PUF+IBE: Blending Physically Unclonable Functions with Identity Based Encryption for Authentication and Key Exchange in IoTs

Physically Unclonable Functions (PUFs) promise to be a critical hardware primitive to provide unique identities to billions of connected devices in Internet of Things (IoTs). In traditional authentication protocols a user presents a set of credentials with an accompanying proof such as password or digital certificate. However, IoTs need more evolved methods as these classical techniques suffer from the pressing problems of password dependency and inability to bind access requests to the “things” from which they originate. Additionally, the protocols need to be lightweight and heterogeneous. Although PUFs seem promising to develop such mechanism, it puts forward an open problem of how to develop such mechanism without needing to store the secret challenge-response pair (CRP) explicitly at the verifier end. In this paper, we develop an authentication and key exchange protocol by combining the ideas of Identity based Encryption (IBE), PUFs and Key-ed Hash Function to show that this combination can help to do away with this requirement. The security of the protocol is proved formally under the Session Key Security and the Universal Composability Framework. A prototype of the protocol has been implemented to realize a secured video surveillance camera using a combination of an Intel Edison board, with a Digilent Nexys-4 FPGA board consisting of an Artix-7 FPGA, together serving as the IoT node. We show, though the stand-alone video camera can be subjected to man-in-the-middle attack via IP-spoofing using standard network penetration tools, the camera augmented with the proposed protocol resists such attacks and it suits aptly in an IoT infrastructure making the protocol deployable for the industry.

[1]  R. Pappu,et al.  Physical One-Way Functions , 2002, Science.

[2]  Jorge Guajardo,et al.  Extended abstract: The butterfly PUF protecting IP on every FPGA , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[3]  John Ross Wallrabenstein Practical and Secure IoT Device Authentication Using Physical Unclonable Functions , 2016, 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud).

[4]  G. Edward Suh,et al.  Extracting secret keys from integrated circuits , 2005, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[5]  Jiguo Yu,et al.  Side-channel information leakage of encrypted video stream in video surveillance systems , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[6]  Reza Azarderakhsh,et al.  Efficient Implementation of Bilinear Pairings on ARM Processors , 2012, Selected Areas in Cryptography.

[7]  Srinivas Devadas,et al.  Modeling attacks on physical unclonable functions , 2010, CCS '10.

[8]  Tsuyoshi Takagi,et al.  Efficient Implementation of the Pairing on Mobilephones Using BREW , 2008, IEICE Trans. Inf. Syst..

[9]  Tim Kerins,et al.  An Elliptic Curve Processor Suitable For RFID-Tags , 2006, IACR Cryptol. ePrint Arch..

[10]  Berk Sunar,et al.  Towards Robust Low Cost Authentication for Pervasive Devices , 2008, 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom).

[11]  Debdeep Mukhopadhyay,et al.  PUFs as Promising Tools for Security in Internet of Things , 2016, IEEE Des. Test.

[12]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[13]  Debdeep Mukhopadhyay,et al.  A PUF-Based Secure Communication Protocol for IoT , 2017, IACR Cryptol. ePrint Arch..

[14]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[15]  Ahmad-Reza Sadeghi,et al.  PUFatt: Embedded platform attestation based on novel processor-based PUFs , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[16]  Xiaotie Deng,et al.  TinyPairing: A Fast and Lightweight Pairing-Based Cryptographic Library for Wireless Sensor Networks , 2010, 2010 IEEE Wireless Communication and Networking Conference.

[17]  Moon-Seog Jun,et al.  User authentication protocol for blocking malicious user in Network CCTV environment , 2011, 2011 6th International Conference on Computer Sciences and Convergence Information Technology (ICCIT).

[18]  Jeroen Delvaux,et al.  Secure Lightweight Entity Authentication with Strong PUFs: Mission Impossible II , 2014, IACR Cryptol. ePrint Arch..

[19]  Vipul Gupta,et al.  Sizzle: a standards-based end-to-end security architecture for the embedded Internet , 2005, Third IEEE International Conference on Pervasive Computing and Communications.

[20]  Srinivas Devadas,et al.  Lightweight and Secure PUF Key Storage Using Limits of Machine Learning , 2011, CHES.

[21]  Ahmad-Reza Sadeghi,et al.  Recyclable PUFs: logically reconfigurable PUFs , 2011, Journal of Cryptographic Engineering.

[22]  Chip-Hong Chang,et al.  A new event-driven Dynamic Vision Sensor based Physical Unclonable Function for camera authentication in reactive monitoring system , 2016, 2016 IEEE Asian Hardware-Oriented Security and Trust (AsianHOST).

[23]  Ahmad-Reza Sadeghi,et al.  SEDA: Scalable Embedded Device Attestation , 2015, CCS.

[24]  Srinivas Devadas,et al.  Controlled physical random functions , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[25]  Ulrich Rührmair,et al.  SIMPL Systems as a Keyless Cryptographic and Security Primitive , 2012, Cryptography and Security.

[26]  Kyoung-Don Kang,et al.  Cost-Effective Security Support in Real-Time Video Surveillance , 2015, IEEE Transactions on Industrial Informatics.

[27]  Dawu Gu,et al.  Efficient Fuzzy Extraction of PUF-Induced Secrets: Theory and Applications , 2016, CHES.

[28]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[29]  Srinivas Devadas,et al.  Slender PUF Protocol: A Lightweight, Robust, and Secure Authentication by Substring Matching , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[30]  Stefan Katzenbeisser,et al.  Converse PUF-Based Authentication , 2012, TRUST.

[31]  Stefan Katzenbeisser,et al.  Boot Attestation: Secure Remote Reporting with Off-The-Shelf IoT Sensors , 2017, ESORICS.

[32]  Andrei Costin,et al.  Security of CCTV and Video Surveillance Systems: Threats, Vulnerabilities, Attacks, and Mitigations , 2016, TrustED@CCS.

[33]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[34]  Jorge Guajardo,et al.  Physical Unclonable Functions, FPGAs and Public-Key Crypto for IP Protection. , 2007 .

[35]  Keshab K. Parhi,et al.  Reliable PUF-Based Local Authentication With Self-Correction , 2017, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[36]  Farinaz Koushanfar,et al.  Time-Bounded Authentication of FPGAs , 2011, IEEE Transactions on Information Forensics and Security.

[37]  Biplab Sikdar,et al.  Mutual Authentication in IoT Systems Using Physical Unclonable Functions , 2017, IEEE Internet of Things Journal.

[38]  Masaaki Shirase,et al.  Efficient Implementation of Pairing-Based Cryptography on a Sensor Node , 2009, IEICE Trans. Inf. Syst..

[39]  Jean-Pierre Seifert,et al.  Cloning Physically Unclonable Functions , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[40]  James F. Plusquellic,et al.  A Privacy-Preserving, Mutual PUF-Based Authentication Protocol , 2017, Cryptogr..

[41]  Ulrich Rührmair,et al.  Physical Unclonable Functions in Cryptographic Protocols: Security Proofs and Impossibility Results , 2012, IACR Cryptol. ePrint Arch..

[42]  Michael Naehrig,et al.  Affine Pairings on ARM , 2012, Pairing.

[43]  Ingrid Verbauwhede,et al.  Elliptic-Curve-Based Security Processor for RFID , 2008, IEEE Transactions on Computers.

[44]  Ingrid Verbauwhede,et al.  Low-Cost Elliptic Curve Cryptography for Wireless Sensor Networks , 2006, ESAS.

[45]  Ahmad-Reza Sadeghi,et al.  Security and privacy challenges in industrial Internet of Things , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[46]  Debdeep Mukhopadhyay,et al.  Theory and Application of Delay Constraints in Arbiter PUF , 2016, TECS.

[47]  Miodrag Potkonjak,et al.  Lightweight secure PUFs , 2008, 2008 IEEE/ACM International Conference on Computer-Aided Design.

[48]  Antonino Mazzeo,et al.  Authenticating IoT Devices with Physically Unclonable Functions Models , 2015, 2015 10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC).