Abstract:By 2025, the internet of things (IoT) is projected to connect over 75 billion devices globally, fundamentally altering how we interact with our environments in both urban and rural settings. However, IoT device security remains challenging, particularly in the authentication process. Traditional cryptographic methods often struggle with the constraints of IoT devices, such as limited computational power and storage. This paper considers physical unclonable functions (PUFs) as robust security solutions, utilizing their inherent physical uniqueness to authenticate devices securely. However, traditional PUF systems are vulnerable to machine learning (ML) attacks and burdened by large datasets. Our proposed solution introduces a lightweight PUF mechanism, called LPUF-AuthNet, combining tandem neural networks (TNN) with a split learning (SL) paradigm. The proposed approach provides scalability, supports mutual authentication, and enhances security by resisting various types of attacks, paving the way for secure integration into future 6G technologies.

What problem does this paper attempt to address?

The main problems that this paper attempts to solve are the security and resource limitation issues in the authentication process of Internet of Things (IoT) devices. Specifically, due to the limitations of computing power and storage resources, traditional encryption methods are difficult to be effectively implemented on IoT devices. Meanwhile, although the traditional Physical Unclonable Function (PUF) system has unique hardware security, it is vulnerable to machine - learning attacks and requires storing a large amount of data sets, which poses a challenge to resource - constrained IoT devices. To solve these problems, the author proposes a lightweight PUF - based IoT authentication mechanism called LPUF - AuthNet. This mechanism combines the Tandem Neural Network (TNN) and Split Learning (SL), aiming to provide scalability, support two - way authentication and enhance resistance to various attacks. The following are the main contributions of this paper: 1. **Develop new machine - learning models**: These models can simulate the behavior of hardware PUFs in generating Challenge - Response Pairs (CRP) and accurately predict the responses to corresponding challenges. This eliminates the dependence on physical PUFs and the need to store large CRP data sets. 2. **Encoding and decoding mechanisms**: Use the developed ML models to encode challenges into a compact Latent Challenge (LC) form and decode Latent Responses (LR) from legitimate nodes. The TNN consists of two collaborative modules: TNN1 and TNN2. TNN1 runs on the verifier and is responsible for verifying the legality of responses; TNN2 is implemented on legitimate nodes to ensure the authenticity of incoming challenges. This dual - verification mechanism significantly enhances the integrity and robustness of the authentication protocol. 3. **Efficient security**: Experimental analysis shows that the LPUF - AuthNet framework can effectively resist multiple security attacks and can accurately distinguish between real and fake latent - space challenges. In addition, compared with existing literature, this method performs well in terms of communication overhead. 4. **Real - time proof - of - concept**: A real - time proof - of - concept has been developed and its effectiveness has been verified. In summary, LPUF - AuthNet provides a novel and efficient solution to the resource limitations and security problems faced by traditional PUF systems in the IoT environment, paving the way for future 6G technologies. ### Key formulas and symbol explanations - **Challenge - Response Pair (CRP)**: \((C, R)\), where \(C\) is the challenge and \(R\) is the response. - **Latent Challenge (LC)**: \(LC=\text{Encoder}(C)\) - **Latent Response (LR)**: \(LR = \text{Encoder}(R)\) - **Hamming distance**: \(H(C', C'')\), used to compare the differences between two binary strings. ### Security analysis 1. **Forward security (FS)**: A new CRP is generated for each session, ensuring that each CRP is used only once. Even if an attacker obtains a certain challenge or response, it will not affect previously established sessions. 2. **Mutual authentication (MA)**: When node N requests authentication, it receives LC and verifies whether the sender is a verifier through TNN2 and Decoder2; conversely, after receiving LR, the verifier predicts the response and verifies its correctness. 3. **Man - in - the - middle attack (MITM)**: Detect attackers disguised as verifiers or nodes by calculating the Hamming distance. 4. **Replay attack (RA)**: Since a new CRP is generated each time, an attacker cannot reuse old responses. 5. **Device Impersonation attack (DI)**: Without storing the CRP data set, it is difficult for an attacker to forge a PUF. 6. **Machine - learning attack (ML)**: Without storing the CRP data set and generating a new CRP each time, it is difficult for an attacker to create a prediction model. ### Performance evaluation - **ML attack resistance**: Tested by SVM and NN models, the results show that LPUF - AuthNet has higher security when facing ML attacks. - **Latent challenge authentication accuracy**: By testing 104 LCs, the TNN2 component has achieved a 100% real LC detection rate and a 99.99% fake LC detection rate. - **Data transmission overhead**: Compared with other lightweight protocols, LPUF - A

LPUF-AuthNet: A Lightweight PUF-Based IoT Authentication via Tandem Neural Networks and Split Learning