Physical Unclonable Function and Hashing Are All You Need to Mutually Authenticate IoT Devices

Internet of Things (IoT) has become the driving force in modern day technology with an increasing and rapid urge to create an intelligent, efficient, and connected world. IoT is used in manufacturing, agriculture, transportation, education, healthcare and many other business environments as well as home automation. Authentication for IoT devices is essential because many of these devices establish communication with servers through public networks. A rigorous lightweight device authentication scheme is needed to secure its physical hardware from cloning or side-channel attacks and accommodate the limited storage and computational power of IoT devices in an efficient manner. In this paper, we introduce a lightweight mutual two-factor authentication mechanism where an IoT device and the server authenticate each other. The proposed mechanism exploits Physical Unclonable Functions (PUFs) and a hashing algorithm with the purpose of achieving a secure authentication and session key agreement between the IoT device and the server. We conduct a type of formal analysis to validate the protocol’s security. We also validate that the proposed authentication mechanism is secure against different types of attack scenarios and highly efficient in terms of memory storage, server capacity, and energy consumption with its low complexity cost and low communication overhead. In this sense, the proposed authentication mechanism is very appealing and suitable for resource-constrained and security-critical environments.

[1]  K. Shadan,et al.  Available online: , 2012 .

[2]  Aurélien Francillon,et al.  A Large-Scale Analysis of the Security of Embedded Firmwares , 2014, USENIX Security Symposium.

[3]  Chung-Wen Hung,et al.  Power Consumption and Calculation Requirement Analysis of AES for WSN IoT , 2018, Sensors.

[4]  Pyung-Soo Kim IoT-Specific IPv6 Stateless Address Autoconfiguration with Modified EUI-64 , 2015 .

[5]  Biplab Sikdar,et al.  Mutual Authentication in IoT Systems Using Physical Unclonable Functions , 2017, IEEE Internet of Things Journal.

[6]  Taking Positioning Indoors Wi-fi Localization and Gnss , 2022 .

[7]  R. Pappu,et al.  Physical One-Way Functions , 2002, Science.

[8]  B. B. Gupta,et al.  A Mutual Authentication Protocol for IoT Devices Using Elliptic Curve Cryptography , 2018, 2018 8th International Conference on Cloud Computing, Data Science & Engineering (Confluence).

[9]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[10]  Pedro Figueiredo Silva,et al.  Wireless Positioning in IoT: A Look at Current and Future Trends , 2018, Sensors.

[11]  Armin Babaei,et al.  Physical Unclonable Functions in the Internet of Things: State of the Art and Open Challenges , 2019, Sensors.

[12]  Sheila Frankel,et al.  Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec , 2007, RFC.

[13]  Samiran Chattopadhyay,et al.  Physically Secure Lightweight Anonymous User Authentication Protocol for Internet of Things Using Physically Unclonable Functions , 2019, IEEE Access.

[14]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[15]  Adesh Kumari,et al.  A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers , 2017, The Journal of Supercomputing.

[16]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[17]  David M'Raïhi,et al.  TOTP: Time-Based One-Time Password Algorithm , 2011 .

[18]  Biplab Sikdar,et al.  Lightweight and Privacy-Preserving Two-Factor Authentication Scheme for IoT Devices , 2019, IEEE Internet of Things Journal.

[19]  Toa Bi Irie Guy-Cedric,et al.  A Comparative Study on AES 128 BIT AND AES 256 BIT , 2018, International Journal of Scientific Research in Computer Science and Engineering.

[20]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[21]  Sead Muftic,et al.  Location-Based Authentication and Authorization Using Smart Phones , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[22]  Srinivas Devadas,et al.  Physical Unclonable Functions and Applications: A Tutorial , 2014, Proceedings of the IEEE.

[23]  Bodo Möller,et al.  Network Working Group Elliptic Curve Cryptography (ecc) Cipher Suites for Transport Layer Security (tls) , 2006 .

[24]  Ingrid Verbauwhede,et al.  Low-Overhead Implementation of a Soft Decision Helper Data Algorithm for SRAM PUFs , 2009, CHES.

[25]  Zahoor Ahmed Alizai,et al.  Improved IoT Device Authentication Scheme Using Device Capability and Digital Signatures , 2018, 2018 International Conference on Applied and Engineering Mathematics (ICAEM).

[26]  Srinivas Devadas,et al.  Modeling attacks on physical unclonable functions , 2010, CCS '10.

[27]  Koushik Kar,et al.  A Lightweight Authentication and Key Exchange Protocol for IoT , 2018 .

[28]  Jin-Hee Han,et al.  A lightweight authentication mechanism between IoT devices , 2017, 2017 International Conference on Information and Communication Technology Convergence (ICTC).

[29]  Erwin Hess,et al.  Using Elliptic Curves on RFID Tags , 2008 .

[30]  Xiong Luo,et al.  Physical Unclonable Function Based Authentication Scheme for Smart Devices in Internet of Things , 2018, 2018 IEEE International Conference on Smart Internet of Things (SmartIoT).

[31]  Pete Chown,et al.  Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS) , 2002, RFC.

[32]  G. Schrijen,et al.  Physical Unclonable Functions to the Rescue A New Way to Establish Trust in Silicon , 2018 .

[33]  Jie Ding,et al.  A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function , 2018, Sensors.

[34]  R. C. Hansdah,et al.  Symmetric Key-Based Lightweight Authentication Protocols for RFID Security , 2018, 2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA).

[35]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[36]  Pim Tuyls,et al.  Hardware Intrinsic Security to Protect Value in the Mobile Market , 2014, ISSE.