However, most of them are designed for the authentication between an IoT node and the specific server/verifier, whom the IoT node registered with. Only a few of them are designed for the authentication between IoT nodes, and all these protocols need verifiers or explicit Challenge-Response Pairs (CRPs). In this paper, we propose the first PUF based AKE protocol for IoT without verifiers and explicit CRPs, which IoT nodes can freely authenticate each other and create a session key on their own without the help of any server or verifier. We compare the proposed protocol with 27 relevant PUF based AKE protocols to show the superiority, and analyze the computational cost of each entity in the proposed protocol to show the efficiency. We define the adversarial model of a PUF based AKE protocol for IoT and formally prove the security of the proposed protocol in random oracle model. The security of the proposed protocol is based on the Elliptic Curve Discrete Logarithm (ECDL), Elliptic Curve Computational Diffie-Hellman (ECCDH), and Decisional Bilinear Diffie-Hellman (DBDH) assumptions. INDEX TERMS Device authentication, internet of things, key agreement, key management, physical unclonable function.
A Modeling Attack Resistant Deception Technique for Securing PUF based Authentication
2019 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), 2019
Due to practical constraints in preventing phishing through public network or insecure communication channels, simple physical unclonable function (PUF)-based authentication protocol with unrestricted queries and transparent responses is vulnerable to modeling and replay attacks. In this paper, we present a PUF-based authentication method to mitigate the practical limitations in applications where a resource-rich server authenticates a device with no strong restriction imposed on the type of PUF designs or any additional protection on the binary channel used for the authentication. Our scheme uses an active deception protocol to prevent machine learning (ML) attacks on a device. The monolithic system makes collection of challenge response pairs (CRPs) easy for model building during enrollment but prohibitively time consuming upon device deployment. A genuine server can perform a mutual authentication with the device at any time with a combined fresh challenge contributed by both the server and the device. The message exchanged in clear does not expose the authentic CRPs. The false PUF multiplexing is fortified against prediction of waiting time by doubling the time penalty for every unsuccessful authentication.
PUF based Lightweight Authentication and Key Exchange Protocol for IoT
Proceedings of the 18th International Conference on Security and Cryptography, 2021
Internet-of-Things (IoT), an integral part of today's smart society, is facing tremendous challenges of different security and interoperability attacks. Also, IoT device works in resource-constrained environments with limited storage. Conventional cryptography is not suitable for low-cost IoTs, and also they are susceptible to physical attacks. This work proposes a lightweight authentication and key exchange protocol utilizing the physically unclonable function (PUF) as security primitive. A single PUF challenge-response pair (PUF-CRP) is utilised to overcomes the server's storage overhead in the proposed protocol. Also, this protocol ensures the secret message passing using the lightweight XOR function. The proposed protocol authenticates the end-user successfully as well as maintains the security of the shared secret. The two-pass approach of the proposed method builds confidence in communicating entities. Formal analysis by automated Proverif tool validates its security. Performance evaluation advocates the superiority of the proposed protocol over the existing methods upholding its strong security and lightweight feature.
A PUF-Based Modeling-Attack Resilient Authentication Protocol for IoT Devices
IEEE Internet of Things Journal, 2021
Physical Unclonable Functions (PUFs) offer a promising solution for authentication of IoT devices as they provide unique fingerprints for the underlying devices through their challenge-response pairs. However, PUFs have been shown to be vulnerable to modeling attacks. In this paper, we propose a novel protocol to thwart such vulnerability by limiting the adversary’s ability to intercept the whole challenge bits exchanged with IoT nodes. We split the challenge bits over multiple messages and engage one or multiple helper nodes in the dissemination process. We further study the implications of various parts of the challenge patterns on the modeling attack and propose extensions of our protocol that exploit bits scrambling and padding to ameliorate the attack resiliency. The experimental results extracted from a 16-bit and a 64-bit arbiter-PUF implemented on FPGA demonstrate the effectiveness of the proposed methods in boosting the robustness of IoT authentication.
A Survey on Response Computation Authentication Techniques
As we know the problems regarding data and system security are challenging and taking attraction of researchers. Although there are many techniques available which offers protection to systems there is no single Method which can provide full protection. As we know to provide security to system authentication in login system is main issue for developers. Response Computable Authentication is two way methods which are used by number of authentication system where an authentication system independently calculates the expected user response and authenticates a user if the actual user response matches the expected value. But such authentication system have been scare by malicious developer who can bypass normal authentication by covering logic in source code or using weak cryptography. This paper mainly focuses on RCA system to make sure that authentication system will not be influenced by backdoors. In this paper our main goal is to take review of different methods, approaches and techniques used for Response Computation Authentication.
PUF Based Authentication Protocol for IoT
Symmetry
Key agreement between two constrained Internet of Things (IoT) devices that have not met each other is an essential feature to provide in order to establish trust among its users. Physical Unclonable Functions (PUFs) on a device represent a low cost primitive exploiting the unique random patterns in the device and have been already applied in a multitude of applications for secure key generation and key agreement in order to avoid an attacker to take over the identity of a tampered device, whose key material has been extracted. This paper shows that the key agreement scheme of a recently proposed PUF based protocol, presented by Chatterjee et al., for Internet of Things (IoT) is vulnerable for man-in-the-middle, impersonation, and replay attacks in the Yao–Dolev security model. We propose an alternative scheme, which is able to solve these issues and can provide in addition a more efficient key agreement and subsequently a communication phase between two IoT devices connected to the...
SRAM-PUF-Based Entities Authentication Scheme for Resource-Constrained IoT Devices
IEEE Internet of Things Journal, 2021
With the development of the cloud-based Internet of Things (IoT), people and things can request services, access data, or control actuators located thousands of miles away. The entity authentication of the remotely accessed devices is an essential part of the security systems. In this vein, Physical Unclonable Functions (PUFs) are a hot research topic, especially for generating random, stable, and tamper-resistant fingerprints. This paper proposes a lightweight, robust SRAM-PUF based entity authentication scheme to guarantee that the accessed end devices are trustable. The proposed scheme uses Challenge-Response Pairs (CRPs) represented by reordered memory addresses as challenges and the corresponding SRAM cells' startup values as responses. The experimental results show that our scheme can efficiently authenticate resources-constrained IoT devices with a low computation overhead and small memory capacity. Furthermore, we analyze the SRAM-PUF by testing the PUF output under different environmental conditions, including temperature and magnetic field, in addition to exploring the effect of writing different values to the SRAM cells on the stability of their startup values.
Cryptanalysis of two recently proposed PUF based authentication protocols for IoT: PHEMAP and Salted PHEMAP
IACR Cryptol. ePrint Arch., 2019
Internet of Things(IoT) consists of a large number of interconnected coexist heterogeneous entities, including Radio-frequency identification(RFIDs) based devices and other sensors to detect and transfer various information such as temperature, personal health data, brightness, etc. Security, in particular, authentication, is one of the most important parts of information security infrastructure in IoT systems. Given that an IoT system has many resource-constrained devices, a goal could be designing a proper authentication protocol that is lightweight and can resist against various common attacks, targeting such devices. Recently, using Physical Unclonable Functions (PUF) to design lightweight authentication protocols has received a lot of attention among researchers. In this paper, we analyze two recently proposed authentication protocols based on PUF chains called PHEMAP and Salted PHEMAP. We show that these protocols are vulnerable to impersonate, desynchronization and traceabili...
A Dynamically Configurable PUF and Dynamic Matching Authentication Protocol
IEEE Transactions on Emerging Topics in Computing, 2021
A physical unclonable function (PUF) is a hardware security primitive, which can be used secure various hardware-based applications. As a type of PUFs, strong PUFs have a large number of challenge-response pairs (CRPs), which can be used for authentication. At present, most strong PUF structures follow a one-to-one input/output relationship, i.e. linear function. As such, strong PUF designs are vulnerable to machine learning (ML) based modeling attacks. To address the issue, a dynamically configurable PUF structure is proposed in this paper. A mathematical model of the proposed dynamic PUF is presented and the design is proposed against the effective ML based attacks, such as deep neural network (DNN), logistic regression (LR) and reliability-based covariance matrix adaptation evolution strategies (CMA-ES). Experimental results on field programmable gate arrays (FPGAs) show that the proposed dynamic structure has achived good uniqueness and reliability. It is also shown that the dynamic PUF has a strong resistance to the CMA-ES attack. Due to the dynamic nature of the proposed PUF structure, an authentication protocol is also designed to generate recognizable authentication bits string. The protocol shows strong resistance to classical machine learning attacks including the new variant of CMA-ES.
Physically Secure Lightweight Anonymous User Authentication Protocol for Internet of Things using Physically Unclonable Functions
IEEE Access
The Internet of Things (IoT) acts as an umbrella for the Internet-enabled devices for various applications, such as smart home, smart city, smart grid and smart healthcare. The emergence of the immense economic potential necessitates a robust authentication mechanism that needs to be lightweight and suitable for real-time applications. Moreover, the physical integrity of these devices cannot be assumed as these are designed to be deployed in an unattended environment with minimum human supervision. A user authentication mechanism for IoT, in addition to guaranteeing user anonymity and un-traceability functionality requirements, must also be resistant to device physical capture and related misuses. In this paper, we present a novel lightweight anonymous user authentication protocol for IoT environment by utilizing "cryptographic one-way hash function", "Physically Unclonable Function (PUF)" and "bitwise exclusive-OR (XOR)" operations. The broadly accepted Real-Or-Random (ROR) modelbased formal security analysis, formal security verification using the automated software verification tool, namely "Automated Validation of Internet Security Protocols and Applications (AVISPA)" and also nonmathematical (informal) security analysis have been carried out on the proposed scheme. It is shown that the proposed scheme has the ability to resist various well-known attacks that are crucial for securing IoT environment. Through a detailed comparative study, we show that the proposed scheme outperforms other existing related schemes in terms of computation and communication costs, and also security & functionality features. Finally, a practical demonstration of the proposed scheme using the NS3 simulation has been provided for measuring various network performance parameters. INDEX TERMS Internet of Things (IoT), mutual authentication, key agreement, physically unclonable function, security, AVISPA.
Lightweight PUF-Based Authentication
Protocol for IoT Devices
Yildiran Yilmaz, Steve R. Gunn, Basel Halak
Electronics and Computer Science, University of Southampton, United Kingdom
E-mail: {yy6e14, [email protected]}
INTRODUCTION
PROPOSED PROTOCOL
With the rapid growth and adoption of IoT, questions about
security are being asked and rightly so. Some IoT applications deal
with extremely sensitive data, and instructions. Imagine a scenario
where sensors that detect moving objects in an autonomous
vehicle is hijacked and made to send false reports to the breaking
system; or a hijacked insulin pump, the attacker can alter the
dosage of the of the insulin with fatal consequences. How about
personal data from smart homes, and other body sensors, all these
can lead to very disastrous consequences. Providing the
fundamental information security guaranties of Confidentiality,
Integrity and Availability is a major challenge for connected
devices[1]. The main reason for this is the fact that these devices
usually come constrained, they usually have very small ROM and
RAM space, and processing capacity. These constraints make it
impossible for conventional security protocols to be implemented
on these devices, therefore new mechanisms have to be used to
achieve security or modifications made to how the conventional
protocols are implemented.
𝐷𝐷𝐷𝐷 = (𝐼𝐼𝐷𝐷 ′ , 𝑀𝑀𝑀𝑀𝑀𝑀, 𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃)
𝐼𝐼𝐷𝐷, 𝑛𝑛𝑃𝑃𝑛𝑛𝑛𝑛𝑃𝑃𝑑𝑑
Send 𝐼𝐼𝐷𝐷
𝑅𝑅𝑖𝑖 = 𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃 𝑀𝑀𝑖𝑖 , 𝑖𝑖 ← 0, … , 2𝑛𝑛
𝛼𝛼𝑑𝑑 = 𝑅𝑅𝑀𝑀𝑅𝑅𝑅𝑖𝑖 𝑀𝑀𝑀𝑀𝑀𝑀, 𝑛𝑛𝑣𝑣
Send 𝛼𝛼𝑑𝑑
𝑀𝑀𝑖𝑖 , 𝑛𝑛𝑃𝑃𝑛𝑛𝑛𝑛𝑃𝑃𝑣𝑣
𝛼𝛼𝑑𝑑
if 𝐼𝐼𝐷𝐷 = 𝐼𝐼𝐷𝐷′ then
𝑟𝑟𝑣𝑣 ← 0, … , 2𝑛𝑛
𝑀𝑀𝑖𝑖 ← 𝑟𝑟𝑣𝑣 , 𝑖𝑖 ← 0, … , 2𝑛𝑛
else rejected and terminated
𝑅𝑅𝑖𝑖 = 𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃 𝑀𝑀𝑖𝑖 , 𝑖𝑖 ← 0, … , 2𝑛𝑛
𝛼𝛼𝑣𝑣 = 𝑅𝑅𝑀𝑀𝑅𝑅𝑅𝑖𝑖 𝑀𝑀𝑀𝑀𝑀𝑀, 𝑛𝑛𝑑𝑑
Decrypt 𝛼𝛼𝑑𝑑 , check 𝑀𝑀𝑀𝑀𝑀𝑀 𝑎𝑎𝑛𝑛𝑃𝑃 𝑛𝑛𝑣𝑣
𝛼𝛼𝑣𝑣
Decrypt 𝛼𝛼𝑣𝑣 , check 𝑀𝑀𝑀𝑀𝑀𝑀 𝑎𝑎𝑛𝑛𝑃𝑃 𝑛𝑛𝑑𝑑
Send 𝛼𝛼𝑣𝑣
PHYSICALLY UNCLONABLE FUNCTIONS
Several approaches have been taken in order to solve the security
puzzle for constrained devices. Some of the approaches have built
security on top of the Constrained Application (Protocol CoAP)
using DTLS just like in [2]–[4], some have taken completely
different route by using Physically Unclonable Functions(PUF) [5],
[6]. The work proposes a new security protocol based on Physically
Unclonable Functions.
Physical unclonable functions (PUF) are
physical random functions that provide
specific outputs for the physical objects
Response (R2)
Challenge (C)
PUF2
they work in, which are simple to
generate but practically hard to obtain
without accessing the object. Many
PUF3
Response (R3)
PUFs are proposed in the literature,
R1≠R2≠R3
however, not all are electronically
implemented PUFs [7].
There are also many methods (optical, acoustical, compact disk,
radio frequency, magnetic etc.) that have been implemented in
many different ways. Electronic PUFs can be divided into three
classifications: PUFs which exploit analogue electronic structures,
delayed electronic components and memory elements[8]. Most of
the PUFs, which are discussed in this work, utilise memory elements
and the delays in the digital circuits, to generate unique outputs.
They are also called silicon PUFs[8].
Response (R1)
PUF1
AIMS AND OBJECTIVES
The main objective of the proposed PUF model is to carry out the
authentication between the verifier and prover without storing
CRPs in the database. This is achieved by using a neural network
model of the PUF. We masked the relationship between the
challenge and the response by using RC5 algorithm to prevent
adversary from collecting
CRPs. We
implemented this
authentication method on windows platform using TCP connection
in Csharp programming language and on resource constraint
platform, which are contiki OS, Cooja and real resource constraint
device: Zolertia remote, using UDP connection in C programming
language. We have compared DTLS Implementation and proposed
PUF based implementation on resource constraint devices
considering RAM and ROM rrequirement, energy consumption by
transaction, energy consumption in server and client side.
Verifier V
Device D(ID)
DETAILED VIEW: SERVER and CLIENT AUTHENTICATION
IoT device: Zolertia Zoul
Send ID and nonce
POWER CONSUMPTION AND MEMORY MEASUREMENTS
1.800
Percentage
Power (mW)
1.500
1.200
0.900
0.600
0.300
0.000
CPU
PUF based 0.017
DTLS
0.046
UDP
0.014
LPM
0.003
0.013
0.003
TX
0.329
0.332
0.214
RX
0.413
1.275
0.376
Total
0.762
1.667
0.607
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
Send Encrypted data
1. Receive ID and nonce
2. Send Challenge
3. Receive Response
4. Compute Response with the corresponding Challenge
5. Generate encrypted data
6. Decrypt the encrypted data. The verifier checks the authenticity of the
information in the content. The freshness control is simply based on nonce.
Input
Challenge
PRNG
12.52
43.74
PUF
based
11.01
46.84
Response
PUF Model with
Neural Network
Algortihm
1. Receive Challenge and nonce
2. Generate Response with the Challenge and encrypted data
3. Send the encrypted data
Input
Challenge
PRNG
PUF Model with
Neural Network
Algortihm
Response
UDP
9.63
40.26
[1] B. Halak, M. Zwolinski, and M. S. Mispan, ‘Overview of PUF-Based Hardware Security Solutions for the Internet of
Things’, no. October, pp. 16–19, 2016.
[2] S. Raza, H. Shafagh, K. Hewage, R. Hummen, and T. Voigt, ‘Lithe : Lightweight Secure CoAP for the Internet of
Things’, vol. 13, no. 10, pp. 3711–3720, 2013.
[3] A. Capossele, V. Cervo, G. De Cicco, and C. Petrioli, ‘Security as a CoAP resource : an optimized DTLS
implementation for the IoT’, pp. 549–554, 2015.
[4] G. Lessa dos Santos, V. T. Guimaraes, G. da Cunha Rodrigues, L. Z. Granville, and L. M. R. Tarouco, ‘A
DTLS-based security architecture for the Internet of Things’, in 2015 IEEE Symposium on Computers and
Communication (ISCC), 2015, pp. 809–815.
[5] J. R. Wallrabenstein, ‘Practical and Secure IoT Device Authentication using Physical Unclonable
Functions’, 2016.
[6] M. Majzoobi, M. Rostami, F. Koushanfar, D. S. Wallach, and S. Devadas, ‘Slender PUF protocol: A
lightweight, robust, and secure authentication by substring matching’, Proc. - IEEE CS Secur. Priv. Work.
SPW 2012, pp. 33–44, 2012.
[7] F. Armknecht, R. Maes, A. R. Sadeghi, F. X. Standaert, and C. Wachsmann, ‘A formal foundation for the
security features of physical functions’, Proc. - IEEE Symp. Secur. Priv., pp. 397–412, 2011.
[8] W. Liang, B. Liao, J. Long, Y. Jiang, and L. Peng, ‘Study on PUF based secure protection for IC design’,
Microprocess. Microsyst., vol. 0, pp. 1–11, 2015.
.
PUF model
PUF model
DTLS
Rom usage
Ram usage
Send Challenge and nonce
CONCLUSION
In conclusion, the proposed authentication protocol is more cost and
time effective compared to DTLS handshake scheme and basic PUF
authentication, since the system does not fill the database with
millions of challenge-response pairs and the verifier computes the
response via a PUF neural network model instead of a time consuming
search of CRPs in a large database. The proposed authentication
protocol is also resilient to cloning attacks, which is achieved by
breaking the relationship between challenge and responses. We
masked the relationship between the challenge and the response by
using the RC5 algorithm. The RC5 algorithm hides the response. In
this way, we hide real challenge and response pairs to prevent an
adversary from collecting all CRPs and building a model of the PUF.
Author contact details
Email: {yy6e14, [email protected]}
C-IoT Launch Event, 26 June 2018, Southampton
Related papers
Filosofia analitica e diritto amministrativo. Un terreno da esplorare
Analisi e diritto, 2024
Futatrokikelu: Don y autoridad en la relación mapuche-wingka
Atenea (Concepción), 2009
De los conceptos de espacio, territorio y lugar al de posterritorio. Territorialidad expandida en el ecosistema urbano (2021)
Transmídia Storytelling e complexidades narrativas, 2021
Interneuron Diversity series: Fast in, fast out – temporal and spatial signal processing in hippocampal interneurons
Trends in Neurosciences, 2004
Stepwise increase of spinosad production in Saccharopolyspora spinosa by metabolic engineering
Biochemical Engineering Journal, 2013
Availability of acupuncture in the hospitals of a major academic medical center: a pilot study
Complementary Therapies in Medicine, 2003
Magmatic plumbing and dynamic evolution of the 2021 La Palma eruption
Nature Communications
Effects of temperature on the feeding behavior of Alabama argillacea (Hübner) (Lepidoptera: Noctuidae) on Bt and non-Bt cotton plants
Anais da Academia Brasileira de Ciencias
Internamentos Compulsivos: Leis de Saúde Mental na Europa
Psiquiatria, Psicologia & Justiça, 2014
Elevated Numbers of HIV-Specific Poly-Functional CD8+ T Cells With Stem Cell-Like and Follicular Homing Phenotypes in HIV-Exposed Seronegative Individuals
Frontiers in Immunology, 2021
Modelo de artículo académico-profesional para autores: guía de estilo y criterios APA de publicación
2015