Hanguang Luo,Tao Zou,Chunming Wu,Dan Li,Shunbin Li,Chu

DOI: https://doi.org/10.32604/cmc.2022.027118

2022-01-01

Abstract:In the emerging Industrial Internet of Things (IIoT), authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them. The security protocol designed for resource-constrained systems should not only be secure but also efficient in terms of usage of energy, storage, and processing. Although recently many lightweight schemes have been proposed, to the best of our knowledge, they are unable to address the problem of privacy preservation with the resistance of Denial of Service (DoS) attacks in a practical way. In this paper, we propose a lightweight authentication protocol based on the Physically Unclonable Function (PUF) to overcome the limitations of existing schemes. The protocol provides an ingenious authentication and synchronization mechanism to solve the contradictions amount forward secrecy, DoS attacks, and resource-constrained. The performance analysis and comparison show that the proposed scheme can better improve the authentication security and efficiency for resource-constrained systems in IIoT.

Chandranshu Gupta,Gaurav Varshney

2023-11-07

Abstract:The Internet of Things (IoT) has improved people's lives by seamlessly integrating into many facets of modern life and facilitating information sharing across platforms. Device Authentication and Key exchange are major challenges for the IoT. High computational resource requirements for cryptographic primitives and message transmission during Authentication make the existing methods like PKI and IBE not suitable for these resource constrained devices. PUF appears to offer a practical and economical security mechanism in place of typically sophisticated cryptosystems like PKI and IBE. PUF provides an unclonable and tamper sensitive unique signature based on the PUF chip by using manufacturing process variability. Therefore, in this study, we use lightweight bitwise XOR, hash function, and PUF to Authenticate IoT devices. Despite several studies employing the PUF to authenticate communication between IoT devices, to the authors' knowledge, existing solutions require intermediary gateway and internet capabilities by the IoT device to directly interact with a Server for Authentication and hence, are not scalable when the IoT device works on different technologies like BLE, Zigbee, etc. To address the aforementioned issue, we present a system in which the IoT device does not require a continuous active internet connection to communicate with the server in order to Authenticate itself. The results of a thorough security study are validated against adversarial attacks and PUF modeling attacks. For formal security validation, the AVISPA verification tool is also used. Performance study recommends this protocol's lightweight characteristics. The proposed protocol's acceptability and defenses against adversarial assaults are supported by a prototype developed with ESP32.

Cryptography and Security

Yansong Gao,Gefei Li,Hua Ma,Said F. Al-Sarawi,Omid Kavehei,Derek Abbott,Damith C. Ranasinghe

DOI: https://doi.org/10.1109/PERCOMW.2016.7457162

2016-01-01

Abstract:Low cost pervasive devices such as RFID (radio-frequency identification) tags and sensor nodes are increasingly becoming part of the fabric of life. Using these pervasive devices to store and collect data securely is becoming a challenge because stringent requirements on power and area constrain the implementation of standard cryptographic mechanisms. In this paper, we propose a secure and lightweight authentication protocol for resource scarce pervasive devices built upon a physical unclonable function (PUF) primitive termed Obfuscated PUF (OB-PUF) and a variant of a parameter-based authentication protocol. This protocol sends obfuscated challenges to an OB-PUF where the subsequent recovery of the obfuscated challenges by a server (verifier) is guaranteed. In particular, our approach exploits server (verifer) aided computations to reduce the hardware complexity on the pervasive device while still maintaining a high level of security and taking advantage of the known vulnerability of PUFs to model building attacks. Most importantly, the unclonability of the OB-PUF is preserved and, consequently, OB-PUF based pervasive devices are resilient to cloning. We also show through statistical analysis and model building attacks the infeasibility of constructing a model of our proposed OB-PUF by an adversary.

Yao Wang,Xue Mei,Zhengtai Chang,Wenbing Fan,Benqing Guo,Zhi Quan,Deepak Kumar Jain

DOI: https://doi.org/10.1109/jiot.2023.3314058

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Simple authentication protocols based on conventional physical unclonable functions (PUF) are vulnerable to modeling attacks and other security threats. This paper proposes an arbiter PUF based on a linear feedback shift register (LFSR-APUF). Different from the previously reported linear feedback shift register for challenge extension, the proposed scheme feeds the external random challenges into the LFSR module to obfuscate the linear mapping relationship between the challenge and response. It can prevent attackers from obtaining valid challenge-response pairs (CRPs), increasing its resistance to modeling attacks significantly. A 64-stage LFSR-APUF has been implemented on a field programmable gate array (FPGA) board. The experimental results reveal that the proposed design can effectively resist various modeling attacks such as logistic regression (LR), evolutionary strategy (ES), Artificial Neuro Network (ANN), and support vector machine (SVM) with a prediction rate of 51.79% and a slight effect on the randomness, reliability, and uniqueness. Further, a lightweight authentication protocol is established based on the proposed LFSR-APUF. The protocol incorporates a low-overhead, ultra-lightweight, novel private bit conversion Cover function that is uniquely bound to each device in the authentication network. The proposed authentication protocol not only resists spoofing attacks, physical attacks, and modeling attacks effectively, but also ensures the security of the entire authentication network by transferring important information in encrypted form from the server to the database even when the attacker completely controls the server.

computer science, information systems,telecommunications,engineering, electrical & electronic

Sensen Li,Yicai Huang,Bin Yu

DOI: https://doi.org/10.1016/j.comnet.2024.110426

IF: 5.493

2024-05-09

Computer Networks

Abstract:With the explosive development of the Internet of Things (IoT), its security has become a critical concern. As a lightweight hardware primitive, Physical Unclonable Function (PUF) provides a promising solution for IoT security. Nevertheless, as per the knowledge of the authors, most of the existing PUF-based anonymous authentication protocols for IoT are not suitable for end-to-end IoT applications due to their flexibility or security. Specifically, there are two main issues with existing related protocols: (1) the end-to-end anonymous authentication between IoT devices requires the participation of a trusted third party, which seriously affects the flexibility of interaction; (2) most related protocols provide weak anonymity, that is, they are anonymous against only eavesdroppers. To solve these problems, a new PUF-based end-to-end anonymous authentication protocol is proposed. Without needing the real-time participation of the third party, the proposed protocol realizes end-to-end direct mutual authentication and session key agreement while maintaining strong anonymity. It also provides an online dynamic updating mechanism for security parameters. The security analysis shows that the proposed protocol has perfect forward secrecy while resisting various known attacks including physical attacks and modeling attacks. Meanwhile, it outperforms related protocols in terms of protocol rounds and communication costs.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Yansong Gao,Said F. Al-Sarawi,Derek Abbott,Ahmad-Reza Sadeghi,Damith C. Ranasinghe

DOI: https://doi.org/10.48550/arXiv.1706.06232

2017-06-20

Abstract:Physical unclonable functions (PUFs), as hardware security primitives, exploit manufacturing randomness to extract hardware instance-specific secrets. One of most popular structures is time-delay based Arbiter PUF attributing to large number of challenge response pairs (CRPs) yielded and its compact realization. However, modeling building attacks threaten most variants of APUFs that are usually employed for strong PUF-oriented application---lightweight authentication---without reliance on the securely stored digital secrets based standard cryptographic protocols. In this paper, we investigate a reconfigurable latent obfuscation technique endowed PUF construction, coined as OB-PUF, to maintain the security of elementary PUF CRPs enabled authentication where a CRP is never used more than once. The obfuscation---determined by said random patterns---conceals and distorts the relationship between challenge-response pairs capable of thwarting a model building adversary needing to know the exact relationship between challenges and responses. A bit further, the obfuscation is hidden and reconfigured on demand, in other words, the patterns are not only invisible but also act as one-time pads that are only employed once per authentication around and then discarded. As a consequence, the OB-PUF demonstrates significant resistance to the recent revealed powerful Evaluation Strategy (ES) based modeling attacks where the direct relationship between challenge and response is even not a must. The OB-PUF's uniqueness and reliability metrics are also systematically studied followed by formal authentication capability evaluations.

Cryptography and Security

Jeroen Delvaux,Dawu Gu,Dries Schellekens,Ingrid Verbauwhede

DOI: https://doi.org/10.1007/978-3-662-44709-3_25

2014-01-01

Abstract:Physically unclonable functions PUFs exploit the unavoidable manufacturing variations of an integrated circuit IC. Their input-output behavior serves as a unique IC 'fingerprint'. Therefore, they have been envisioned as an IC authentication mechanism, in particular for the subclass of so-called strong PUFs. The protocol proposals are typically accompanied with two PUF promises: lightweight and an increased resistance against physical attacks. In this work, we review eight prominent proposals in chronological order: from the original strong PUF proposal to the more complicated converse and slender PUF proposals. The novelty of our work is threefold. First, we employ a unified notation and framework for ease of understanding. Second, we initiate direct comparison between protocols, which has been neglected in each of the proposals. Third, we reveal numerous security and practicality issues. To such an extent, that we cannot support the use of any proposal in its current form. All proposals aim to compensate the lack of cryptographic properties of the strong PUF. However, proper compensation seems to oppose the lightweight objective.

Lu Fan,Zhao Huang,Junjun Wang,Lirong Zhou,Yi'an Zhu,Quan Wang

DOI: https://doi.org/10.1109/NaNA60121.2023.00117

2023-01-01

Abstract:Strong physical unclonable function (PUF) is a low-cost hardware security primitive to protect Internet-of-Things (IoT) devices. However, it may be attacked by machine learning (ML). Various PUF models designed in complex structures, such as nonlinearity or challenge-response pair (CRP) obfuscation, have been presented to combat these risks. However, these methods mainly increase area overhead, and the prediction rate is still very high. Therefore, this paper proposes a structure obfuscated PUF named SO-PUF. Our proposal derives from the configurable ring oscillator (CRO) PUF. The CRO can be transformed into two different structures depending on the challenges by randomly deleting one of the two NOT gates in each stage. Thus, half of the CRPs generated by SO-PUF are invalid, which will confuse the attackers. We have implemented and verified the performance of SO-PUF on the Xilinx-6XC6SLX25 microboard. Experimental results show that compared with the dual-mode PUF, the SO-PUF improves uniqueness by 0.71 %, temperature reliability by 38.4 %, and voltage reliability by 1.92 %. In addition, the SO-PUF also reduces the prediction rates of LR, SVM, and ANN modeling attacks by 0.26 %, 0.38 %, and 5.62 %, respectively. The results prove that SO-PUF has better resistance to ML attacks than dual-mode PUF.

WANG Zhenyu,GUO Yang,LI Shaoqing,HOU Shen,DENG Ding

DOI: https://doi.org/10.11959/j.issn.1000-436x.2022125

2022-01-01

Abstract:Aiming at the problem that complex security primitives in existing schemes were not suitable for resource-constrained IoT devices, a lightweight efficient anonymous identity authentication protocol for IoT devices was designed based on physical unclonable function (PUF).Through the formal security model and ProVerif tool, it was proved that the protocol satisfies 13 security properties such as information confidentiality, integrity, un-traceability, and forward/backward secrecy.Compared with existing relevant protocols, the computing overhead of the protocol on the device side and the server side is 0.468 ms and 0.072 ms respectively, and the device storage and communication overheads are 256 bit and 896 bit respectively, which is highly suitable for lightweight IoT devices with limited resources.

Jeroen Delvaux,Roel Peeters,Dawu Gu,Ingrid Verbauwhede

DOI: https://doi.org/10.1145/2818186

IF: 16.6

2015-01-01

ACM Computing Surveys

Abstract:Physically unclonable functions (PUFs) exploit the unavoidable manufacturing variations of an Integrated Circuit (IC). Their input-output behavior serves as a unique IC “fingerprint.” Therefore, they have been envisioned as an IC authentication mechanism, in particular the subclass of so-called strong PUFs. The protocol proposals are typically accompanied with two PUF promises: lightweight and an increased resistance against physical attacks. In this work, we review 19 proposals in chronological order: from the original strong PUF proposal (2001) to the more complicated noise bifurcation and system of PUF proposals (2014). The assessment is aided by a unified notation and a transparent framework of PUF protocol requirements.

Mateusz Korona,Radosław Giermakowski,Mateusz Biernacki,Mariusz Rawski

DOI: https://doi.org/10.3390/electronics13020351

IF: 2.9

2024-01-15

Electronics

Abstract:Physical Unclonable Functions are security primitives that exploit the variation in integrated circuits' manufacturing process, and, as a result, each instance processes applied stimuli differently. This feature can be used to provide a unique fingerprint of the electronic device, or as an interesting alternative to classic key storage methods. Due to their nature, they are often considered an element of the Internet of Things nodes. However, their application heavily depends on resource consumption. Lightweight architectures are proposed in the literature but are technology-dependent or still introduce significant hardware overhead. This paper presents a lightweight, Strong PUF based on ring oscillator architecture, which offers small hardware overhead and sufficient security levels for resource-constrained Internet of Things devices. The PUF design utilizes a Linear Feedback Shift Register-based scramble module to generate many challenge–response pairs from a small number of ring oscillators and a control module to manage the response generation process. The proposed PUF can be used as a Weak PUF for key generation or a Strong PUF for device authentication.

engineering, electrical & electronic,computer science, information systems,physics, applied

Baokui Zhu,Xiaowen Jiang,Kai Huang,Miao Yu

DOI: https://doi.org/10.3390/s24010093

IF: 3.9

2024-01-01

Sensors

Abstract:Physical Unclonable Functions (PUFs) are significant in building lightweight Internet of Things (IoT) authentication protocols. However, PUFs are susceptible to attacks such as Machine-Learning(ML) modeling and statistical attacks. Researchers have conducted extensive research on the security of PUFs; however, existing PUFs do not always possess good statistical characteristics and few of them can achieve a balance between security and reliability. This article proposes a strong response-feedback PUF based on the Linear Feedback Shift Register (LFSR) and the Arbiter PUF (APUF). This structure not only resists existing ML modeling attacks but also exhibits good Strict Avalanche Criterion (SAC) and Generalized Strict Avalanche Criterion (GSAC). Additionally, we introduce a Two-Level Reliability Improvement (TLRI) method that achieves 95% reliability with less than 35% of the voting times and single-response generation cycles compared to the traditional pure majority voting method.

W Liang,S Xie,X Li,J Long,Y Xie,KC Li

DOI: https://doi.org/10.1007/978-981-10-7398-4_36

2017-01-01

Abstract:The widespread use of radio frequency identification (RFID) in IoTs makes authentication of RFID systems be widely concerned. In existing encryption schemes (e.g., Hash function) in electronic products, secure chip is hard to be used in high performance RFID system due to high computation complexity and cost. In this work, we consider problems in these performances and propose a PUF-GIMAP protocol by combining GIMAP protocol and physically unclonable functions (PUFs). The response of PUF is added into protocol. The mutual authentication between label and reader is realized by transmitting information such as secret key and dynamical pseudonym, which greatly ensures data security in transmission. After authentication, the reserved data is updated in time. The protocol analysis shows that the proposed scheme has the advantages of high security and high reliability.

Liying Yu,Wen Wu,Lin Mei

DOI: https://doi.org/10.1109/jiot.2024.3492532

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:With constrained resources, the industrial Internet of things (IIoT) craves for lightweight and robust access authentication protocols to secure the network. Existing physical unclonable functions (PUFs) based cryptographic protocols face privacy threats from wireless environments and semitrusted participants, while physical layer authentication (PLA) is costly as a complementary protocol to upper layer. Therefore, in this paper we propose a cross-layer mutual authentication with key agreement protocol based on PUFs for IIoT. The proposed protocol integrates PUFs’ challenge-response pairs (CRPs) into low-complexity cryptographic primitives and signal phases of subcarriers, employs a newly designed authentication decision methodology, and achieves excellent authentication performance while reducing protocol redundancy. Our protocol also provides device anonymity, dynamic updates, and storage-free CRPs to defend against potential insider threats. The security of the proposed protocol has been formally and informally verified. The performance analysis results show that our protocol provides better security and privacy performance with low computation and communication cost. The simulation results show the protocol can obtain great authentication performance in the indoor factory (InF) wireless scenario of the 3GPP TR 38.901 standard.

Mahmood Azhar Qureshi,Arslan Munir

DOI: https://doi.org/10.48550/arXiv.2007.09588

2020-07-19

Abstract:Physically unclonable functions (PUFs) can be employed for device identification, authentication, secret key storage, and other security tasks. However, PUFs are susceptible to modeling attacks if a number of PUFs' challenge-response pairs (CRPs) are exposed to the adversary. Furthermore, many of the embedded devices requiring authentication have stringent resource constraints and thus require a lightweight authentication mechanism. We propose PUF-RLA, a PUF-based lightweight, highly reliable authentication scheme employing binary string shuffling. The proposed scheme enhances the reliability of PUF as well as alleviates the resource constraints by employing error correction in the server instead of the device without compromising the security. The proposed PUF-RLA is robust against brute force, replay, and modeling attacks. In PUF-RLA, we introduce an inexpensive yet secure stream authentication scheme inside the device which authenticates the server before the underlying PUF can be invoked. This prevents an adversary from brute forcing the device's PUF to acquire CRPs essentially locking out the device from unauthorized model generation. Additionally, we also introduce a lightweight CRP obfuscation mechanism involving XOR and shuffle operations. Results and security analysis verify that the PUF-RLA is secure against brute force, replay, and modeling attacks, and provides ~99% reliable authentication. In addition, PUF-RLA provides a reduction of 63% and 74% for look-up tables (LUTs) and register count, respectively, in FPGA compared to a recently proposed approach while providing additional authentication advantages.

Cryptography and Security

Da-Zhi Sun,Yi-Na Gao,Yangguang Tian

DOI: https://doi.org/10.3390/s23146559

IF: 3.9

2023-01-01

Sensors

Abstract:Recently, Roy et al. proposed a physically unclonable function (PUF)-based authentication and key exchange protocol for Internet of Things (IoT) devices. The PUF protocol is efficient, because it integrates both the Node-to-Node (N2N) authentication and the Node-to-Server (N2S) authentication into a standalone protocol. In this paper, we therefore examine the security of the PUF protocol under the assumption of an insider attack. Our cryptanalysis findings are the following. (1) A legitimate but malicious IoT node can monitor the secure communication among the server and any other IoT nodes in both N2N authentication and N2S authentication. (2) A legitimate but malicious IoT node is able to impersonate a target IoT node to cheat the server and any other IoT nodes in N2N authentication and the server in N2S authentication, respectively. (3) A legitimate but malicious IoT node can masquerade as the server to cheat any other target IoT nodes in both N2N authentication and N2S authentication. To the best of our knowledge, our work gives the first non-trivial concrete security analysis for the PUF protocol. In addition, we employ the automatic verification tool of security protocols, i.e., Scyther, to confirm the weaknesses found in the PUF protocol. We finally consider how to prevent weaknesses in the PUF protocol.

Shuai Chen,Bing Li,Ziheng Chen,Yan Zhang,Caicai Wang,Cheng Tao

DOI: https://doi.org/10.1109/jiot.2021.3065836

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Physical unclonable function (PUF) has emerged as an attractive hardware primitive for lightweight authentication in the Internet of Things (IoT). However, strong-PUF-based authentication schemes are threatened by powerful machine learning attacks. Therefore, dedicated lightweight protocols are required to preserve the privacy of the embedded strong PUF. In this article, we show that the "availability" and "reliability" features of Shamir's secret sharing (SSS) can be applied to address the security issue. In protocol A, the mappings between challenges and responses are randomly shuffled to resist the machine learning attacks. Leveraging the "availability" feature of SSS, the verification process is unaffected by the randomized challenge–response pairs (CRPs) at the server end. Moreover, the "reliability" feature of SSS provides the error-tolerant characteristic in our protocol, which is suitable for the noisy PUFs. Protocol A also presented a method to securely store the CRPs at the server side. The improved protocol A optimizes protocol A by eliminating the response storage and matching process at the server end. In protocol B, we present a mutual authentication protocol, where no response is exposed to the adversary. Protocol B can be classified as the lightweight protocol because it can avoid the use of cryptographic algorithms and error-correcting codes. We rigorously analyze and prove the security of our protocols with formal security proofs, informal security analysis, and several selected machine learning techniques, including logistic regression (LR), the deep neural network (DNN), approximate attack, AutoGluon-Tabular, and a new brute-force machine learning attack. Furthermore, we present an efficient implementation of our protocols on FPGA. The experimental results sh-w the feasibility and practicability of our protocols under different parameters.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yansong Gao,Damith Chinthana Ranasinghe,Gefei Li,Said F. Al-Sarawi,Omid Kavehei,Derek Abbott

2015-01-01

Abstract:Physical Unclonable Functions (PUFs), as novel lightweight hardware security primitives, provide a higher level security with lower power and area overhead in comparison with traditional cryptographic solutions. However, it has been demonstrated that PUFs are vulnerable to model building attacks, especially those using linear additive functions such as Arbiter PUF (APUF) and k-sum PUF as building units. Nevertheless, both APUFs and k-sum PUFs are highly desirable security primitives, especially for authentication, because they are capable of producing a huge number of challenge response pairs (CRPs) and can be easily integrated into silicon. In this paper, we actually rely on the demonstrated vulnerability of PUFs to model building attacks as well as the relative ease with which this can be achieved to develop a new parameter-based authentication protocol based on obfuscating challenges sent to PUFs and their subsequent recovery. We show, using statistical analysis and model building attacks using published approaches, that constructing a model using machine learning techniques are infeasible when our proposed method is employed. Finally, we also demonstrate that our challenge obfuscation and recovery method can be successfully used for secure key exchange between two parties.

Baiyi Huang,Xiuzhen Cheng,Yuan Cao,Le Zhang

DOI: https://doi.org/10.1109/sec.2018.00059

2018-01-01

Abstract:Fog computing is a new paradigm that extends cloud computing to the network edges. As data processing, communications, and control are performed more closely to the end-user devices in fog computing, chances for the attackers to gain unauthorized accesses to sensitive data have been greatly increased. In this paper, we propose a new resource-efficient physical unclonable function (PUF) based authentication scheme to protect the security and privacy of the confidential information in edge devices. Unlike other PUF based lightweight authentication schemes, our proposed method remarkably increases the machine learning attack time without requiring a server to store a large amount of challenge response pairs (CRPs). Besides, a new strong PUF with feedback loop is employed in our scheme to further resist the machine learning attacks that have demonstrated efficacy in compromising strong PUFs. Our proof-of-concept implementation shows that the proposed scheme is suitable for resource-constrained end-user devices in terms of memory, computation, and security.

Zhuojun Chen,Wenshang Lee,Qinhui Hong,Chongyan Gu,Zhenyu Guan,Lin Ding,Jiliang Zhang

DOI: https://doi.org/10.1109/tcsii.2022.3193002

2022-01-01

Abstract:Physical Unclonable Function (PUF) is a lightweight hardware security primitive and suitable for device authentication in the Internet of Things. However, each strong PUF instance must store at least 106 reliable challenge-response pairs in the center nodes, which brings an excessive storage overhead since centers connect massive remote PUFs. In this brief, an obfuscation-feedback-shift-register (OFSR) PUF is designed, consisting of certain weak PUF cells working with an obfuscation mechanism. Meanwhile, it efficiently reduces the storage overhead and overcomes the collapse response caused by normal linear-feedback-shift-register, providing higher security. Experiments show OFSR PUF has ideal performance on reliability, uniqueness, uniformity, randomness, and good resistance to machine learning attacks.